Seven principles for preventing vulnerabilities in PHP programming

Inviting the Uninvited

Author(s):

Many web attacks are the result of programmer error. Sloppy code testing leaves a door open for the uninvited.

Today, attacks on web-based systems hardly target weaknesses in network protocols anymore but rather flaws in applications. Many of the spectacular security breaches in recent years, such as the one on the Sony Play-Station Network, took advantage of programming defects in web applications. The defects are rarely exotic and can be grouped into just a few categories; for example, the Sony hack succeeded with an SQL injection.

Modern operating systems do provide elaborate protective measures against vulnerabilities, such as address space layout randomization, but savvy attackers can circumvent these protections with a few tricks. The only real solution is to develop web applications without security vulnerabilities. Systematically avoiding programming defects is therefore the noble aim of any serious software quality management.

Read full article as PDF:

Price $2.95

Related content

  • Perl: Regression Tests

    With a test suite, you can fix bugs and add new features without ruining the existing codebase.

    more »
  • Perl: Web Regression Test

    Testing complex web applications does not necessarily mean investing in expensive, proprietary tools such as Test Director or Silk Performer. Selenium is for free; it can remotely control any major browser, and it is programmable in Perl.

    more »
  • Debian Testing Looking for Security Staff

    The free Debian Linux distribution is looking for Security staff for its "testing" branch.

    more »
  • Perl: Cucumber

    The Cucumber test framework helps developers and product departments jointly formulate test cases, not as program code, but in plain English. The initially skeptical Perlmeister has acquired a taste for this.

    more »
  • Perl: Test-Driven Development

    Test-driven development with a full-coverage regression test suite as a useful side effect promises code with fewer errors. Mike "Perlmeister" Schilli enters the same path of agility and encounters a really useful new CPAN module.

    more »
comments powered by Disqus

Visit Our Shop

Trial Subscription

Digital Subscription

Subscribe

Direct Download

Read full article as PDF:

Price $2.95

Tag Cloud

Administration Community Desktop Events Hardware Kernel Linux Mobile Programming Red Hat Software Ubuntu Web Development Windows free software

News