Educause Security Discussion mailing list archives
Re: PHP Security
From: "H. Morrow Long" <morrow.long () YALE EDU>
Date: Wed, 23 Nov 2005 06:46:17 -0500
On Nov 23, 2005, at 12:17 AM, Tim Lane wrote:
just wondering if anyone is aware of recommended guides for PHP security, or good free PHP vulnerability scanners?
From Google; PHP Security ConsortiumFounded in January 2005, the PHP Security Consortium (PHPSC) is an international group of PHP ... PHP Security Consortium work is organized into projects. ...
phpsec.org/ - 7k - Cached - Similar pages PHP Security Consortium: PHP Security GuidePHP Security Guide. Table of Contents ... 6. About · 6.1 About This Guide · 6.2 About the PHP Security Consortium · 6.3 More Information ...
phpsec.org/projects/guide/ - 5k - Cached - Similar pages [ More results from phpsec.org ] Books from Amazon; Essential PHP Security by Chris Shiflett (Paperback) Books: See all 4 items (Rate this item)Buy new: $19.77 Used & new from $18.94 Usually ships in 24 hours
Pro PHP Security (Pro) by Chris Snyder, Michael Southwell (Paperback) Books: See all 4 items (Rate this item)Buy new: $29.69 Used & new from $19.88 Usually ships in 24 hours
Sponsored Links: What's this?php|architect's Guide to PHP Security| by Ilia Alshanetsky, Rasmus Lerdorf (Contributor) (Paperback)
Books: See all 4 items (Rate this item)Buy new: $21.77 Used & new from $21.55 Usually ships in 24 hours
PHP Security & Cracking Puzzles by Maxim Kuznetsov (Paperback) Books: See all 4 items (Rate this item) Buy new: $26.37 Not yet released.I also found several web and web apps vulnerability testing tools which claim to test PHP scripts but they are not free and I don't have any experience with them. See below. These claim to be able to check previously unknown and custom- written PHP scripts. Apparently hiding the source to your PHP scripts is also
desirable and a product niche.Some of the general network vulnerability test tools (nessus, ISS, Retina, etc.) as well as some open source specific web vulnerability test tools (Whisker, Nikto) may also test PHP -- e.g.for the prescence of the well known vulnerable scripts
but unlikely to look for and test new unknown/custom PHP scripts.Protect your PHP Scripts -- IP/MAC lock, time limit & more with advanced encoder tools from ionCube -- www.ioncube.com
How to Secure Web Apps -- Automated vulnerability testing: SQL injects, XSS, buffer overflows -- cenzic.com/whitepapers
PHP security scanner Check your PHP scripts for vulnerabilities with Acunetix WVS. www.acunetix.com/wvs/ Bytecode PHP Encoder Bytecode encoder with encryption to protect your PHP source code www.phpshield.com Compiled PHP Encoding Protection for your PHP scripts Protect. Encrypt. Secure sourceguardian.com PHP Security Consulting We fix PHP security problems. Fast! www.maysecltd.com
Current thread:
- PHP Security Tim Lane (Nov 22)
- <Possible follow-ups>
- Re: PHP Security Jim Loter (Nov 22)
- Re: PHP Security H. Morrow Long (Nov 23)
- Re: PHP Security Gary Flynn (Nov 23)
- Re: PHP Security Anthony Maszeroski (Nov 23)
- Re: PHP Security Brian Reilly (Nov 23)