Using PHP? Watch out for your security!

Excellent post on Security Focus by Kelly Martin called PHP apps: Security’s Low-hanging Fruit which is a worthwhile read for anyone using applications written in PHP, just like WordPress for example. The article talks about the rise in popularity of PHP, the subsequent increase in PHP-based applications and the problems brought about by less-experienced coders contributing to Open Source projects. Apparently PHP applications accounted for about 43% of all security incidents in 2006 which is a pretty staggering statistic.

Here’s one of the scenarios he painted:

There are all sorts of automated scripts out there that search for vulnerable PHP applications, exploit them when found, and then automatically download a set of phishing HTML files and images that make John’s Awesome Blog suddenly look like the Bank of America’s login page. This also happens with ASP and Perl applications too, as well as those written in other languages, but today PHP is far more popular a target. That website owner, John, might be held responsible too if there weren’t dozens of these incidents each day.

Pretty scary huh? Well it’s worth paying head to the article so check it out!

2 comments

  1. It’s a great article and I will definitely be looking for any issues with my PHP, but what are we supposed to do in the meantime? I didn’t see any solutions or safeguards that would help us right now.

  2. I think it’s a matter of being aware of the issues. The main thing would be to make sure you’re always running the latest version of your software (and plugins) . It’s easy to be complacent and just assume you’re secure when you really have to be a bit more paranoid about things

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.