PHP apps: Security's Low-Hanging Fruit

PHP apps: Security's Low-Hanging Fruit
Kelly Martin, 2007-01-08

PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here's how PHP coding errors have become the new low-hanging fruit for attackers, contributing to the phishing problems on the web.

Expand all | Post comment

PHP apps: Security's Low-Hanging Fruit 2007-01-09
ninjah (1 replies)

Re: PHP apps: Security's Low-Hanging Fruit 2007-01-11
rdivilbiss

PHP apps: Security's Low-Hanging Fruit 2007-01-09
Anonymous

Set allow_furl_open=Off to disable remote file inclusions, but local file inclusions, especially of web logs files, will also lead to offensive code execution, as I am sure you are perfectly aware.

The real problem with PHP is its simplicity. Anyone *without any software writing skills whatsoever* can proclaim himself "php developper" as "it works".

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/427/34246#34246

PHP apps: Security's Low-Hanging Fruit 2007-01-09
Anonymous (2 replies)

Re: PHP apps: Security's Low-Hanging Fruit 2007-01-10
Anonymous

Re: PHP apps: Security's Low-Hanging Fruit 2007-01-11
Josef Meixner

Don't forget basic file system security 2007-01-09
Void (1 replies)

Re: Don't forget basic file system security 2007-11-03
Catalin Hulea

PHP apps: Security's Low-Hanging Fruit 2007-01-10
andyT

PHP apps: Security's Low-Hanging Fruit 2007-01-11
Anonymous (2 replies)

Re: PHP apps: Security's Low-Hanging Fruit 2007-01-11
Anonymous

Re: PHP apps: Security's Low-Hanging Fruit 2007-11-03
Catalin Hulea

PHP apps: Security's Low-Hanging Fruit 2007-01-11
Anonymous

PHP apps: Security's Low-Hanging Fruit 2007-01-12
Kevin Waterson

Don't blame PHP, it's the newbies 2007-11-03
Catalin Hulea

PHP apps: Security's Low-Hanging Fruit 2008-02-12
Anonymous