Saturday, 16 April 2016

Secure PHP Application Development Considerations.

For any Web application development ( PHP, Java or .Net), Security wise we must consider 2 major things.

  • First one is Secured Hosting
  • Second is Coding level standards & secured code

Application hosting is very important in any web application. Without any security in web hosting level, there is no meaning to hosting the application. So we carefully select the best hosting service providers.

So many things we consider the development of PHP web application.

1) Disable the PHP Error Reporting  in Production:

Ex: error_reporting(0);

If any Issues, Warning and Errors are displayed in the application, that error represents the folder path, file name & line number. Then public user easily identify the folder & file system of the application. This is also one of the source to attack the application. So use error_reporting(0); in production servers.

2)  Limit Restrictions

PHP authentication point of view, must follow the server hitting limitations.

Ex: Suppose an anonymous user login to the application with different passwords, In any of the scenario he was  succeed to authenticate the application.

In this way we restrict the anonymous user, with limited hitting  to the application. So easily restrict the login hackers.

3) MySQL Data Injecting

Data injection is very sensitive and common issue in any application. This is accruing through browser URL's or AJAX requests.

To prevent this injection, use sprintf(), prepared statements and Mysql Real Escape String methods.

4) Input Validation

In any PHP application forms, we know what kind of data you are expecting on input, based on that follow the client side and server side validations. Then easily protect the application against the attacks.

5)  XSS Attacks

To prevent this attacks, to filter the data with some predefined keywords.

 preg_match(), filter_var() and htmlspecialchars()

Generally these type of attacks are happens to executed with client side scripting. 



No comments:

Post a Comment