Chris Shiflett is the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.
We are always looking for interesting articles
about MySQL! Have you written something and would like to it published
here? Please contact us via feedback form »
Essential PHP Security: Chapter 2, Forms and URLs
By Chris Shiflett
Chapter 2, Forms and URLs
This chapter discusses form processing and the most common types of
attacks that you need to be aware of when dealing with data from forms
and URLs. You will learn about attacks such as cross-site scripting
(XSS) and cross-site request forgeries (CSRF), as well as how to spoof
forms and raw HTTP requests manually. By the end of the chapter, you
will not only see examples of these attacks, but also what practices you
can employ to help prevent them.
Vulnerabilites such as cross-site scripting exist when you misuse
tainted data. While the predominant source of input for most
applications is the user, any remote entity can supply malicious data to
your application. Thus, many of the practices described in this chapter
are directly applicable to handling input from any remote entity, not
just the user.
Read On
To download the entire chapter in PDF format, click here » (no registration required!)