Saturday

Vulnerability Testing in php application

    After developing your own web application it is must to check for vulnerabilities in it. Vulnerability create a backdoor entry & unauthorised access to your application.
    There are many open source tools available to scan for vulnerability.Now let us see how Rips ( A static code analyser for vulnerabilities in php) works.This tutorial helps beginners to know more about their code. Download Rips from here it doesn't need any installation, just run it from browser " http://locahost/rips" .

    
   Enter the path of the file and click scan. There are different verbosity level, which scan based on different constraints.
   
   
  Basic Vulnerabilities:
 
1.    $name = $_POST['name'];
     mysql_query("insert into mytable values('$name')");
      
        Don't insert the values you get from user directly into database, it will make a way to SQL injection.
         So,we have to remove unwanted symbols in the input data.
           
         mysql_real_escape_string($name);
  
    The PHP team recommends mysqli or PDO_MySQL for new development. Mysqli is supported in php5 - know more.

2.    $con=('localhost','root','pwd');
      mysql connection must be closed before the application ends.
          mysql_close($con);
   

0 comments:

Post a Comment

Don't Forget To Join US Our Community
×
blogger