ALL >> Computers >> View Article
Top Five Php Vulnerabilities – A Programmer Should Know
For the development of the dynamic websites, PHP is the most preferred language. This server side scripting language, loaded with numerous features and functionalities is quite easy to understand and apply. However, there are certain features that enable a programmer to unknowingly allow security holes to creep into a web application.
In spite of these vulnerabilities, this general purpose programming language can be as secure as other languages, once the basic types of flaws in PHP web applications is well understood. In this article, we have listed some of the worst blunders for you to consider and how it influences the security practices of PHP developers.
Source Code Revelation
It is well known that PHP is a server side framework, so you don’t have any access to view source if you want to see a script’s code. But, in the event of breakdown of Apache’s configuration, people can easily view the name and content of the files.
Thus, when anything goes wrong with Apache, then all the scripts are served on the plain text, and people have access to it, which they aren't suppose to have. ...
... Some of these accessible files may have sensitive information like database credentials. So, it is essential to lock such files away from the publicly accessible directory to avoid the consequences of such vulnerability.
Directory Traversal
Like the previous one, this attack looks for sites that have no security, where it should be. Finding such web sties, it works on the files to be accessed that the developer did not thought to make it publicly available. It's also known as the climbing attack or the backtracking attack.
There are a few ways to avoid this blunder. The first thing you can do is to shortlist the pages, which you want to be returned for such a given request using white-listing. The second option is to transfer the file paths to absolute paths and making sure that they are referencing files in allowed directories.
Session ID Protection
With most of the PHP websites, Session ID hijacking causes a serious problem. For each of the user's session, the PHP session tracking component has a unique ID. But, in case, this ID is known to another person, then he/she can easily hijack the user's session and can easily drive the information which should be confidential.
This type of vulnerability can not be prevented completely, so you should know the risks and ways to mend it. One way to stop this is by storing your session ID in a spot, which is only accessibly by scripts, either on disk or in a database.
SQL Injection
Compared to others, this is the number one on the hit list. In this type of blunder, anyone can enter an SQL fragment as a value in your URL or web form. Then, the person can easily know your table names and access your secret files.
How to avoid this type of danger? The best way is to use PDO Prepared Statements. These statements segregate the data from the instructions. This helps to prevent the data from being treated as anything other than data.
These are just the five issues that you need to be careful during PHP development. Because, if you are not alert and careful, these blunders can allow your PHP application to be transgressed.
Article Source: http://www.hiddenbrains.com/articles/top-five-php-vulnerabilities-a-programmer-should-know.html
Add Comment
Computers Articles
1. 00al556 Ibm 550-watts Platinum Power Supply For X3650 M4: Reliable And Energy-efficient Power For Enterprise ServersAuthor: Server Tech Central
2. Iot Identity And Access Management (iam) Market : Driving Secure Innovation In Connected Ecosystems
Author: Umangp
3. Why Should You Plan Blinkit Onboarding Before Market Expansion And How Can Zane Marketing Help You Grow Faster
Author: Zane Marketing
4. Customer Identity And Access Management (ciam) Market : Strengthening Security And Customer Trust
Author: Umangp
5. How To Start Your Website Redesign Project?
Author: brainbell10
6. Sap Compliance In Manufacturing: Closing The Gaps Grc Leaves Behind
Author: Mansoor Alam
7. Speech Analytics Market : Unlocking Actionable Insights From Customer Conversations
Author: Umangp
8. Data Preparation Tools Market: How Ai And Cloud-based Solutions Are Transforming Modern Data Workflows
Author: Umangp
9. How To Setup And Create Instagram Ads?
Author: brainbell10
10. Why Digital Business Cards Are The Future Of Professional Networking
Author: WhyTap
11. End To End Sataware Product Development Is The Process Of Identifying Market Opportunities To Hire Flutter Developer, Connecting User Needs And Requir
Author: brainbell10
12. Dynamics Nav To Business Central Upgrade Guide
Author: brainbell10
13. Data Governance Framework: Building Trust In The Digital Age
Author: Umangp
14. A Complete Guide To Dynamics 365 Warehouse Management
Author: brainbell10
15. Conversational Ai In Intelligent Contact Centers: Market Outlook And Future Growth To 2028
Author: Umangp






