OWASP - User contributions [en]

OWASP PHP Table of Contents

2007-10-12T20:22:36Z

Kaf: New page: ==PHP Security for Architects== ==PHP Security for Developers== ===Noteworthy Frameworks===

==[[PHP Security for Architects]]==
==[[PHP Security for Developers]]==
===Noteworthy Frameworks===

Category:OWASP PHP Project

2007-10-12T19:34:34Z

Kaf: /* PHP Security Overview */

==About==

The OWASP PHP Project's goal is to enable PHP developers to build secure applications efficiently. See the [[OWASP PHP Project Roadmap]] for more information on our plans.

==Joining the Project==

The OWASP PHP project is in the process of being formed. We are seeking a leader (or leaders) for the project develop the [[OWASP PHP Project Roadmap]] and identify the first tasks. If you're interested and could commit to 4-8 hours a week, please send an email describing your background to [mailto:owasp@owasp.org owasp@owasp.org].

==PHP Security Overview==

It is not easy to produce a PHP application without security vulnerabilities. Most application security [[:Category:Vulnerability|vulnerabilities]] apply to PHP applications just like other environments.

The goals of this project are to provide information about building, configuring, deploying, operating, and maintaining secure PHP applications. We cover the following topics or pick a topic from the [[OWASP PHP Table of Contents]]

; [[PHP Security for Architects]]
: Provides information about the design and architectural considerations for a PHP web application. Common architectures such as MVC, Ajax, Web Services and PEAR / Zend Frameworks are discussed.

; [[PHP Security for Developers]]
: This section covers dangerous calls and common vulnerabilities associated with them, such as system() exec(), eval() and so on. This section will also cover standard security mechanisms available in the standard language, such as cryptography, logging, encryption, and error handling. Securing elements of an application, such as controllers, business logic, and persistence layers will be covered. We'll discuss handling request parameters, encoding, injection, and more.

; [[PHP Security for Deployers]]
: These articles cover topics specifically related to the PHP hosting environment. We discuss minimizing the attack surface, configuring error handlers, and performing hardening of PHP.

==PHP Articles==

* [[PHP Top 5]] - OWASP PHP Top 5

[[Category:Language]]

[[Category:OWASP PHP Project]]

[[Category:Technology]]

[[Category:OWASP Project]]

Category:OWASP PHP Project

2007-10-12T19:33:42Z

Kaf: /* PHP Security Overview */

==About==

The OWASP PHP Project's goal is to enable PHP developers to build secure applications efficiently. See the [[OWASP PHP Project Roadmap]] for more information on our plans.

==Joining the Project==

The OWASP PHP project is in the process of being formed. We are seeking a leader (or leaders) for the project develop the [[OWASP PHP Project Roadmap]] and identify the first tasks. If you're interested and could commit to 4-8 hours a week, please send an email describing your background to [mailto:owasp@owasp.org owasp@owasp.org].

==PHP Security Overview==

It is not easy to produce a PHP application without security vulnerabilities. Most application security [[:Category:Vulnerability|vulnerabilities]] apply to PHP applications just like other environments.

The goals of this project are to provide information about building, configuring, deploying, operating, and maintaining secure PHP applications. We cover the following topics or pick a topic from the OWASP PHP Table of Contents

; [[PHP Security for Architects]]
: Provides information about the design and architectural considerations for a PHP web application. Common architectures such as MVC, Ajax, Web Services and PEAR / Zend Frameworks are discussed.

; [[PHP Security for Developers]]
: This section covers dangerous calls and common vulnerabilities associated with them, such as system() exec(), eval() and so on. This section will also cover standard security mechanisms available in the standard language, such as cryptography, logging, encryption, and error handling. Securing elements of an application, such as controllers, business logic, and persistence layers will be covered. We'll discuss handling request parameters, encoding, injection, and more.

; [[PHP Security for Deployers]]
: These articles cover topics specifically related to the PHP hosting environment. We discuss minimizing the attack surface, configuring error handlers, and performing hardening of PHP.

==PHP Articles==

* [[PHP Top 5]] - OWASP PHP Top 5

[[Category:Language]]

[[Category:OWASP PHP Project]]

[[Category:Technology]]

[[Category:OWASP Project]]

OWASP PHP Project Roadmap

2007-10-12T17:27:51Z

Kaf: /* Goals */

==Goals==
The OWASP PHP Project's overall goal is to...

Produce materials that show PHP architects, developers, and
deployers how to deal with most common application security
problems throughout the lifecycle.

In the near term, we are focused on the following tactical goals:

# Inplementing Security using Best Practices (Non Framework Based Applications)
# Provide examples of how to prevent Cross Site Scripting attacks in popular web frameworks
# Provide examples of how to prevent SQL Injection in popular data access frameworks
# Provide examples of how to prevent Cross Site Scripting attacks in popular AJAX frameworks
# Provide examples of how to prevent LDAP injection in PHP
# Secure configuration guides

==Current Tasks==

* Call for volunteers - Join the [http://lists.owasp.org/mailman/listinfo/owasp-phpness mailing list], read the [[Tutorial]] and get started!
* Refine this roadmap in the [http://www.owasp.org/index.php/Talk:OWASP_PHP_Project_Roadmap discussion].

==Ideas==

Please submit your ideas for the OWASP PHP Project here. (you can sign your ideas by adding four tilde characters like this <nowiki>~~~~</nowiki>)

[[User:Vanderaj|Vanderaj]] 06:57, 26 June 2006 (EDT)

[[Category:OWASP PHP Project]]

User:Kaf

2007-10-12T17:10:25Z

Kaf: New page: Javier Gloria

Javier Gloria

PHP File Inclusion

2007-10-03T17:12:23Z

Kaf: /* Related Threats */

{{Template:Vulnerability}}

==Description==
PHP as many other languages allow the inclution of files in order to provide or extend the functionality of the current file.

==Examples ==
<?PHP
include '/path/filename.php';
include_once 'path/filename.class.php';
require '../path/filename.inc';
require_once 'filename.inc.php';
?>

==Related Threats==
Remote file inclusion using variables from the request POST or GET

==Related Attacks==

==Related Vulnerabilities==

==Related Countermeasures==

==Categories==

{{Template:Stub}}

[[Category:PHP]]

PHP File Inclusion

2007-10-03T17:11:16Z

Kaf: /* Examples */

{{Template:Vulnerability}}

==Description==
PHP as many other languages allow the inclution of files in order to provide or extend the functionality of the current file.

==Examples ==
<?PHP
include '/path/filename.php';
include_once 'path/filename.class.php';
require '../path/filename.inc';
require_once 'filename.inc.php';
?>

==Related Threats==

==Related Attacks==

==Related Vulnerabilities==

==Related Countermeasures==

==Categories==

{{Template:Stub}}

[[Category:PHP]]

PHP File Inclusion

2007-10-03T17:09:26Z

Kaf: /* Description */

{{Template:Vulnerability}}

==Description==
PHP as many other languages allow the inclution of files in order to provide or extend the functionality of the current file.

==Examples ==

==Related Threats==

==Related Attacks==

==Related Vulnerabilities==

==Related Countermeasures==

==Categories==

{{Template:Stub}}

[[Category:PHP]]