PHP apps: Security's Low-Hanging Fruit

PHP apps: Security's Low-Hanging Fruit
Kelly Martin, 2007-01-08

PHP has become the most popular application language on the web, but common security mistakes by developers are giving PHP a bad name. Here's how PHP coding errors have become the new low-hanging fruit for attackers, contributing to the phishing problems on the web.

Expand all | Post comment

PHP apps: Security's Low-Hanging Fruit 2007-01-09
ninjah (1 replies)

Re: PHP apps: Security's Low-Hanging Fruit 2007-01-11
rdivilbiss

PHP apps: Security's Low-Hanging Fruit 2007-01-09
Anonymous

PHP apps: Security's Low-Hanging Fruit 2007-01-09
Anonymous (2 replies)

Re: PHP apps: Security's Low-Hanging Fruit 2007-01-10
Anonymous

Re: PHP apps: Security's Low-Hanging Fruit 2007-01-11
Josef Meixner

Don't forget basic file system security 2007-01-09
Void (1 replies)

Re: Don't forget basic file system security 2007-11-03
Catalin Hulea

Well... yes, the script user is supposed to be able to do INSERT, UPDATE, DELETE, how else is he supposed to post comments on a blog, for instance?...

Sorry, maybe I'm missing the point here... Maybe I am supposed to learn something, but how can you insert a comment on a post if you're not able to do INSERT in database? Or how can you edit your user profile on a site that is not able to do UPDATE?...

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/427/34769#34769

PHP apps: Security's Low-Hanging Fruit 2007-01-10
andyT

PHP apps: Security's Low-Hanging Fruit 2007-01-11
Anonymous (2 replies)

Re: PHP apps: Security's Low-Hanging Fruit 2007-01-11
Anonymous

Re: PHP apps: Security's Low-Hanging Fruit 2007-11-03
Catalin Hulea

PHP apps: Security's Low-Hanging Fruit 2007-01-11
Anonymous

PHP apps: Security's Low-Hanging Fruit 2007-01-12
Kevin Waterson

Don't blame PHP, it's the newbies 2007-11-03
Catalin Hulea

PHP apps: Security's Low-Hanging Fruit 2008-02-12
Anonymous