Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Languages/platforms used for Web apps. Any stats?

from [focus] Network Security [Permanent Link]
Subject: Re: Languages/platforms used for Web apps. Any stats?
Date: Sat, 25 Jun 2005 06:51:31 +0100 (BST) 

One of the major problems with PHP and other server sided 
languages provided by web hosting services is the fact 
that the web hosting provider has no control over the code 
written by their customers. This leads to all sorts of 
security holes being left wide open. The most obvious one 
is not checking variable content submitted by user forms.
I cannot see any way around this. 

The customer, possible a newbie to SSS, wants PHP or ASP 
available on their website, so they can experiment with 
writing scripts. The hosting providers offer the required 
SSS language to attract business.

The hosting provider has no idea what scripts their 
customers are writing, and uploading to the hosts server.

Seems like a recipe for disaster to me really.

Just my 2 cents.

Keith Roberts

http://www.karsites.net/

On Fri, 24 Jun 2005, Benjamin Livshits wrote:


Many vulnerabilities reported on SecurityFocus.com daily involve PHP
programs. I was wondering if that's a reflection of the fact that many Web
apps out there are written in PHP. Or is it that vulnerabilities in
proprietary apps that is written in Java or C# simply doesn't make it to
SecurityFocus.com?

Thanks.
-Ben
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Languages/platforms used for Web apps. Any stats?, Andrew van der Stock
Next by Date:  Re: Languages/platforms used for Web apps. Any stats?, Rob Lanphier
Previous by Thread:  Re: Languages/platforms used for Web apps. Any stats?, Andrew van der Stock
Next by Thread:  Re: Languages/platforms used for Web apps. Any stats?, Steve McCullough
Indexes:  [Date] [Thread] [Top] [All Lists]