Getting Started
Nature and Scope of the Problem
Understanding Filtering, Validation,
and Output Escaping
Preventing the Most
Common Forms of Attack
Protecting Against Common
Website Vulnerabilities
Protecting Against
SQL Injection Attacks
About the Author
Protecting against predictable resource location
Change open source defaults
.
phpMyAdmin config
Joomla administrator
etc.
Stay away from obvious names
.
Usernames or roles: admin, administrator, etc.
Database column names: name, password, etc.
Directory paths: installation, config, etc.
Default
php.ini
settings to change
.
session.name
parameter
php.ini
settings which should be set
.
date.timezone
default_charset
php.ini
settings which should
NOT
be set
.
mysqli.default_user, mysqli.default_pw
.
pdo.dsn.*
.
+
o
-