PHP Application Security
February 20th, 2005I went through today and reorganized the PHP Application Security pages on the WACT Wiki. This mini wiki within a wiki is one of the most popular pages there. While the page has been popular, it hasn’t attracted much contribution.
I broke the existing entries up into four main categories. There is alot of structure here and thin content. Hopefully this will form an attractive nuisance for a collaborative effort to fill in some of the entries.
- A Catalog of Security Vulnerabilities - Bad Security Smells.
- A Catalog of Security Attacks - Attacks against PHP Applications and how to foil them.
- A Catalog of Security Sensitive Functions - A List of PHP functions and their security implications.
- A Catalog of Secure Practices - Best practices for secure applications.
I’ll probably start filling in the information the next time I go out of town and have internet access. I find it soothing when I am away from my standard development environment to google for security articles and summarize the information on the wiki. Thats how these pages were born.
Yes, I’m a geek.
All Posts
February 21st, 2005 at 4:54 am
catalog links are empty.
February 21st, 2005 at 12:14 pm
I think it’s a good resource. We’ve linked to it in the PHPSC Library:
http://phpsec.org/library/
I’m not sure what to tell you about attracting more contributions. I’ve been considering something that utilizes http://del.icio.us/ for making our library more useful and current. Maybe you can consider something similar - people can contribute links and descriptions by tagging something with “wact-phpsec”, and your work can be reduced to moderating these submissions.
Anyway, that’s a random idea I’ve been working with. Let me know if you think of something particularly creative.
February 21st, 2005 at 12:15 pm
Links fixed. Thanks for letting me know.
February 21st, 2005 at 12:23 pm
Thanks, Chris,
http://del.icio.us/tag/php+security might work just as well.
February 22nd, 2005 at 9:30 am
Hi Jeff, Just wanted to let you know that your RSS feed is full of what appears to be BBCode rather than HTML. Thought you’d like to know.
February 23rd, 2005 at 8:06 am
I had the same problem as Sam did.
Keep up the good job..