Seven principles for preventing vulnerabilities in PHP programming
Inviting the Uninvited
Many web attacks are the result of programmer error. Sloppy code testing leaves a door open for the uninvited.
Today, attacks on web-based systems hardly target weaknesses in network protocols anymore but rather flaws in applications. Many of the spectacular security breaches in recent years, such as the one on the Sony Play-Station Network, took advantage of programming defects in web applications. The defects are rarely exotic and can be grouped into just a few categories; for example, the Sony hack succeeded with an SQL injection.
Modern operating systems do provide elaborate protective measures against vulnerabilities, such as address space layout randomization, but savvy attackers can circumvent these protections with a few tricks. The only real solution is to develop web applications without security vulnerabilities. Systematically avoiding programming defects is therefore the noble aim of any serious software quality management.
Read full article as PDF:
Price $2.95
Direct Download
Read full article as PDF:
Price $2.95
Tag Cloud
News
-
SCO Rises from the Swamp
Longtime litigator revives an ancient suit against IBM alleging Linux infringes on Unix copyrights.
-
UberStudent Project Releases UberStudent 3.0
Specialty distro keeps the focus on advanced learning.
-
openSUSE Conference Approaches
The openSUSE Conference will be held July 18-22, 2013, at the Olympic Museum in Thessaloniki, Greece.
-
Drupal.org Hacked
Security breached at home sites of the CMS project.
-
Oracle Takes Action on Java Security
Lead Java developer vows policy changes and more attention to fixing problems.
-
Google and NASA Partner in Quantum Computing Project
Vendor D-Wave scores big with a sale to NASA's Quantum Intelligence Lab.
-
Mageia Project Announces Mageia 3 Linux
Many package updates and Steam integration highlight the latest from the Mandriva-based community Linux.
-
FSF Outs the World Wide Web Consortium over DRM Proposal
Richard Stallman calls for the W3C to remain independent of vendor interests.
-
Debian 7.0 Debuts
The new release supports nine architectures, 73 human languages, and zero non-Free components.
-
Alpha Version of Fedora 19 Released
Fedora developers release the first alpha version of Fedora 19, known as Schrödinger’s Cat, for general testing. The final release is expected in July 2013.