开发者

What's the best way to learn about programming security-related topics? (PHP) [closed]

As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, p开发者_如何学运维olling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Closed 10 years ago.

I am currently building a site and all the books I have read on PHP so far are just on functionality and not much on security. Is there a book that deals specifically with making your code/site secure? I don't want to go public and the next day have all my code changed or my database erased by SQL injection.

thanks


The Open Web Application Security Project Top 10 is a good place to start.

And here's a good round up of secure coding practices.


Here's a good place to start: https://stackoverflow.com/questions/72394/what-should-a-developer-know-before-building-a-public-web-site

I find that Sitepoint has excellent articles as well. If you ever want a great article about a specific PHP topic, you can usually find one there. For SQL injection, how about http://www.sitepoint.com/article/1272


Actually, you probably won't have your database erased by sql injection because that requires query stacking. PHP's mysql_query() will only accept 1 query at a time. I suspect you read something about M$-SQL which is a very different beast. You would know this if you have tried to exploit a sql injection vulnerability.

It is absolutely impossible to fully understand secuirty until you have written an exploit. It is impossible to test any patch without attempting to exploit it. It is impossible to prove that anything is secure unless you have tried to break it. Thinking that you know what is secure is far more damaging than someone who knows they don't know.

So how do hackers exploit software? The first thing a hacker is going to do is test the target for vulnerabilities. Make sure you run testing tool like Acunetix's free xss tester or better yet a full test like Wapiti. Make sure your php configuration is locked down with PHPSecInfo. And of coarse familiarize yourself with the OWASP top 10.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜