PHP and the OWASP Top Ten Security Vulnerabilities
Source: Skylar - Posted by Benjamin D. Thomas   
Host Security Most importantly, turn off register_globals. This configuration setting defaults to off in PHP 4.2.0 and later. Access values from URLs, forms, and cookies through the superglobal arrays $_GET, $_POST, and $_COOKIE.

Before you use values from the superglobal arrays, validate them to make sure they don't contain unexpected input. If you know what type of value you are expecting, make sure what you've got conforms to an expected format. For example, if you're expecting a US ZIP Code, make sure your value is either five digits or five digits, a hyphen, and four more digits (ZIP+4).

Read this full article at Skylar

Only registered users can write comments.
Please login or register.

Powered by AkoComment!