This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Category:PHP"

From OWASP
Jump to: navigation, search
m (change)
m (change)
Line 10: Line 10:
 
 
 
== What Does PHP Security Mean? ==
 
== What Does PHP Security Mean? ==
 +
 
* Is my code secure? E.g. am I using the latest version of PHP
 
* Is my code secure? E.g. am I using the latest version of PHP
 
* Is my architecture secure? E.g. Have I hardened the web server the application runs on?
 
* Is my architecture secure? E.g. Have I hardened the web server the application runs on?
 
* Is my development infrastructure secure? E.g. Do I have 2FA on my Github account along with all other developers?
 
* Is my development infrastructure secure? E.g. Do I have 2FA on my Github account along with all other developers?
 
  
 
== What Can You Learn Here? ==
 
== What Can You Learn Here? ==

Revision as of 04:37, 2 January 2019

About

There are 1.8 billion websites on the internet today [Netcraft]. Nearly 80% are powered by the PHP programming language. Democracy, freedom, and a better world are not possible if PHP is insecure. This project seeks to be the clearing house for the best ways of protecting PHP websites, apps, and the data they have. Thank you for reading. ​

What Does PHP Security Mean?

  • Is my code secure? E.g. am I using the latest version of PHP
  • Is my architecture secure? E.g. Have I hardened the web server the application runs on?
  • Is my development infrastructure secure? E.g. Do I have 2FA on my Github account along with all other developers?

What Can You Learn Here?

  • Fastest way to secure a legacy PHP application
  • How to secure phpmyadmin, MySQL, and Postgres databases
  • What options do I need in my php.ini file for security?
  • How to secure the web server running your PHP
  • How can I check my dependencies for vulnerabilities?
  • How to harden your WordPress or Drupal site


Team

Lead: Dan Ehrlich

Please email dan.ehrlich@owasp.org if you would like to help out.


Meta

Last Update: 12/2018


Other Resources

Mailing List


Related Projects