Survive The Deep End: PHP Security
latest
  • Introduction
  • Input Validation
  • Injection Attacks
  • Cross-Site Scripting (XSS)
  • Insufficient Transport Layer Security (HTTPS, TLS and SSL)
  • Insufficient Entropy For Random Values
  • PHP Security: Default Vulnerabilities, Security Omissions and Framing Programmers?
Survive The Deep End: PHP Security
  • Docs »
  • Survive The Deep End: PHP Security
  • Edit on GitHub

Survive The Deep End: PHP Security¶

Contents:

  • Introduction
    • Yet Another PHP Security Book?
    • Who Wants To Attack Your Application?
    • How Can They Attack Us?
    • What Can We Do To Stop Them?
    • Basic Security Thinking
    • Conclusion
  • Input Validation
    • Validation Considerations
    • Data Validation Techniques
    • Validation Of Input Sources
    • Conclusion
  • Injection Attacks
    • SQL Injection
    • Code Injection (also Remote File Inclusion)
    • Command Injection
    • Log Injection (also Log File Injection)
    • Path Traversal (also Directory Traversal)
    • XML Injection
  • Cross-Site Scripting (XSS)
    • What is Cross-Site Scripting?
    • A Cross-Site Scripting Example
    • Types of Cross-Site Scripting Attacks
    • Cross-Site Scripting And Injecting Context
    • Defending Against Cross-Site Scripting Attacks
  • Insufficient Transport Layer Security (HTTPS, TLS and SSL)
    • Definitions & Basic Vulnerabilities
    • SSL/TLS From PHP (Server to Server)
    • SSL/TLS From Client (Client/Browser to Server)
  • Insufficient Entropy For Random Values
    • What Makes A Random Value?
    • Random Values In PHP
    • Attacking PHP’s Random Number Generators
    • And Now For Something Completely Similar
    • Brute Force Attacking Unique IDs
    • Hunting For Entropy

Articles:

  • PHP Security: Default Vulnerabilities, Security Omissions and Framing Programmers?
    • SSL/TLS Misconfiguration
    • XML Injection Attacks
    • Cross-Site Scripting (Limited Escaping Features)
    • Stream URI Injection Attack (incl. Local/Remote File Inclusion)
    • Conclusion

Indices and tables¶

  • Index
  • Module Index
  • Search Page
Next

© Copyright 2017, Padraic Brady. Revision 328fe3aa.

Built with Sphinx using a theme provided by Read the Docs.
Read the Docs v: latest
Versions
latest
Downloads
pdf
htmlzip
epub
On Read the Docs
Project Home
Builds

Free document hosting provided by Read the Docs.
Fork me on GitHub