News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Pádraic Brady:
PHP Security Default Vulnerabilities, Security Omissions & Framing Programmer
August 27, 2012 @ 10:05:13

In this new post (and this related article) Pádraic Brady shares some of his opinions about default security languages should provide and the Secure by Design principles.

Odd though it may seem, this principle explains some of PHP's greatest security weaknesses. PHP does not explicitly use Secure By Design as a guiding principle when executing features. I'm sure its in the back of developers' minds just as I'm sure it has influenced many if their design decisions, however there are issues when you consider how PHP has influenced the security practices of PHP programmers. The result of not following Secure By Design is that all applications and libraries written in PHP can inherit a number of security vulnerabilities, hereafter referred to as "By-Default Vulnerabilities".

He focuses on what he sees as a responsibility of those creating the language to either default to a more secure architecture or provide information as to why their choices could cause problems. In the extended version of the post, he talks about some specific issues that the language has including SSL/TLS misconfiguration, openings for XML entity injection attacks and limited native filtering for cross-site scripting.

0 comments voice your opinion now!
security default vulnerabilities responsibility developer securebydesign


blog comments powered by Disqus

Similar Posts

Community News: Ubuntu Updates PHP Packages

Zend Developer Zone: The ZendCon Sessions Episode 3: PayPal: New Solutions for PHP Developers

Job Posting: Comsys (Recruiter) Seeks PHP Developer (Plano, TX)

7php.com: Building Your PHP Geek Cred To Publicly Be An Awesome PHP Developer

Job Posting: World NetMedia Seeks PHP/LAMP Developers (Multiple Locations)


Community Events











Don't see your event here?
Let us know!


podcast introduction hhvm framework opinion application hack install component language package security code facebook symfony2 series release composer unittest overview

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework