Where can I find a web-project “security checklist

2020-02-23 04:12发布

站内文章 / PHP

24 0

老娘就宠你

女 | 书童

私信

可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效，请关闭广告屏蔽插件后再试):

问题:

Closed. This question is off-topic. It is not currently accepting answers.

Want to improve this question? Update the question so it's on-topic for Stack Overflow.

Closed last year.

I'm looking for a complete list of security guidelines for programming and deploying PHP web sites and applications on an Apache (Linux) server. Basically, a "security check list" to run through before finishing a project. I.e.,

Cross Site Scripting
Cross Site Request Forgery
Sanitize form data that goes into database
Disable register globals and error reporting in custom php.ini
Upload files below web root ...(the list goes on)

I did some searching on the internet and in this forum, but couldn't find a comprehensive, succinct, and complete list of guidelines.

Thanks in advance.

回答1:

Check out this link "Seven habits for writing secure PHP applications":

http://www.ibm.com/developerworks/opensource/library/os-php-secure-apps/index.html

The IBM articles are always very useful, thanks.

PS: also this "Recommended PHP reading list"

http://www.ibm.com/developerworks/opensource/library/os-php-read/#security

回答2:

I'd say you should find plenty of informations on the OWASP website, on the matter of vulnerabilities in web applications, and informations on how to help make yours more secure.

(But there is so much to say about that subject that you might actually get "more" informations than you'd first like...)

回答3:

I think there are two main categories, which should be considered:

Configuration & installation (for example): http://aymanh.com/checklist-for-securing-php-configuration Programming (example): http://www.jemjabella.co.uk/blog/php-security-checklist

Other ideas?