Thread: Testing PHP – Security Testing

Hi,
What all aspects are steps one has to take and consider while doing security testing of a PHP application?

Regards,
RyanJames

One of the aspects to take care of is login page security testing namely validation of userid and password has it been done without any loopholes for error or hacking into the system. Some other things like per page security checks and so on can be done based on the application which is taken for testing.

Hi timmy,

PHP will come under the web application, so we have to concentrate more on SQL and Java injection. other than this we have to do penetrate testing for the login page.

Try the Top 10 Web application vulnerabilities

well, you have to test first for the javascript functionalities used in your application..
Second thing is url testing..I mean directly putting login url of diffrent accounts..there should be validations on these test points..

SQL Inection is the suitable way to test the Security level all web Applications.

Hi !

Can you elaborate more on security testing,

rgds
Sanju

Any data inserted into an output stream originating from a server is presented as originating from that server, even if it does not include malicious tags. Web developers must evaluate whether their sites will send untrusted data as part of an output stream.

Untrusted input can come from, but is not limited to,

* URL parameters
* Form elements
* Cookies
* Databases queries

A combination of steps must be taken to mitigate this vulnerability. These steps include

1. Explicitly setting the character set encoding for each page generated by the web server
2. Identifying special characters
3. Encoding dynamic output elements
4. Filtering specific characters in dynamic elements
5. Examine cookies