This course will teach participants about installing and configuring Python, syntax, importing, statements, types, strings, booleans, files, lists, tuples, comprehensions, functions, and classes.
PHP security
I need to learn PHP security.
security takes time to learn. start by understanding in detail the request/response cycle. understand why https is important. understand headers and bodies. understand any request cannot be trusted. learn to implement owasp top 10. that's a good start actually.
security takes time to learn. start by understanding in detail the request/response cycle. understand why https is important. understand headers and bodies. understand any request cannot be trusted. learn to implement owasp top 10. that's a good start actually.
Who is Participating?
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
I wear a lot of hats...
"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.
The most efficient way to manage application security risk is to take security into consideration right from the very beginning of the coding process and ensure that security is built in at every phase of the adopted software development lifecycle, so make sure, to educate yourself to deliver a code based on security standard. Keep it Simple and Keep it Clean.
https://www.owasp.org/index.php/Web_Service_Security_Cheat_Sheet
http://code.google.com/p/wasclist/
http://framework.zend.com/
https://www.owasp.org/index.php/Web_Service_Security_Cheat_Sheet
http://code.google.com/p/wasclist/
http://framework.zend.com/
If you really want to secure php code you have to be kind of Utterly Paranoid
Below Some php Security Mistakes programmers make (not all of them but the most common ones) :
Leaving error reporting On ( hackers use this to find out intel about your site structure , DataBase type...)
Trusting User Input (especially with powerful commands like eval() )
Leaving Default Password on Mysql,Default Admin Page path ..
Leaving Installation Files Online
Not Enabling safe_mode on your Server
Below Some php Security Mistakes programmers make (not all of them but the most common ones) :
Leaving error reporting On ( hackers use this to find out intel about your site structure , DataBase type...)
Trusting User Input (especially with powerful commands like eval() )
Leaving Default Password on Mysql,Default Admin Page path ..
Leaving Installation Files Online
Not Enabling safe_mode on your Server
Further to what Fouad Maidine says...
It is not a mistake to leave error reporting on. You really, really want error_reporting() on at all times. What you might not want is the display_errors directive.
Nobody with any experience at all would ever trust user input or allow a user to specify which PHP instructions get executed. All external input is tainted, by definition, and must be filtered.
PHP safe_mode does not exist any more. It was removed years ago, at PHP 5.4. Like Suhosin, safe_mode could cause run-time failures in tested code. It was a hindrance without much, if any, benefit. The real benefits come from following the PHP security guidelines. The PHP community keeps these guidelines up-to-date.
You might also want to join, and become active in OWASP. But please keep in mind that information technology security is a full-time, four year, college major. Learning security is like learning to build a car. It takes a long time and there are always others you can learn from at any point in your career.
It is not a mistake to leave error reporting on. You really, really want error_reporting() on at all times. What you might not want is the display_errors directive.
Nobody with any experience at all would ever trust user input or allow a user to specify which PHP instructions get executed. All external input is tainted, by definition, and must be filtered.
PHP safe_mode does not exist any more. It was removed years ago, at PHP 5.4. Like Suhosin, safe_mode could cause run-time failures in tested code. It was a hindrance without much, if any, benefit. The real benefits come from following the PHP security guidelines. The PHP community keeps these guidelines up-to-date.
You might also want to join, and become active in OWASP. But please keep in mind that information technology security is a full-time, four year, college major. Learning security is like learning to build a car. It takes a long time and there are always others you can learn from at any point in your career.
Exactly Sir @Ray Passeur for the Php Errors , that's what i meant to say , Thank you for enlightening it
Safe mode is For Older Versions of course , Not Everyone is up to date tough ... Some hosting Companies where i live are still using Old Php Versions ... too lazy to update i guess...
Some of the unmentioned Important Security Topics in PHP are XSS injections , CSRF attacks , Character Encoding (Depends on the language and Encoding used tough ... not English ...)
Also session hijacking if it was not mentioned
Please do not that : The people who maintain the PHP language are most of the time not always concerned about backward compatibility ,With newer version of PHP you might find yourself with the rug pulled out from under you .
Safe mode is For Older Versions of course , Not Everyone is up to date tough ... Some hosting Companies where i live are still using Old Php Versions ... too lazy to update i guess...
Some of the unmentioned Important Security Topics in PHP are XSS injections , CSRF attacks , Character Encoding (Depends on the language and Encoding used tough ... not English ...)
Also session hijacking if it was not mentioned
Please do not that : The people who maintain the PHP language are most of the time not always concerned about backward compatibility ,With newer version of PHP you might find yourself with the rug pulled out from under you .
Experts Exchange Solution brought to you by
Your issues matter to us.
Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.
Start your 7-day free trial
The following might provide the appropriate guidance
http://phpsec.org/projects/guide/
http://phpsec.org/projects/guide/
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
PHP
From novice to tech pro — start learning today.
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Identity … 440 lessons
-
Microsoft ApplicationsCertification: MCSE Microsoft Certified Systems Engineer - Securing… 324 lessons
-
Microsoft ApplicationsCertification: MOS Microsoft Office Specialist - PowerPoint 2013… 150 lessons
Experts Exchange Solution brought to you by
Enjoy your complimentary solution view.
Get this solution by purchasing an Individual license!
Start your 7-day free trial.
http://php.net/manual/en/security.php
And you're right, it's a never-ending learning cycle because the threats are always evolving.
Also, you're not the first person to ask about this. If you search E-E for "PHP Security" you will find many learning resources!
http://www.experts-exchange.com/searchResults.jsp?searchType=ALL&searchTerms=PHP+Security&searchSubmit=&asSubmit=true&asIgnored=true&asNoSuggestionNoResults=true