News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

iBuildings Blog:
Verifying out software with OWASP ASVS
April 02, 2013 @ 12:20:19

On the iBuildings blog today there's a post from Boy Baukema about the use of the OWASP ASVS to help provide a framework of questions to ask about your application to help find any application security "pain points."

When a customer commissions Ibuildings for a new application, he usually has plenty of functional demands. [...] And maybe some thoughts have been given to performance metrics, but security? Well… it "needs to be secure". [...] It is said, conveniently enough mostly by software engineers, that building software is perhaps the most complex activity humans have ever undertaken.

He notes that "security is not a checkbox, it's a dropdown" and should be continuously considered continuously through out development. The OWASP ASVS provides a structure that a development group can follow to test the security of their application. It defines 4 types of testing/validation and fourteen other topics to consider.

While ASVS is a wonderful addition, it has it's issues: verification and reporting can take a significant amount of time and validation rules are not specific enough to use the tools and techniques.
0 comments voice your opinion now!
owasp verify software asvs standard questions security application


WebProNews.com:
Form Checking - Verifying Name Using PHP Ereg
June 23, 2006 @ 07:40:01

On WebProNews.com, there's a brief tutorial on using regular expressions, specifically for filtering "names" entered by users.

One important use of Regular Expressions (Regex) is to verify fields submitted via a form. In this article, we attempt to write an expression that is able to verify the user's first name, middle name, last name or just names in general.

The expression should allow names such as "Mary", "Mr. James Smith" and "Mrs O'Shea" for example. So the challenge here is to allow spaces, periods and single quotation marks in the name field and reject any other characters.

Their examples use the preg_* functions in PHP to work, first looking for any invalid characters in the string(s), then amending it to ensure that there aren't any numbers involved either. The few lines of code it takes are included as well.

0 comments voice your opinion now!
regular expression form checking verify preg regular expression form checking verify preg


GoodPHPTutorials.com:
SQL Injections in PHP with MySQL
March 20, 2006 @ 07:42:59

On GoodPHPTutorials.com, there's this helpful tutorial that anyone working with any sort of website that has a database backend should look into - a brief look at SQL injections with PHP and MySQL.

SQL injections are a major security risk in many PHP applications. Injections are caused when a web developer allows the end-user to manipulate a variable that is being inserted into a database query string, generally through the $_GET, $_POST or $_SESSION superglobals. When a value isn't verified, major problems can occur. Since MySQL is the most commonly used database platform for PHP applications, it seemed appropriate to write an article specifically related to that.

They cover different topics that you'll need to protect yourself against a basic level of SQL injections - the key is the validation of your data. They have code examples to help you along and explain each step, including outputting the data to the page (where things like cross-site scripting issues can occur).

0 comments voice your opinion now!
tutorial SQL injection mysql verify input data tutorial SQL injection mysql verify input data



Community Events





Don't see your event here?
Let us know!


series podcast tips voicesoftheelephpant list deployment release language interview symfony library api laravel package install community bugfix introduction framework opinion

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework