Results 1 to 1 of 1

Thread: PHP Security

  1. #1
    kateves
    kateves is offline
    Guest
    Join Date
    2014 Nov
    Posts
    1
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    PHP Security

    Hello everybody. As this is my first post I would bring some security in PHP for you.

    Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by an attacker to introduce (or "inject") code into a computer program to change the course of execution. The results of a code injection attack can be disastrous. For instance, code injection is used by some computer worms to propagate.

    Injection flaws occur when an application sends untrusted data to an interpreter. Injection flaws are very prevalent, particularly in legacy code. They are often found in SQL, LDAP, Xpath, or NoSQL queries; OS commands; XML parsers, SMTP Headers, program arguments, etc. Injection flaws are easy to discover when examining code, but frequently hard to discover via testing. Scanners and fuzzers can help attackers find injection flaws.[1]

    Injection can result in data loss or corruption, lack of accountability, or denial of access. Injection can sometimes lead to complete host takeover.

    Certain types of code injection are errors in interpretation, giving special meaning to mere user input. Similar interpretation errors exist outside the world of computer science such as the comedy routine Who's on First?. In the routine, there is a failure to distinguish proper names from regular words. Likewise, in some types of code injection, there is a failure to distinguish user input from system commands.

    How to protect yourself?
    One of the methods to protect the code injection is the treatment of fields GET, POST and COOKIE.

    Example:
    PHP Code:
    <?php
    $characters_banned
    = array("code""injection"); // Block words (code and injection) "Make your own list."

    // Check characters banned in GET method

    if(count($_GET) > 0)
    {
          foreach(
    $_GET as $method)
          {
                foreach(
    $characters_banned as $word)
                {
                      if(
    substr_count($method$word) > 0)
                            exit(
    "Malicious code.");
                }
          }
    }

    // Check characters banned in POST method

    if(count($_POST) > 0)
    {
          foreach(
    $_POST as $method)
          {
                foreach(
    $characters_banned as $word)
                {
                      if(
    substr_count($method$word) > 0)
                            exit(
    "Malicious code.");
                }
          }
    }

    // Check characters banned in COOKIE method

    if(count($_COOKIE) > 0)
    {
          foreach(
    $_COOKIE as $method)
          {
                foreach(
    $characters_banned as $word)
                {
                      if(
    substr_count($method$word) > 0)
                            exit(
    "Malicious code.");
                }
          }
    }

    ?>
    This is a simple code that can serve as security in their web applications.
    I have helped you and ask them to share their knowledge too

Similar Threads

  1. Which Antivirus/Internet Security Software do you use?
    By GhostRaid3r in forum Software & Hardware
    Replies: 23
    Last Post: 2014-06-30, 04:26 AM
  2. [Info] Game Security
    By Dwar in forum Battle of the Immortals
    Replies: 5
    Last Post: 2010-11-29, 03:52 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •