Miscellaneous
  Home arrow Miscellaneous arrow The PAVISE of Security
Codewalker Forums 
  Tutorials  
Database Articles  
Miscellaneous  
Navigation Usability  
PEAR Articles  
Programming Basics  
Server Administration  
XML Tutorials  
  Reviews  
Database Book Reviews  
Linux Book Reviews  
Miscellaneous Reviews  
PHP Book Reviews  
PHP Software Reviews  
Server Admin Reviews  
SQL Tool Reviews  
  Code Gallery  
Content Management Code  
Contest Code  
Counters Code  
Database Code  
Date Time Code  
Discussion Board Code  
Email Code  
File Manipulation Code  
GUI Code  
Link Farm Code  
Miscellaneous Code  
Search Code  
Site Navigation Code  
User Management Code  
Forums Sitemap 
Dedicated Servers  
Download TestComplete 
IBM® developerWorks
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
MISCELLANEOUS

The PAVISE of Security
By: notepad
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: 5 stars5 stars5 stars5 stars5 stars / 2
    2006-07-28

    Table of Contents:
  • The PAVISE of Security
  • Privacy
  • Administration
  • Validation
  • Integrity
  • Sociology
  • Environment
  • Closing
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
     
    ADVERTISEMENT

    The PAVISE of Security
    (Page 1 of 8 )

    Join notepad as he tours safe coding practices. He presents an easy to remember mnemonic which explains each component to help keep secure coding practices at the forefront in your development.Why PHP Gets a Bad Reputation

    PHP is certainly not bug free as it has had its share of vulnerabilities, but for the most part PHP gets a bad reputation from popular scripts which use "PHP" in their name even though they are not affiliated in any way with the PHP team itself. Example applications might include phpBB, or phpMyAdmin. The developers behind these and other projects have been asked on more than one occasion to stop using "PHP" as part of their name, and are in violation of the PHP license by repeatedly ignoring the requests. Don't get me wrong, these scripts are great contributions to the community, but consider how it reflects on PHP as a language whenever a vulnerability pops up, even though that vulnerability is far more often than not due to poor coding practices.

    The point I am trying to make is that PHP itself is a very secure language, and anyone who says otherwise simply isn't involved enough to know any better; their arguments are more than likely fallible. The biggest problem with exploitable scripts are the people programming them. Because PHP is such an easy language to learn, people tend to jump right in without ever learning the "best practices" or proper techniques. Others may not prefer PHP as their primary language, and only use it (improperly, unfortunately) as their job requires.

    What This Tutorial Is

    There are many different aspects of development that every PHP programmer should be aware of regarding security; the point of this tutorial is to help you easily memorize a checklist of such which you should reference in every application that you develop. After absorbing this information, you should be able to sit down with any client and assure them with complete confidence that you're a security conscious developer. Additionally, this tutorial should help you think out of the box and allow you to audit yours and others code in an efficient and well organized manner.

    What This Tutorial Is Not

    This is not an in depth or fool-proof guide as there are many topics I have chosen not to cover and new topics which are appearing all of the time; however, the topics discussed are those I believe to be fundamental. Ultimately, your skill as a security conscious developer will only grow with perseverance, continuous education and a creative mind.

    Why PAVISE?

    The word pavise is defined as a large shield covering the whole body which was used in medieval times; it is an easy word to remember (especially for a security related article) and will act as an acronym for the different topics I want to cover, which are: Privacy, Administration, Validation, Integrity, Sociology and Environment.

    Next: Privacy >>
     

    More Miscellaneous Articles
    More By notepad


       · Long awaited and worth the wait.Thanks for the effort. It is well-written,...
       · It is important not to trust anything coming from the client and always validate on...
     
    >>> Post your comment now!
     

    MISCELLANEOUS ARTICLES

    - Stopping CSRF Attacks in Your PHP Applicatio...
    - Quick and Dirty AJAX Tutorial
    - Flickr Puzzle Mashup
    - The PAVISE of Security
    - Creating a CAPTCHA with PHP
    - Sending SMS Thru HTTP
    - The Postal Fix - Part 2
    - Adding Mail with Exim
    - The Postal Fix - Part 1
    - Create Your Own Custom API
    - Adding Drop Shadows with PHP
    - Writing a Basic Authentication System in PHP
    - Overlapping Images with GD
    - Using Sockets in PHP
    - Dynamic CSS with PHP
    Find More Miscellaneous Articles

     
    Accelerating Trading Partner Performance
     
    Competing on Analytics
     
    Cost Effective Scaling with Virtualization and Coyote Point Systems
     
    Five Checkpoints to Implementing IP Telephony
     
    Hosted Email Security: Staying Ahead of New Threats
     




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 4 hosted by Hostway