Survive The Deep End: PHP Security
latest
Introduction
Input Validation
Injection Attacks
Cross-Site Scripting (XSS)
Insufficient Transport Layer Security (HTTPS, TLS and SSL)
Insufficient Entropy For Random Values
PHP Security: Default Vulnerabilities, Security Omissions and Framing Programmers?
Survive The Deep End: PHP Security
Docs
»
Survive The Deep End: PHP Security
Edit on GitHub
Survive The Deep End: PHP Security
¶
Contents:
Introduction
Yet Another PHP Security Book?
Who Wants To Attack Your Application?
How Can They Attack Us?
What Can We Do To Stop Them?
Basic Security Thinking
Conclusion
Input Validation
Validation Considerations
Data Validation Techniques
Validation Of Input Sources
Conclusion
Injection Attacks
SQL Injection
Code Injection (also Remote File Inclusion)
Command Injection
Log Injection (also Log File Injection)
Path Traversal (also Directory Traversal)
XML Injection
Cross-Site Scripting (XSS)
What is Cross-Site Scripting?
A Cross-Site Scripting Example
Types of Cross-Site Scripting Attacks
Cross-Site Scripting And Injecting Context
Defending Against Cross-Site Scripting Attacks
Insufficient Transport Layer Security (HTTPS, TLS and SSL)
Definitions & Basic Vulnerabilities
SSL/TLS From PHP (Server to Server)
SSL/TLS From Client (Client/Browser to Server)
Insufficient Entropy For Random Values
What Makes A Random Value?
Random Values In PHP
Attacking PHP’s Random Number Generators
And Now For Something Completely Similar
Brute Force Attacking Unique IDs
Hunting For Entropy
Articles:
PHP Security: Default Vulnerabilities, Security Omissions and Framing Programmers?
SSL/TLS Misconfiguration
XML Injection Attacks
Cross-Site Scripting (Limited Escaping Features)
Stream URI Injection Attack (incl. Local/Remote File Inclusion)
Conclusion
Indices and tables
¶
Index
Module Index
Search Page