Comments on: Top Ten Security Vulnerabilities in PHP Code !

By: Lakshmikanth

Lakshmikanth — Wed, 29 Jul 2009 10:23:37 +0000

pls include the vulnerabilities of remote file inclusion

By: Joe

Joe — Wed, 20 May 2009 09:00:53 +0000

You can also try using automated blackbox approach using fuzzing to find vulnerabilities in your code. I had very good results with mine PHP applications. ‘Securing PHP Web Applications’ by Tricia Ballad; William Ballad mentions some good fuzzers. I recommend Powerfuzzer.

By: rochakchauhan

rochakchauhan — Wed, 03 Sep 2008 07:24:01 +0000

Sorry for the confusion, no offense to David Sklar. I have explained him the situation personally. The idea was to share and spread the word. But I guess I owe an apology for NOT including the credits.

I have added the credits in the post now. You all are requested to make use of the information and thank David (http://www.sklar.com)

By: Jeff Carouth

Jeff Carouth — Mon, 01 Sep 2008 16:34:16 +0000

Seriously, have some integrity and give credit where it is due. While some people may praise you for this, it is despicable practice and reflects poorly on yourself as an individual and your company. Do the right thing.

(See post by Chris Shiflett for a link to the original copy by the _real_ author of this post)

By: Ivan Jovanovic

Ivan Jovanovic — Mon, 01 Sep 2008 15:02:19 +0000

Stealing just shouldn’t be done Someone spent lot of time getting to know these things and even was kind to share them with use that know less than him. Plagiarism of this kind is just the worst.

By: Joseph Crawford

Joseph Crawford — Mon, 01 Sep 2008 14:53:17 +0000

Wow why would you steal something like this then not give credit where credit is due. This was a great article David!!! Cannot believe people still plagiarize work like this.

By: Chris Shiflett

Chris Shiflett — Mon, 01 Sep 2008 14:41:05 +0000

Stealing other people’s work without providing attribution is the worst form of plagiarism.

http://www.sklar.com/page/article/owasp-top-ten

By: frank

frank — Sun, 31 Aug 2008 06:41:45 +0000

with regards to xss; you might also consider looking into http://htmlpurifier.org/, a great whitelist-filtering component which can be used if you want to allow your users to use some code (html) in what they submit.

By: Michael Hendrickx

Michael Hendrickx — Fri, 01 Aug 2008 16:48:14 +0000

Most of these are not application in PHP6 anymore, but still.. nice post!