Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
Abdulyar2016-11-24 17:28:50
PHP
Abdulyar, 2016-11-24 17:28:50

What are the first steps in checking the security of a PHP web application?

Your development team asks you to check your newly written web application for security. The web application is very dynamic and includes modules like booking, reservation, payment, authentication, registration, etc.
The use of static and dynamic code analyzers is not allowed.
Question : What patterns to look for in the code, what to look for, any first steps to assess security.
Thank you.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

2 answer(s)
Report
O
OnYourLips, 2016-11-24
@Abdulyar

Incorrect templating settings, gluing query pieces as strings, no action rights check at the very beginning of each controller action, no owner check when linking the target object to the selected one, deliberately left bookmarks (suspicious places where the code is unreadable).

Report
M
Max, 2016-11-24
@MaxDukov

take OWASP top 10 and read first

Similar questions
M
Mikhail Potapenkov2016-06-13 18:20:30
On initial startup, the OS issues a blue screen 0x0000007B. What does it mean? 4Reply
W
WebforSelf2021-03-23 23:45:26
How to start server after centos 7 backup, vestacp? 3Reply
A
Anholle2019-09-09 11:37:42
How to set up a filter in the feedback form? 0Reply
S
sl02020-09-28 23:18:33
Is it possible to make a background like this with pure css? 3Reply
A
Artem Gvozdev2018-11-28 11:53:31
Using the weather API? 3Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question