Is there any system to check that a php script is secure or not?
Is there any system to check that a php script is secure or not开发者_C百科?
Is there any system to check that a php script is secure or not?
First, make sure that you have tried your best to make your application as secure as possible. And yes, you could use the famous Acunetix Web Vulnerability Scanner.
Some of the features include:
- SQL Injection
- Cross site scripting
- Web Security
- Directory Traversal
- Ajax Application Security
- Google Hacking
Recommedation:
I would recommend you to implement very famous HTML Purifier in your projects:
HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications. Tired of using BBCode due to the current landscape of deficient or insecure HTML filters? Have a WYSIWYG editor but never been able to use it? Looking for high-quality, standards-compliant, open-source components for that application you're building? HTML Purifier is for you!
Code review.
You can catch a bunch of things by having complex coding standards and using tools like php Code Sniffer / comparable (e.g. making sure that SQL queries are always parametrised), or using other tools (e.g. what Sarfraz suggested, or writing unit tests with PHPUnit that check your code for vulnerabilities), but there are almost no situations where reviewing your code would be optional. (I can't think of one off-hand, but that's not to say they don't exist.)
精彩评论