Securing PHP – Approaches to Web Application security
نویسنده
چکیده
The security of the web application bases on the security of the underlying layers, such as OS and application platform layers and the application itself. While the OS layer is beyond control of the PHP project, experience shows that the language is to assist developers in developing more secure code and running it in more secure manner. The majority of the problems in PHP applications is caused by the insecure application code [2], which may allow injecting untrusted data into the output (XSS[13]), database queries and other sensitive commands, running external code in the trusted context (remote include) or disclosing data that the user is not authorized to access. The challenge for the PHP language as a platform is both to provide tools for the developers to avoid such problems and for the site administrators to detect and prevent insecure code from doing harm. The following techniques were employed or researched in PHP, with varying success.
منابع مشابه
Simulation of Built-in PHP Features for Precise Static Code Analysis
The World Wide Web grew rapidly during the last decades and is used by millions of people every day for online shopping, banking, networking, and other activities. Many of these websites are developed with PHP, the most popular scripting language on the Web. However, PHP code is prone to different types of critical security vulnerabilities that can lead to data leakage, server compromise, or at...
متن کاملToward Secure Web Application Design: Comparative Analysis of Major Languages and Framework Choices
We will examine the benefits and drawbacks in the selection of various software development languages and web application frameworks. In particular, we will consider five of the ten threats outlined in the Open Web Application Security Project (OWASP) Top 10 list of the most critical Web application security flaws [12], and examine the role of three popular Web application frameworks (Ruby on R...
متن کاملSwaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications
In recent years, web applications have become tremendously popular, and nowadays they are routinely used in security-critical environments, such as medical, financial, and military systems. As the use of web applications for critical services has increased, the number and sophistication of attacks against these applications have grown as well. Most approaches to the detection of web-based attac...
متن کاملSecurity Model for the Client-Side Web Application Environments
Although best-practice approaches could be effective for securing Web 2.0 applications in the near term, it is time to reconsider the security model of the client-side Web application environment. The current browser security model is designed under an assumption that the content within a server is mutually trustworthy. However, Web 2.0 emphasizes collaboration and interaction of users, which i...
متن کاملCatch Me, If You Can: Evading Network Signatures with Web-based Polymorphic Worms
Polymorphic worms are self-replicating malware that change their representation as they spread throughout networks in order to evade worm detection systems. A number of approaches to detect polymorphicworms have been proposed. These approaches use samples of a polymorphic worm (and of benign traffic as well) to derive a signature that can detect all instances of the worm without producing exces...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007