Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Where can I find a web-project "security checklist?" [closed]

Tags:

security

php

xss

I'm looking for a complete list of security guidelines for programming and deploying PHP web sites and applications on an Apache (Linux) server. Basically, a "security check list" to run through before finishing a project. I.e.,

  1. Cross Site Scripting
  2. Cross Site Request Forgery
  3. Sanitize form data that goes into database
  4. Disable register globals and error reporting in custom php.ini
  5. Upload files below web root ...(the list goes on)

I did some searching on the internet and in this forum, but couldn't find a comprehensive, succinct, and complete list of guidelines.

Thanks in advance.

like image 269
user297159 Avatar asked Mar 19 '10 08:03

user297159

People also ask

What is Owasp checklist?

OWASP based Web Application Security Testing Checklist is an Excel based checklist which helps you to track the status of completed and pending test cases.

Which org is working Securing web projects?

The Open Web Application Security Project (OWASP) provides free and open resources. It is led by a non-profit called The OWASP Foundation. The OWASP Top 10 - 2021 is the published result of recent research based on comprehensive data compiled from over 40 partner organizations.

Which testing can be used to check the security of a website?

Dynamic Application Security Testing (DAST) DAST tools take a black box testing approach. They execute code and inspect it in runtime, detecting issues that may represent security vulnerabilities.

2 Answers

I'd say you should find plenty of informations on the OWASP website, on the matter of vulnerabilities in web applications, and informations on how to help make yours more secure.

(But there is so much to say about that subject that you might actually get "more" informations than you'd first like...)

like image 162
Pascal MARTIN Avatar answered Sep 21 '22 13:09

Pascal MARTIN

Check out this link "Seven habits for writing secure PHP applications":

http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html

The IBM articles are always very useful, thanks.

PS: also this "Recommended PHP reading list"

http://www.ibm.com/developerworks/opensource/library/os-php-read/#security

like image 26
user248810 Avatar answered Sep 19 '22 13:09

user248810
Sign in to Comment

Related questions

Compatible encryption between C# and PHP, ColdFusion, Ruby, Python
Possible circular dependency issue with PHP application
Are Dynamic Prepared Statements Bad? (with php + mysqli)
Delaying execution of PHP script
SOAP WSDL Associative Arrays
Can a model have multiple tables in CakePHP?
PHP include file extension best practices
What are the Practical Differences Between "associate" and "indexed" Arrays in PHP?
Effective compression in AS3 to be transeferred to PHP
Can a PHP script start another PHP script and exit?
apc.filters by path?
PHP Conditional Followed by Closing Tag
Header order question in PHP (and HTTP in general)
How to modify existing excel file using PHP?
Mysqli throws "Warning: mysqli_stmt_bind_param() expects parameter 1 to be mysqli_stmt, boolean given" [duplicate]
How can i "unset" a class that has been declared
What does "&" mean in this case?
How to catch the exit() event in PHP?
Remove Parent in PHP Multidimensional Array
Debugging a Browser Redirect Loop

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!