Seven principles for preventing vulnerabilities in PHP programming
Inviting the Uninvited
Many web attacks are the result of programmer error. Sloppy code testing leaves a door open for the uninvited.
Today, attacks on web-based systems hardly target weaknesses in network protocols anymore but rather flaws in applications. Many of the spectacular security breaches in recent years, such as the one on the Sony Play-Station Network, took advantage of programming defects in web applications. The defects are rarely exotic and can be grouped into just a few categories; for example, the Sony hack succeeded with an SQL injection.
Modern operating systems do provide elaborate protective measures against vulnerabilities, such as address space layout randomization, but savvy attackers can circumvent these protections with a few tricks. The only real solution is to develop web applications without security vulnerabilities. Systematically avoiding programming defects is therefore the noble aim of any serious software quality management.
Read full article as PDF:
Price $2.95
Direct Download
Read full article as PDF:
Price $2.95
Tag Cloud
News
-
An Even Smaller Raspberry Pi
The Raspberry Pi Foundation has announced an even smaller version of the tiny computer that will fit into a DIMM slot.
-
Newly Discovered Android Vulnerability Causes Privilege Escalation
A new class of problems lets a malicious app pre-configure an invisible privilege update.
-
Facebook Rolls Out New PHP-like Programming Language
New Hack language adds static typing and other conveniences.
-
Fedora Announces Innovative Crytography Policy System
New crypto policy system will offer easier configuration and more uniform security.
-
Shuttleworth Calls for Declarative Firmware
Ubuntu founder denounces insecurity in proprietary, close-source software blobs.
-
New TLS Attack Takes the S out of HTTPS
Vulnerability affects many Linux web servers
-
Munich Adopts Kolab
The Bavarian capital shuns Microsoft, Google, and other alternatives to implement an open source groupware solution.
-
Canonical Announces Ubuntu Smartphones
Phone vendor partnerships bring Mark Shuttleworth's dream of Ubuntu on a phone a step closer to reality.
-
Piviti Seeks Funding
Donors will get to vote on new features for the free video editor.
-
Debian Tech Committee Votes for systemd
Debian project puts init out to pasture and says no to Ubuntu's Upstart.