Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Abdulyar2016-11-24 17:28:50
PHP
Abdulyar, 2016-11-24 17:28:50

What are the first steps in checking the security of a PHP web application?

Your development team asks you to check your newly written web application for security. The web application is very dynamic and includes modules like booking, reservation, payment, authentication, registration, etc.
The use of static and dynamic code analyzers is not allowed.
Question : What patterns to look for in the code, what to look for, any first steps to assess security.
Thank you.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
O
OnYourLips, 2016-11-24
@Abdulyar

Incorrect templating settings, gluing query pieces as strings, no action rights check at the very beginning of each controller action, no owner check when linking the target object to the selected one, deliberately left bookmarks (suspicious places where the code is unreadable).

Report
M
Max, 2016-11-24
@MaxDukov

take OWASP top 10 and read first

Similar questions
A
Alexander Belokamensky2015-09-21 23:25:02
I need to connect the payment method on the site, the currency is Shekel (Israel), how to do it? 0Reply
N
Nikelamoc2015-09-22 00:23:14
How to process 2 arrays less resource-intensive? 2Reply
K
kimqar342534262021-06-06 22:04:39
Php how to write this algorithm? 1Reply
M
Maxima2010-12-12 00:56:02
OpenID - without dancing and dancing PHP / Javascript 2Reply
V
Vitaly Komlev2010-12-13 23:47:11
Securely embed video in post text 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question