I have a web application written in PHP which runs on a dedicated server in my office. I was looking at this video on the OWASP.org website and it has be concerned about the security of my application. My biggest concern is the threat of somebody hijacking an authenticated user's PHP session.
Introduction This cheat sheet provides a checklist of tasks to be performed during blackbox security testing of a web application. Purpose This checklist is intended to be used as an aide memoire for experienced pentesters and should be used in conjunction with the OWASP Testing Guide.
SQL injection (SQLi) is an application security weakness that allows attackers to control an application’s database – letting them access or delete data, change an application’s data-driven behavior, and do other undesirable things – by tricking the application into sending unexpected SQL commands. SQL injections are among the most ... ABOUT OWASP The OWASP Foundation came online on December 1st, 2001 it was established as a not-for-profit charitable organization in the United States on April 21, 2004, to at OWASP. OWASP is an international organization and the OWASP Foundation supports OWASP efforts around the world. OWASP is an open community dedicated to enabling The Open Web Application Security Project (OWASP) is a non-profit organization that provides unbiased information about threats to application security along with an OWASP Top Ten list of the most critical security flaws in web applications – the ones that are often the easiest for attackers to find and exploit.
One of my favorite OWASP references is the Cross-Site Scripting explanation because while there are a large number of XSS attack vectors, the following of a few rules can defend against the majority of them greatly! This is PHP Security Cheat Sheet Open Web Application Security Project (OWASP) – The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software. Our mission is to make application security "visible," so that people and organizations can make informed decisions about application security risks. The OWASP Top 10 is a list of flaws so prevalent and severe that no web application should be delivered to customers without some evidence that the software does not contain these errors. The following identifies each of the OWASP Top 10 Web Application Security Risks, and offers solutions and best practices to prevent or remediate them. 1 ...