Results 1 to 8 of 8

Thread: Testing PHP – Security Testing

  1. #1
    Expert Member
    Join Date
    May 2006
    Answers
    114

    Testing PHP – Security Testing

    Hi,
    What all aspects are steps one has to take and consider while doing security testing of a PHP application?

    Regards,
    RyanJames


  2. #2
    Contributing Member
    Join Date
    May 2006
    Answers
    82

    Re: Testing PHP – Security Testing

    One of the aspects to take care of is login page security testing namely validation of userid and password has it been done without any loopholes for error or hacking into the system. Some other things like per page security checks and so on can be done based on the application which is taken for testing.


  3. #3
    Junior Member
    Join Date
    Nov 2006
    Answers
    3

    Re: Testing PHP – Security Testing


    Hi timmy,

    PHP will come under the web application, so we have to concentrate more on SQL and Java injection. other than this we have to do penetrate testing for the login page.




  4. #4
    Junior Member
    Join Date
    Apr 2007
    Answers
    1

    Re: Testing PHP – Security Testing

    Try the Top 10 Web application vulnerabilities


  5. #5
    Junior Member
    Join Date
    Mar 2007
    Answers
    8

    Re: Testing PHP – Security Testing

    well, you have to test first for the javascript functionalities used in your application..
    Second thing is url testing..I mean directly putting login url of diffrent accounts..there should be validations on these test points..


  6. #6
    Junior Member
    Join Date
    Dec 2007
    Answers
    13

    Re: Testing PHP – Security Testing

    SQL Inection is the suitable way to test the Security level all web Applications.


  7. #7
    Junior Member
    Join Date
    Mar 2006
    Answers
    1

    Re: Testing PHP – Security Testing

    Hi !

    Can you elaborate more on security testing,

    rgds
    Sanju


  8. #8
    Junior Member
    Join Date
    Dec 2007
    Answers
    13

    Re: Testing PHP – Security Testing

    Any data inserted into an output stream originating from a server is presented as originating from that server, even if it does not include malicious tags. Web developers must evaluate whether their sites will send untrusted data as part of an output stream.

    Untrusted input can come from, but is not limited to,

    * URL parameters
    * Form elements
    * Cookies
    * Databases queries

    A combination of steps must be taken to mitigate this vulnerability. These steps include

    1. Explicitly setting the character set encoding for each page generated by the web server
    2. Identifying special characters
    3. Encoding dynamic output elements
    4. Filtering specific characters in dynamic elements
    5. Examine cookies


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
About us
Applying for a job can be a stressful and frustrating experience, especially for someone who has never done it before. Considering that you are competing for the position with a at least a dozen other applicants, it is imperative that you thoroughly prepare for the job interview, in order to stand a good chance of getting hired. That's where GeekInterview can help.
Interact