News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Rafael Dohms' Blog:
PHP Security Are you paying attention?
October 02, 2009 @ 12:27:18

In a recent post to his blog Rafael Dohms reminds readers to not forget about the security of their applications because it can be "a huge mistake which can take a turn for the worse."

I have ran into lots of excuses for ignoring security in the past, one of them is the recurring "This is just a simple application, it has no sensitive data", this may be a valid point for the person repeating it like a mantra, especially because this person is generally suffering of great pressures , short timeframes and a lack of proper management ready to deal with web development. [...] Whatever the reason is for neglecting security the consequences can escalate much higher then the "non-sensitive data" of the application.

He looks at a specific case where a security issue was found in a large Brazillian mobile company's website that was caused by improper filtering on a $_GET parameter, leaving it open to possible attack. Through it, he could load the information for sensitive system-related files and found more on the machine than just the site he was working with.

0 comments voice your opinion now!
security opinion vulnerability


blog comments powered by Disqus

Similar Posts

Secunis.com: Travelsized CMS index.php Cross-Site Scripting Vulnerabilities

Hardened-PHP Project: Advisory - PHP open_basedir Race Condition Vulnerability

PHP.net: Multiple Releases - PHP 5.4.23, 5.3.28 and 5.5.7

PHP.net: PHP 5.2.3 Released

Test.ical.ly Blog: PHP 5.3 and the Symfony2 UniversalClassLoader - Where to load?


Community Events





Don't see your event here?
Let us know!


series framework opinion laravel update mvc tool community library composer symfony version interview package podcast release introduction language security voicesoftheelephpant

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework