When developing a dynamic website it is essential that possible security issues or flaws are considered. To this end I decided it would be worth while producing a list of resources which I have used to help others understand best practice and potential techniques that are used to exploit bad coding standards.
General PHP Security Issues
For a general overview the following resources provide a good grounding as to security risks and how to prevent them from becoming a porblem.
- http://uk.php.net/manual/en/security.intro.php
- http://developer.yahoo.com/security/
- http://www.devshed.com/c/a/PHP/PHP-Security-Mistakes/
- http://www.sitepoint.com/article/php-security-blunders
Google your Site for Security Issues
It amazed me during my research quite how easy it was to hack peoples sites by using simple Google searches to return results of potentially weak websites. The following links elaborate on this somewhat:
- http://www.oreillynet.com/pub/a/security/2004/10/07/ googling_for_vulnerabilities.html
- http://www.gnucitizen.org/ghdb/application.htm
Cross Site Scripting
A common method used to retrieve information or to deliberately cause harm and well worth understanding. The following link shows the different methods used with examples:
SQL Injection
Again another very common method by which hackers try to breach website security. This is an essential must know before building a website otherwise there is the possibility that you will leave yourself wide open to an attack.
- http://www.unixwiz.net/techtips/sql-injection.html
- http://www.acunetix.com/websitesecurity/sql-injection.htm
As always I would love to hear your comments or if you have any resources that you feel would be beneficial than post the in the comments section below as well.
2 Comments Received
10x, I am glad that GHDB and XSSDB made it into this list.
No problem. Good resource…
Leave A Reply