ZendCon Session Notes - Securing PHP Applications

[dshadow]

This session, presented by Ilia Alshanetsky, covered the most common PHP security mistakes, as found by searches on Google Code Search.

You can get the specific search terms and examples from Ilia's website once he gets the conference slides online, but this is a quick run-down of the issues:

Cross-Site Scripting (XSS)User supplied HTML is

Comments

PHP/XSS scanner

[anonymous]

I recommend having a look at https://chorizo-scanner.com/ (free version available) for solving XSS, PHP issues, information disclosure, SQL injection and more. It's really fast, good looking and acts as a proxy, thus detecting vulnerabilities even in XMLHttpRequests.