News Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Christian Wenz's Blog:
SANS Top-20 Internet Security Attack Targets (2006 Annual Update)
November 27, 2006 @ 10:03:00

In a new post on his blog, Christian Wenz mentions the latest results of the SANS Institute's Top 20 Internet Security Attack Targets list which both includes a new entry ("Users") and several mentions of PHP and PHP-related applications.

Of course you can debate how such a Top list came together and what the real value behind that is, but there are two specific points in this year's list that I found quite interesting.

There's two targets for the PHP community to worry about - sysadmin/hosting and things developers need to keep in mind. Items on these lists include:

  • Always test and deploy patches and new versions of PHP as they are released
  • Use Intrusion Prevention/Detection Systems to block/alert on malicious HTTP requests. Consider using Apache's mod_security to block known PHP attacks
  • If you use PHP, migrate your application to PHP 5.2 as a matter of urgency.
  • Encode all output using htmlentities() or a similar mechanism to avoid XSS attacks
You can check out the full information over on the SANS Institute website.

0 comments voice your opinion now!
sans institute top20 internet security attack target sysadmin hosting developer sans institute top20 internet security attack target sysadmin hosting developer


blog comments powered by Disqus

Similar Posts

Dan Scott's Blog: Serendipity (s9y) blog: Security release

Davey Shafik's Blog: The Blowfish Debacle

John Cox\'s Blog: Security Blunders

Job Posting: ManicMelon.com Seeks Mid-Senior LAMP Web Application Developer (Overland Park, KS)

Job Posting: Engine Digital Seeks LAMP Developer (Vancouver, BC)


Community Events





Don't see your event here?
Let us know!


library list code release application symfony developer install community framework threedevsandamaybe unittest series interview podcast wordpress configure introduction api language

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework