News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Codewalkers.com:
The PAVISE of Security
July 31, 2006 @ 06:10:17

Codewalkers.com has posted a new tutorial today from Martin Psinas titled "The PAVISE of Security".

Join notepad as he tours safe coding practices. He presents an easy to remember mnemonic which explains each component to help keep secure coding practices at the forefront in your development.

In the tutorial he talks about the bad reputation that PHP seems to be gathering and how it's less about the langauge and more about the applications written in it. His response is shown the the acronym in the title: PAVISE- Privacy, Administration, Validation, Integrity, Sociology and Environment.

  • Privacy deals with keeping server-related info away from the client (what it shouldn't see)
  • Administration suggests knowing how things are configured, even if you don't have the access to change them
  • Validation (a huge factor) keeps the user data entered from doing bad things to you and your application
  • Integrity is the overall strength of your application
  • Sociology talks about methods to protect yourself from the social engineering that can happen to anyone
  • Environment requires knowing if you're working on a secure platform or not, which could undermine all other efforts

Under each of the headings items are listed out and detailed to help give you a more concrete example. Code examples are also included where appropriate.

2 comments voice your opinion now!
tutorial pavise security provacy admin validate integrity sociology environment tutorial pavise security provacy admin validate integrity sociology environment


blog comments powered by Disqus

Similar Posts

ProDevTips.com: Multiple File Uploads with XHR and PHP

DevShed: Validating Octal and Hexadecimal Values with Filters in PHP 5

Bob Majdak's Blog: Making images transparent using Imagick - enter the pixel iterator

JSLabs Blog: How to write an image gallery script in PHP

Dan Scott's Blog: The state of PHP security (LWN article)


Community Events





Don't see your event here?
Let us know!


language threedevsandamaybe interview release introduction code api symfony podcast conference zendserver list laravel deployment framework tips bugfix series development community

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework