This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "Category:PHP"
Danehrlich1 (talk | contribs) m (change) |
Danehrlich1 (talk | contribs) m (change) |
||
Line 10: | Line 10: | ||
| | ||
== What Does PHP Security Mean? == | == What Does PHP Security Mean? == | ||
+ | |||
* Is my code secure? E.g. am I using the latest version of PHP | * Is my code secure? E.g. am I using the latest version of PHP | ||
* Is my architecture secure? E.g. Have I hardened the web server the application runs on? | * Is my architecture secure? E.g. Have I hardened the web server the application runs on? | ||
* Is my development infrastructure secure? E.g. Do I have 2FA on my Github account along with all other developers? | * Is my development infrastructure secure? E.g. Do I have 2FA on my Github account along with all other developers? | ||
− | |||
== What Can You Learn Here? == | == What Can You Learn Here? == |
Revision as of 04:37, 2 January 2019
AboutThere are 1.8 billion websites on the internet today [Netcraft]. Nearly 80% are powered by the PHP programming language. Democracy, freedom, and a better world are not possible if PHP is insecure. This project seeks to be the clearing house for the best ways of protecting PHP websites, apps, and the data they have. Thank you for reading. What Does PHP Security Mean?
What Can You Learn Here?
|
TeamLead: Dan Ehrlich Please email [email protected] if you would like to help out.
MetaLast Update: 12/2018
Other Resources
Related Projects |
It is not easy to produce a PHP application without security vulnerabilities. Most application security vulnerabilities apply to PHP applications just like other environments.
The goals of this project are to provide information about building, configuring, deploying, operating, and maintaining secure PHP applications. We cover the following topics or pick a topic from the OWASP PHP Table of Contents
- PHP Security for Architects
- Provides information about the design and architectural considerations for a PHP web application. Common architectures such as MVC, Ajax, Web Services and PEAR / Zend Frameworks are discussed.
- PHP Security for Developers
- This section covers dangerous calls and common vulnerabilities associated with them, such as system() exec(), eval() and so on. This section will also cover standard security mechanisms available in the standard language, such as cryptography, logging, encryption, and error handling. Securing elements of an application, such as controllers, business logic, and persistence layers will be covered. We'll discuss handling request parameters, encoding, injection, and more.
- PHP Security for Deployers
- These articles cover topics specifically related to the PHP hosting environment. We discuss minimizing the attack surface, configuring error handlers, and performing hardening of PHP.
Tool Chain
<TBD>
Libraries
<TBD>
Documents
To get involved join the mailing list: OWASP PHP Mailing List
Please visit the Tutorial and remember to add the tag: [[Category:PHP]] at the end of articles so that they're properly categorised.
<TBD>
Mailing List |
Twitter Feed(none)
|
Code Repository(none) |
PHP Projects Mailing Lists
http://lists.owasp.org/pipermail/owasp_php_security_project/
http://lists.owasp.org/pipermail/owasp_phprbac/
Related OWASP Resources
Ruby Technology Knowledge Base
Perl Technology Knowledge Base
Python Technology Knowledge Base
JavaScript Technology Knowledge Base
C/C++ Technology Knowledge Base
SQL, PL/SQL and DB Scripting Technology Knowledge Base
The previous version of this PHP Project home page is archived here: OWASP_PHP_Project_Archive_(03.2015)
Pages in category "PHP"
The following 10 pages are in this category, out of 10 total.