New pages

From SecurePHPWiki

Jump to: navigation, search
New pages
Hide bots | Show redirects
  • 16:30, 11 August 2010 ‎SecurityFocus Summaries (hist) ‎[36 bytes] ‎Admin (Talk | contribs) (Created page with "Category:PHP_News_and_Advisories")
  • 16:30, 11 August 2010 ‎PhpAdvisories (hist) ‎[28,134 bytes] ‎Admin (Talk | contribs) (Created page with "Category:PHP_News_and_Advisories")
  • 16:29, 11 August 2010 ‎HardenedPHP Advisories (hist) ‎[36 bytes] ‎Admin (Talk | contribs) (Created page with "Category:PHP_News_and_Advisories")
  • 16:19, 11 August 2010 ‎Logging (hist) ‎[632 bytes] ‎Admin (Talk | contribs) (Created page with "Category:Application_Development")
  • 16:03, 11 August 2010 ‎HTML Fingerprinting (hist) ‎[704 bytes] ‎Admin (Talk | contribs) (Created page with "Common application footers containing "Powered by..." or "This site runs..." can easily be spotted using search engines. When a security advisory is published, such fingerprintin...")
  • 16:01, 11 August 2010 ‎Sensitive Files (hist) ‎[1,734 bytes] ‎Admin (Talk | contribs) (Created page with "== Common File Names == Placing your admin section in an /admin/ directory makes your application an easier target for cgi scanners. See [http://www.cirt.net/code/nikto.shtml Ni...")
  • 15:40, 11 August 2010 ‎Email Injection (hist) ‎[19,250 bytes] ‎Admin (Talk | contribs) (Created page with "=== Related Topics === * Category:Injection_Attacks == php mail() function == There are a lot of ways to send anonymous emails, some use it to mass mail, some use it to sp...")
  • 15:33, 11 August 2010 ‎Passwords (hist) ‎[5,033 bytes] ‎Admin (Talk | contribs) (Created page with "== Introduction == Passwords should always be stored encrypted in a database. In the event of a cracker gaining access to your database, you want to either prolong the cracking ...")
  • 15:03, 11 August 2010 ‎Using Variables to Access Files (hist) ‎[3,575 bytes] ‎Admin (Talk | contribs) (Created page with "Allowing a malicious user to access or modify files on the server is another vulnerability that may exist as a result of variable pollution. The following functions can be used t...")
  • 14:57, 11 August 2010 ‎SQL Injection (hist) ‎[2,226 bytes] ‎Admin (Talk | contribs) (Created page with "== Example == Do not trust browser defined variables to properly escape special characters. <pre> $query = "SELECT * FROM users WHERE username='" . $username . "' AND password='...")
  • 14:50, 11 August 2010 ‎Using Variables with System Calls (hist) ‎[1,852 bytes] ‎Admin (Talk | contribs) (Created page with "Each of the following functions allow PHP to execute operating system commands. Therefore, these functions are especially dangerous. This becomes a problem when the script uses t...")
  • 14:48, 11 August 2010 ‎Variable Injection (hist) ‎[56 bytes] ‎Admin (Talk | contribs) (Created page with "See Global_Variables")
  • 14:41, 11 August 2010 ‎Cookie Tampering Attacks (hist) ‎[397 bytes] ‎Admin (Talk | contribs) (Created page with "More information is available at the following locaitons ([http://www.securephpwiki.com/index.php/References WACT]). * [http://www.phpsecure.info/v2/article/Setcookie-Secure.php...")
  • 14:39, 11 August 2010 ‎Cross Site Scripting Attacks (hist) ‎[522 bytes] ‎Admin (Talk | contribs) (Created page with "More information is available at the following locations ([http://www.securephpwiki.com/index.php/References WACT]). * [https://www.spidynamics.com/whitepapers/SPIcross-sitescri...")
  • 14:35, 11 August 2010 ‎Remote File Injection (hist) ‎[320 bytes] ‎Admin (Talk | contribs) (Created page with "It is possible to convince a PHP script to use a remote file instead of a presumably trusted file from the local file system ([http://www.securephpwiki.com/index.php/References W...")
  • 14:32, 11 August 2010 ‎Parameter Manipulation Attacks (hist) ‎[416 bytes] ‎Admin (Talk | contribs) (Created page with "Because of PHP's weak typing and automatic type conversion, alternative representations of input parameters can foil validation checks ([http://www.securephpwiki.com/index.php/Re...")
  • 14:32, 11 August 2010 ‎LDAP Injection (hist) ‎[410 bytes] ‎Admin (Talk | contribs) (Created page with "More information is available at the following locations ([http://www.securephpwiki.com/index.php/References WACT]). * [http://www.spidynamics.com/whitepapers/LDAPinjection.pdf ...")
  • 14:21, 11 August 2010 ‎Input Validation (hist) ‎[3,872 bytes] ‎Admin (Talk | contribs) (Created page with "One of the most effective security techniques, though time consuming at first, is user input validation. Ensuring that the input being processed matches your expectations can go ...")
  • 14:20, 11 August 2010 ‎Global Variables (hist) ‎[3,304 bytes] ‎Admin (Talk | contribs) (Created page with "Most PHP script security holes stem from the improper use of global variables or variable polution. Global, browser-defined variables can be extremely dangerous in PHP and should...")
  • 14:18, 11 August 2010 ‎False Uploads (hist) ‎[578 bytes] ‎Admin (Talk | contribs) (Created page with "A malicious user can modify variables that may cause PHP to display a dangerous file such as /etc/passwd or copy that file to a viewable location. This could be avoided using the...")
  • 13:34, 11 August 2010 ‎User Authentication (hist) ‎[2,538 bytes] ‎Admin (Talk | contribs) (Created page with "Be wary of code that requires an authenticated user. The first thing such a script should do is to check for user authentication. Otherwise, it may be possible for a malicious us...")
  • 13:07, 11 August 2010 ‎Sandbox (hist) ‎[84 bytes] ‎Admin (Talk | contribs) (Created page with "This is a place where new users can experiment with wiki syntax and writing content.")
Retrieved from "http://www.securephpwiki.com/index.php/Special:NewPages"
Views
Personal tools
Toolbox