Home » Php » php – Where can I find a web-project "security checklist?"

php – Where can I find a web-project "security checklist?"

Posted by: admin July 12, 2020 Leave a comment

Questions:

I’m looking for a complete list of security guidelines for programming and deploying PHP web sites and applications on an Apache (Linux) server. Basically, a “security check list” to run through before finishing a project. I.e.,

  1. Cross Site Scripting
  2. Cross Site Request Forgery
  3. Sanitize form data that goes into database
  4. Disable register globals and error reporting in custom php.ini
  5. Upload files below web root
    …(the list goes on)

I did some searching on the internet and in this forum, but couldn’t find a comprehensive, succinct, and complete list of guidelines.

Thanks in advance.

How to&Answers:

Check out this link “Seven habits for writing secure PHP applications”:

http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html

The IBM articles are always very useful, thanks.

PS: also this “Recommended PHP reading list”

http://www.ibm.com/developerworks/opensource/library/os-php-read/#security

Answer:

I’d say you should find plenty of informations on the OWASP website, on the matter of vulnerabilities in web applications, and informations on how to help make yours more secure.

(But there is so much to say about that subject that you might actually get “more” informations than you’d first like…)

Answer:

I think there are two main categories, which should be considered:

Configuration & installation (for example): http://aymanh.com/checklist-for-securing-php-configuration
Programming (example): http://www.jemjabella.co.uk/blog/php-security-checklist

Other ideas?

Answer:

Take a look at OWASP’s Development Guide.