¡@
php Programming Glossary: owaspWhere to use mysql_real_escape_string to prevent SQL Injection? http://stackoverflow.com/questions/2312051/where-to-use-mysql-real-escape-string-to-prevent-sql-injection it using mysql_real_escape_string . Note that according to OWASP this function is not secure for escaping dynamic table names.. insertion . I suggest you to have a look at the whole OWASP article on SQL injection and also to browse the rest of the..
Login without HTTPS, how to secure? http://stackoverflow.com/questions/2336678/login-without-https-how-to-secure to protect the password alone is still a violation of OWASP A9 Insufficient Transport Layer Protection because you would..
CSRF (Cross-site request forgery) attack example and prevention in PHP http://stackoverflow.com/questions/2526522/csrf-cross-site-request-forgery-attack-example-and-prevention-in-php him wanting to do this. I have read the explanation on the OWASP website but i don't really understand it Is this an example..
Sanitizing strings to make them URL and filename safe? http://stackoverflow.com/questions/2668854/sanitizing-strings-to-make-them-url-and-filename-safe here http neo22s.com slug Sanitization in general OWASP have a PHP implementation of their Enterprise Security API which..
PHP Form Security With Referer http://stackoverflow.com/questions/2841399/php-form-security-with-referer improve this question Actually yes according to the OWASP CSRF Prevention Cheat Sheet in most cases checking the referer..
Historical security flaws of popular PHP CMS's? http://stackoverflow.com/questions/2951917/historical-security-flaws-of-popular-php-cmss ModX More information On the wikipedia page and on the OWASP project . Bad password storing Description Imagine your database.. Drupal ModX More information You can check wikipedia and OWASP . You also have a lot of XSS vector on ha.ckers page. Mail header.. Drupal Joomla ModX Pars CMS More information Wikipedia and OWASP have really good pages on the subject. Http response splitting..
http://stackoverflow.com/questions/3012315/php-security-best-practices See PHP Security Guide Another Good Security Guide OWASP Top 10 Application Security Risks Web Application Security Best..
What are the risks of PHP sessions? http://stackoverflow.com/questions/3224286/what-are-the-risks-of-php-sessions risks Session hijacking Session fixation Consider using OWASP to do against it. Also have a look at PHP Security Guide share..
http://stackoverflow.com/questions/3517350/session-hijacking-and-php session hijack share improve this question Read OWASP A3 Broken Authentication and Session Management . Also read.. Authentication and Session Management . Also read about OWASP A5 CSRF which is sometimes called session riding . You should.. Enforcing HTTPS only cookies is a good way of addressing OWASP A9 Insufficient Transport Layer Protection . This way of using..
PDO in Codeigniter - Protect vs SQL Injection http://stackoverflow.com/questions/4985672/pdo-in-codeigniter-protect-vs-sql-injection I usually lean on experts such as Chris Shiflett and OWASP for security tips. http shiflett.org blog 2006 jul the owasp..
XSS - Which HTML Tags and Attributes can trigger Javascript Events? http://stackoverflow.com/questions/6976053/xss-which-html-tags-and-attributes-can-trigger-javascript-events a bunch of other URL loading attributes. Line 399 of the OWASP Java HTMLPolicyBuilder is the definition of URL attributes in.. Your protocol whitelist looks very similar to the OWASP sanitizer one. The addition of ftp and sftp looks innocuous..
http://stackoverflow.com/questions/8888003/secure-popup-login-possible also discussed on Security.SE . This goes against this OWASP recommendation The login page and all subsequent authenticated..
|