Solved

phpids integration and usage

Posted on 2013-07-01
7
256 Views
Last Modified: 2013-08-04
Hi EE,

Please do let me know steps to integrate phpids and how to verify if its working and monitor the attacks.
0
Comment
Question by:Insoftservice
  • 4
  • 2
7 Comments
 
LVL 55

Assisted Solution

by:Julian Hansen
Julian Hansen earned 300 total points
ID: 39289526
I would start with reading the FAQ
https://phpids.org/faq/
0
 
LVL 15

Author Comment

by:Insoftservice
ID: 39289637
@julianH i tried with but was not completely successful.
Please do let me know whether we have some API which would not only detect attacks but also avoid it.PHPIDS detects all sorts of XSS, SQL Injection, header injection, directory traversal, RFE/LFI, DoS and LDAP attacks. But it does not prevent it.

Is there some api which does both specially sql injection.
0
 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 200 total points
ID: 39289748
I would probably approach this from a different perspective, especially since it's at level 0.7 and since I got the "Untrusted Connection" warning when I tried to visit the phpids link.

Instead of trying to enumerate the threats and attacks, just switch your thinking to the security mantra: Accept Only Known Good Values.  To be sure, there are still attacks that can be mounted against thoughtfully secured web sites, but they are far less likely to succeed if your script tests every external input for "reasonable" values and simply ignores the ones that fail the reasonability tests.

This link (and the whole organization) may be useful.  If you're not a member, join!
https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 15

Author Comment

by:Insoftservice
ID: 39292202
0
 
LVL 15

Author Comment

by:Insoftservice
ID: 39369133
c
0
 
LVL 55

Accepted Solution

by:
Julian Hansen earned 300 total points
ID: 39369276
Is there some api which does both specially sql injection.
Don't look for an API to do this for you - to prevent SQL injection code your page and queries correctly.

Use either mysqli or PDO

A) Put all data to go to database through mysqli_real_escape_string (in the case of mysqli
B) Use prepared statements
0
 
LVL 15

Author Closing Comment

by:Insoftservice
ID: 39380283
Issue had got already resolved, but the suggestion was also up-to the mark to resolve and tackle my questions more easily thx to all
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
PHP Installer 5 37
Eloquent ORM manual paginator defaults to simple 2 31
PHP alternative to file_get_contents('php://input') 4 58
PHP 5.6 and 7.x 4 20
Author Note: Since this E-E article was originally written, years ago, formal testing has come into common use in the world of PHP.  PHPUnit (http://en.wikipedia.org/wiki/PHPUnit) and similar technologies have enjoyed wide adoption, making it possib…
Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to dynamically set the form action using jQuery.

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question