Simple Is Beautiful
      Complication breeds mistakes, and mistakes can create security vulnerabilities. This
simple truth is why simplicity is such an important characteristic of a secure application.
Unnecessary complexity is as bad as an unnecessary risk.
For example, consider the following code taken from a recent security vulnerability
notice:

$search = (isset($_GET['search']) ? $_GET['search'] : '');

?>

This approach can obscure the fact that $search is tainted, particularly for
inexperienced developers. Contrast this with the following:

$search = '';
if (isset($_GET['search']))
{
$search = $_GET['search'];
}
?>

The approach is identical, but one line in particular now draws much attention:
search = $_GET['search'];
Without altering the logic in any way, it is now more obvious whether $search is
tainted and under what condition.


Minimize Exposure

         PHP applications require frequent communication between PHP and remote sources.
 The primary remote sources are HTTP clients (browsers) and databases. If you properly track
data, you should be able to identify when data is exposed. The primary source of
exposure is the Internet, and you want to be particularly mindful of data that is exposed
over the Internet because it is a very public network.
Data exposure isn't always a security risk. However, the exposure of sensitive data should
be minimized as much as possible. For example, if a user enters payment information,
you should use SSL to protect the credit card information as it travels from the client to
your server. If you display this credit card number on a verification page, you are actually
sending it back to the client, so this page should also be protected with SSL.
In this particular scenario, displaying the credit card number to the user increases its
exposure. SSL does mitigate the risk, but a better approach is to eliminate the exposure
altogether by displaying only the last four digits (or any similar approach).
In order to minimize the exposure of sensitive data, you must identify what data is
sensitive, keep track of it, and eliminate all unnecessary exposure. In this book, I
demonstrate some techniques that can help you minimize the exposure of many common
types of sensitive data

نظرات شما عزیزان:

نام :

آدرس ایمیل:

وب سایت/بلاگ :

متن پیام:

نظر خصوصی

 کد را وارد نمایید:

 

 

 

عکس شما

آپلود عکس دلخواه: