Securing my first CI website

Securing my first CI website

El Forum
Unregistered

02-17-2010, 11:03 AM

[eluser]JoostV[/eluser]
In addition, global_xss_filtering only filters against XSS attacks. There are numerous more vulnerabilities you should guard your app against: CSRF & SQL injection, session hijacking, PHP code inclusion, etc. Not to mention configuration vulnerabilities such as register_globals = on, which is still default on some shared hosts.

Google for PHP security

And never, ever forget to filter input, escape output. Have fun Smile

Messages In This Thread

Securing my first CI website - by El Forum - 02-17-2010, 05:25 AM

Securing my first CI website - by El Forum - 02-17-2010, 06:33 AM

Securing my first CI website - by El Forum - 02-17-2010, 11:03 AM

Securing my first CI website - by El Forum - 02-17-2010, 04:10 PM

Securing my first CI website - by El Forum - 02-17-2010, 05:31 PM

Securing my first CI website - by El Forum - 02-17-2010, 06:03 PM

Securing my first CI website - by El Forum - 02-18-2010, 05:49 AM

Securing my first CI website - by El Forum - 02-18-2010, 07:50 AM

Securing my first CI website - by El Forum - 02-20-2010, 05:43 AM