Security
Threats
- XSS
- XSRF
- Injection (e.g. SQL-Injection)
- Attacks on Session / Cookies/ SessionIDs
- Path Climbing
- Session Hijacking
- Hidden Field Manipulation
Links
- PHP security manual
- http://www.modsecurity.org
- Top 25 Most Dangerous Programming Errors
- Web Application Exploits and Defenses
- OWASP Testing Guide
- threat risk modelling
- https://openssf.org/resources/guides/
- https://cheatsheetseries.owasp.org/index.html
Security - Agenda
- Variable injection
- SQL injection
- Input filtering
- Output escaping
- Security by obscurity
- Fix the rights
- Configuration
- Cookies and Sessions
- Information Gathering
- Threat Modelling
Add related functions to sections
- HTML (echo or print)
- http://php.net/manual/function.htmlspecialchars.php
Input filtering- https://www.php.net/manual/en/function.strip-tags.php
- https://www.php.net/manual/en/function.trim.php
Data Filtering- https://www.php.net/manual/de/[...]filters.sanitize.php
SQL