Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Web-App-Sec
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Languages/platforms used for Web apps. Any stats?

from [Steve McCullough] Network Security [Permanent Link]
Subject: Re: Languages/platforms used for Web apps. Any stats?
Date: Sun, 26 Jun 2005 07:42:55 +0000 
In my experience, most web hosting companies try to limit the ability of
scripts to compromise their servers (by, for instance, denying the
script daemon write access to the filesystem), and leave the security of
the application logic up to the customer.

This compartmentalization generally also means that the customers have
to trust that the hosting provided uses well-configured, well-monitored,
well-patched servers.

Steve

-- 
Steve McCullough
web developer, S.M.U.T. Magazine > www.showmethesmut.com



focus@karsites.net wrote:

One of the major problems with PHP and other server sided 
languages provided by web hosting services is the fact 
that the web hosting provider has no control over the code 
written by their customers. This leads to all sorts of 
security holes being left wide open. The most obvious one 
is not checking variable content submitted by user forms.
I cannot see any way around this. 

The customer, possible a newbie to SSS, wants PHP or ASP 
available on their website, so they can experiment with 
writing scripts. The hosting providers offer the required 
SSS language to attract business.

The hosting provider has no idea what scripts their 
customers are writing, and uploading to the hosts server.

Seems like a recipe for disaster to me really.

Just my 2 cents.

Keith Roberts

http://www.karsites.net/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Should login pages be protected by SSL?, Simon Zuckerbraun
Next by Date:  Re: Languages/platforms used for Web apps. Any stats?, Steve McCullough
Previous by Thread:  Re: Languages/platforms used for Web apps. Any stats?, focus
Next by Thread:  Re: Languages/platforms used for Web apps. Any stats?, Rob Lanphier
Indexes:  [Date] [Thread] [Top] [All Lists]