Corpus ID: 13309370

Securing PHP – Approaches to Web Application security

@inproceedings{Malyshev2007SecuringP,
  title={Securing PHP – Approaches to Web Application security},
  author={Stanislav Malyshev},
  year={2007}
}
The security of the web application bases on the security of the underlying layers, such as OS and application platform layers and the application itself. While the OS layer is beyond control of the PHP project, experience shows that the language is to assist developers in developing more secure code and running it in more secure manner. The majority of the problems in PHP applications is caused by the insecure application code [2], which may allow injecting untrusted data into the output (XSS… Expand

References

SHOWING 1-8 OF 8 REFERENCES
Securing web application code by static analysis and runtime protection
TLDR
A lattice-based static analysis algorithm derived from type systems and typestate is created, and its soundness is addressed, thus securing Web applications in the absence of user intervention and reducing potential runtime overhead by 98.4%. Expand
Defending Against Injection Attacks Through Context-Sensitive String Evaluation
TLDR
CSSE works by addressing the root cause why such attacks can succeed, namely the ad-hoc serialization of user-provided input, and provides a platform-enforced separation of channels, using a combination of assignment of metadata to user- provided input, metadata-preserving string operations and context-sensitive string evaluation. Expand
Automatically Hardening Web Applications Using Precise Tainting
TLDR
This paper presents a fully automated approach to securely hardening web applications based on precisely tracking taintedness of data and checking specifically for dangerous content only in parts of commands and output that came from untrustworthy sources. Expand
PHP 6.0 Plans
  • PHP 6.0 Plans
PHP Safe mode, http://www.php.net/features.safe-mode
  • PHP Safe mode, http://www.php.net/features.safe-mode
PHP input filtering
  • PHP input filtering
Ruby variable tainting, http://www.rubycentral.com/book/taint
  • Ruby variable tainting, http://www.rubycentral.com/book/taint
Running PHP on shared hosting, http://hostingfu.com/article/running-php-on-shared-hosting
  • Running PHP on shared hosting, http://hostingfu.com/article/running-php-on-shared-hosting