This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:PHP"
m (Redirected page to OWASP PHP Project) |
m (shifted project to wiki page as discussed with board) |
||
Line 1: | Line 1: | ||
− | # | + | [[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] |
+ | |||
+ | <br/> | ||
+ | |||
+ | |||
+ | = Main = | ||
+ | |||
+ | {| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |- | ||
+ | | valign="top" style="border-right: 1px dotted gray;padding-right:25px;" | | ||
+ | |||
+ | == About == | ||
+ | |||
+ | The OWASP PHP Technology Knowledge Base is the clearing house for all information related to building secure web applications and services based on PHP technologies. The focus of the project is on guidance for developers and application architects on using PHP and PHP frameworks. Moreover, we aim to provide security related guidance for system administrators managing PHP based applications and tools. | ||
+ | |||
+ | Community content is key to security information. The project depends on content from developers throughout the PHP ecosystem. | ||
+ | |||
+ | ==Purpose== | ||
+ | |||
+ | * Provide deep, rich guidance for PHP developers in using the security features of PHP and of PHP frameworks. | ||
+ | * Address security in relation to PHP and derived technologies. | ||
+ | * Guide system administrators in managing PHP related components and applications. | ||
+ | * Create guidance for use of OWASP components that are designed for use with PHP. | ||
+ | * Focus on information about working with and on OWASP tools built using PHP or other PHP technologies. | ||
+ | * Provide a stream of security related information, like vulnerabilities and security patches, related to the PHP universe. | ||
+ | * Build an ecosystem allowing to all actors interested to discuss, share and learn. | ||
+ | |||
+ | == Licensing == | ||
+ | |||
+ | OWASP PHP Technology Knowledge Base is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. | ||
+ | |||
+ | | valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" | | ||
+ | |||
+ | == Team == | ||
+ | |||
+ | Lead: None. | ||
+ | |||
+ | |||
+ | <br/> | ||
+ | |||
+ | == Meta == | ||
+ | |||
+ | Last Update: 12/2015 | ||
+ | |||
+ | <br/> | ||
+ | |||
+ | == Other Resources == | ||
+ | |||
+ | [http://lists.owasp.org/mailman/listinfo/php-project Mailing List] | ||
+ | |||
+ | <br/> | ||
+ | |||
+ | == Related Projects == | ||
+ | |||
+ | * [[OWASP_Project|Main Project Repository]] | ||
+ | * [[Language|Languages Repository]] | ||
+ | * [[OWASP_.NET_Project|OWASP .NET]] | ||
+ | * [[OWASP_Java_Project|OWASP Java and JVM]] | ||
+ | * [[OWASP_Ruby_Project|OWASP Ruby]] | ||
+ | * [[OWASP_C/C++_Project|OWASP C/C++]] | ||
+ | * [[OWASP_Python_Project|OWASP Python]] | ||
+ | * [[OWASP_Internet_of_Things_Project|OWASP IoT Security]] | ||
+ | * [[OWASP_Mobile_Security_Project|OWASP Mobile Security]] | ||
+ | |||
+ | |||
+ | |} | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | = Related Resources = | ||
+ | |||
+ | {| style="padding:0; margin:0; margin-top:10px; text-align:left; width:100%;" |- | ||
+ | | valign="top" style="border-right: 1px dotted gray; padding-right:25px; width:30%; float:left;" | | ||
+ | |||
+ | == Mailing List == | ||
+ | |||
+ | [http://lists.owasp.org/mailman/listinfo/php-project OWASP PHP Project Mailing List] | ||
+ | |||
+ | | valign="top" style="padding-left:25px; width:30%; min-width:30%; border-right:1px dotted gray; padding-right:25px; float:left;" | | ||
+ | |||
+ | == Twitter Feed == | ||
+ | |||
+ | (none) | ||
+ | |||
+ | |||
+ | | valign="top" style="padding-left:25px; width:30%; float:left;" | | ||
+ | |||
+ | == Code Repository == | ||
+ | |||
+ | (none) | ||
+ | |||
+ | |} | ||
+ | |||
+ | <br> | ||
+ | |||
+ | == PHP Projects Mailing Lists == | ||
+ | |||
+ | http://lists.owasp.org/pipermail/owasp_php_security_project/ | ||
+ | |||
+ | http://lists.owasp.org/pipermail/owasp_phprbac/ | ||
+ | |||
+ | <br> | ||
+ | |||
+ | == Related OWASP Resources == | ||
+ | |||
+ | [[OWASP_Project|Main Project Repository]] | ||
+ | |||
+ | [[Language|Programming Languages Repository]] | ||
+ | |||
+ | [[OWASP_Java_Project|OWASP Java and JVM Project]] | ||
+ | |||
+ | [[OWASP_.NET_Project|OWASP .NET Project]] | ||
+ | |||
+ | [[OWASP_DevSec_Project|OWASP DevSec Project]] | ||
+ | |||
+ | [[OWASP_C/C++_Project|OWASP C/C++ Project]] | ||
+ | |||
+ | [[OWASP_Ruby_Project|OWASP Ruby Project]] | ||
+ | |||
+ | [[OWASP_Python_Project|OWASP Python Project]] | ||
+ | |||
+ | [[OWASP_PHP_Project|OWASP PHP Project]] | ||
+ | |||
+ | [[OWASP_Internet_of_Things_Project|OWASP IoT Security Project]] | ||
+ | |||
+ | [[OWASP_Mobile_Security_Project|OWASP Mobile Security Project]] | ||
+ | |||
+ | =PHP Security Overview= | ||
+ | |||
+ | It is not easy to produce a PHP application without security vulnerabilities. Most application security [[:Category:Vulnerability|vulnerabilities]] apply to PHP applications just like other environments. | ||
+ | |||
+ | The goals of this project are to provide information about building, configuring, deploying, operating, and maintaining secure PHP applications. We cover the following topics or pick a topic from the [[OWASP PHP Table of Contents]] | ||
+ | |||
+ | ; [[PHP Security for Architects]] | ||
+ | : Provides information about the design and architectural considerations for a PHP web application. Common architectures such as MVC, Ajax, Web Services and PEAR / Zend Frameworks are discussed. | ||
+ | |||
+ | ; [[PHP Security for Developers]] | ||
+ | : This section covers dangerous calls and common vulnerabilities associated with them, such as system() exec(), eval() and so on. This section will also cover standard security mechanisms available in the standard language, such as cryptography, logging, encryption, and error handling. Securing elements of an application, such as controllers, business logic, and persistence layers will be covered. We'll discuss handling request parameters, encoding, injection, and more. | ||
+ | |||
+ | ; [[PHP Security for Deployers]] | ||
+ | : These articles cover topics specifically related to the PHP hosting environment. We discuss minimizing the attack surface, configuring error handlers, and performing hardening of PHP. | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | = Pages = | ||
+ | |||
+ | == Tools Chain == | ||
+ | |||
+ | <TBD> | ||
+ | |||
+ | <br/> | ||
+ | |||
+ | <br/> | ||
+ | |||
+ | == Libraries == | ||
+ | |||
+ | <TBD> | ||
+ | |||
+ | <br/> | ||
+ | |||
+ | <br/> | ||
+ | |||
+ | == Documents == | ||
+ | |||
+ | [[PHP Top 5]] - OWASP PHP Top 5 | ||
+ | |||
+ | <TBD> | ||
+ | |||
+ | <br/> | ||
+ | |||
+ | <br/> | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | = Get involved = | ||
+ | |||
+ | To get involved join the mailing list: [http://lists.owasp.org/mailman/listinfo/owasp-php OWASP PHP Mailing List] | ||
+ | |||
+ | Please visit the [[Tutorial]] and remember to add the tag: <nowiki>[[Category:PHP]]</nowiki> at the end of articles so that they're properly categorised. | ||
+ | |||
+ | <TBD> | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | = Project Archives = | ||
+ | |||
+ | The previous version of this PHP Project home page is archived here: [[OWASP_PHP_Project_Archive_(03.2015)]] | ||
+ | |||
+ | <br/> | ||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | |||
+ | __NOTOC__ | ||
+ | <headertabs /> | ||
+ | |||
+ | <br/> | ||
+ | |||
+ | <!-- Wikimedia insert classified items list here --> | ||
+ | |||
+ | [[Category:Technology]] | ||
+ | [[Category:Language]] |
Revision as of 11:00, 21 January 2016
AboutThe OWASP PHP Technology Knowledge Base is the clearing house for all information related to building secure web applications and services based on PHP technologies. The focus of the project is on guidance for developers and application architects on using PHP and PHP frameworks. Moreover, we aim to provide security related guidance for system administrators managing PHP based applications and tools. Community content is key to security information. The project depends on content from developers throughout the PHP ecosystem. Purpose
LicensingOWASP PHP Technology Knowledge Base is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. |
TeamLead: None.
MetaLast Update: 12/2015
Other Resources
Related Projects
|
Mailing List |
Twitter Feed(none)
|
Code Repository(none) |
PHP Projects Mailing Lists
http://lists.owasp.org/pipermail/owasp_php_security_project/
http://lists.owasp.org/pipermail/owasp_phprbac/
Related OWASP Resources
It is not easy to produce a PHP application without security vulnerabilities. Most application security vulnerabilities apply to PHP applications just like other environments.
The goals of this project are to provide information about building, configuring, deploying, operating, and maintaining secure PHP applications. We cover the following topics or pick a topic from the OWASP PHP Table of Contents
- PHP Security for Architects
- Provides information about the design and architectural considerations for a PHP web application. Common architectures such as MVC, Ajax, Web Services and PEAR / Zend Frameworks are discussed.
- PHP Security for Developers
- This section covers dangerous calls and common vulnerabilities associated with them, such as system() exec(), eval() and so on. This section will also cover standard security mechanisms available in the standard language, such as cryptography, logging, encryption, and error handling. Securing elements of an application, such as controllers, business logic, and persistence layers will be covered. We'll discuss handling request parameters, encoding, injection, and more.
- PHP Security for Deployers
- These articles cover topics specifically related to the PHP hosting environment. We discuss minimizing the attack surface, configuring error handlers, and performing hardening of PHP.
To get involved join the mailing list: OWASP PHP Mailing List
Please visit the Tutorial and remember to add the tag: [[Category:PHP]] at the end of articles so that they're properly categorised.
<TBD>
The previous version of this PHP Project home page is archived here: OWASP_PHP_Project_Archive_(03.2015)
Pages in category "PHP"
The following 10 pages are in this category, out of 10 total.