I'm looking for a complete list of security guidelines for programming and deploying PHP web sites and applications on an Apache (Linux) server. Basically, a "security check list" to run through before finishing a project. I.e.,
I did some searching on the internet and in this forum, but couldn't find a comprehensive, succinct, and complete list of guidelines.
Thanks in advance.
OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.
The Open Web Application Security Project (OWASP) provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.
Dynamic Application Security Testing (DAST) DAST tools take a black box testing approach. They execute code and inspect it in runtime, detecting issues that may represent security vulnerabilities.
I'd say you should find plenty of informations on the OWASP website, on the matter of vulnerabilities in web applications, and informations on how to help make yours more secure.
(But there is so much to say about that subject that you might actually get "more" informations than you'd first like...)
Check out this link "Seven habits for writing secure PHP applications":
http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html
The IBM articles are always very useful, thanks.
PS: also this "Recommended PHP reading list"
http://www.ibm.com/developerworks/opensource/library/os-php-read/#security
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With