PHP Security Audit HOWTO
 | Name : PHP Security Audit HOWTO File Type : Size : 358 KB |
PHP Security Audit HOWTO Zend/PHP Conference & Expo San Francisco, CA 18 - 21 Oct 2005 Chris Shiflett Brain Bulb chris@brainbulb.com Talk Outline What Is a PHP Security Audit? Setting the Bar Analyzing the Design Analyzing the Configuration Searching the Source More Information Questions and Answers What Is a PHP Security Audit? An audit is an examination. Nothing should be off-limits. A PHP security audit is primarily an examination of the source. Other points of interest are the design and configuration. Setting the Bar How much security do you need? Start with a minimum level. At the very least, a PHP application should filter input and escape output. What Is Input? Some input is obvious - form data ($_GET and $_POST), cookies ($_COOKIE), etc. Some input is hard to identify - $_SERVER Sometimes it depends on your perspective $_SESSION, data from databases, etc. The key is to identify the origin of data. Data that originates anywhere else is input. What Is Filtering? Filtering is an Ebook Relate: security ebook audit ebook input ebook analyzing ebook setting ebook security audit ebook php security ebook analyzing the ebook the bar ebook php security audit ebook security audit setting ebook |
| Server | Status |
| brainbulb.com | Alive |
