Vulnerabilities and attacks on the web?

T

TheHorse2012-11-28 14:52:37

CodeIgniter

TheHorse, 2012-11-28 14:52:37

Good day.
I'm using CodeIgniter with XSS filters, filtered DB queries, don't trust inputs; know about/believe protected from: XSS, php/sql-inject, HTTP Response Splitting, CSRF. The site works on HTTPS.
But I need a little more paranoid protection. And so I ask:
1. What other popular types of vulnerabilities are there in the context of websites?
2. What are some security jokes about php itself?
3. Where to read about all this?

Reply

Answer the question

In order to leave comments, you need to log in

9 answer(s)

S

Sergey Ozeransky, 2012-11-28
@KREGI

Directory Permissions... Exposing Paths...

F

FurryCat, 2012-11-28
@FurryCat

Check out the site www.owasp.org
It is designed to answer just such questions. True, it is in English.

S

stan_jeremy, 2012-12-01
@stan_jeremy

It would be easier if you showed the site, and people would look at it%)

G

Gleb Starkov, 2012-11-28
@colonel

display_errors was not mentioned

[

[email protected]><e, 2012-11-28
@barmaley_exe

clickjacking

L

lubezniy, 2012-11-28
@lubezniy

Maybe an executable downloaded as a picture? True, this is an attack, rather, on the client browser than on the server,

M

Mike_Bazhenov, 2012-11-28
@Mike_Bazhenov

is there ajax? Also check that you don’t do too much without authorization ...

P

Pushkind, 2012-11-28
@Pushkind

Clickjacking (X-Frame-Options header), DOM XSS, look at the Content Security Policy, useful stuff.

L

Luka Safonov, 2012-11-30
@LukaSafonov

Credential/Session Prediction
XML External Entity Attacks
LFI over PHPinfo
Weak passwords