|
Question for my PHP people out there.
|
12-24-2020, 12:50 PM
Question for my PHP people out there,
So i just started learning PHP and I was wondering do you guys actually look for vulns like LFI while writing a functional code or you just look up the secure ways of writing PHP? 
12-24-2020, 09:22 PM
I'm not totally sure I understand your question, but I'll answer it as best as I can. This kind of question applies to any programming language. There's two general ways you can go about coding a program. The first is coding your program to be functional and then securing it later once it's working. The second is following good coding practices and doing things securely while you're coding. So in your example, you can code your PHP script until you're done and then try to secure it. Or you can code it in a way that's secure from the beginning. The best thing to do in 99% of cases is to code in a secure way as you go. Trying to attach security as an afterthought is a bad idea. There's plenty of cases where it introduces vulnerabilities if you care to look.
12-24-2020, 10:56 PM
In my opinion, if you're going to code anything which might be used in production or have a potential to be targeted. Always code with security as focus/perspected. "Secure programming"/"Security Oriented" programming.
But it's always best to keep the best of both worlds. When you're done coding you could always try to break it/hack it yourself. (12-24-2020, 09:22 PM)DeepLogic Wrote: I'm not totally sure I understand your question, but I'll answer it as best as I can. This kind of question applies to any programming language. There's two general ways you can go about coding a program. The first is coding your program to be functional and then securing it later once it's working. The second is following good coding practices and doing things securely while you're coding. So in your example, you can code your PHP script until you're done and then try to secure it. Or you can code it in a way that's secure from the beginning. The best thing to do in 99% of cases is to code in a secure way as you go. Trying to attach security as an afterthought is a bad idea. There's plenty of cases where it introduces vulnerabilities if you care to look. Thank you...  (12-24-2020, 10:56 PM)Insider Wrote: In my opinion, if you're going to code anything which might be used in production or have a potential to be targeted. Always code with security as focus/perspected. "Secure programming"/"Security Oriented" programming. Thank you for sharing 
12-25-2020, 10:05 PM
(12-24-2020, 09:22 PM)DeepLogic Wrote: I'm not totally sure I understand your question, but I'll answer it as best as I can. This kind of question applies to any programming language. There's two general ways you can go about coding a program. The first is coding your program to be functional and then securing it later once it's working. The second is following good coding practices and doing things securely while you're coding. So in your example, you can code your PHP script until you're done and then try to secure it. Or you can code it in a way that's secure from the beginning. The best thing to do in 99% of cases is to code in a secure way as you go. Trying to attach security as an afterthought is a bad idea. There's plenty of cases where it introduces vulnerabilities if you care to look. Ya. there are two ways to do this... but 1 of them is definitely the wrong way. |
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| php random_bytes and padding | mhiats37 | 0 | 15,607 |
04-28-2019, 08:58 PM Last Post: mhiats37 |
|
| Finding vulnerabilities in PHP scripts | Insider | 7 | 51,092 |
10-12-2018, 05:31 PM Last Post: Insider |
|
| PHP Programing Books | Lumi | 3 | 29,961 |
08-22-2016, 09:32 PM Last Post: Vector |
|
| High Performance PHP | Lumi | 0 | 18,773 |
08-21-2016, 10:39 PM Last Post: Lumi |
|
