Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
What core php.ini file settings we need to pay much attention in terms of improving security?
Want to improve this post? Provide detailed answers to this question, including citations and an explanation of why your answer is correct. Answers without enough detail may be edited or deleted.
You can begin with:
http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html
it has a lot of practices to start dealing with security.
This link provides several issues to start with such as:
XSS
SQL injection
File uploads
Including local and remote files
eval()
Cross-site request forgery - CSRF
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I know how to build a site. But I don't know how to save it from a hacker.
You can spend ages on this, but assuming you're starting from scratch, I'd go with the following:
Read your framework/language security guide. For example if you're writing the web app in PHP/Symfony, read https://symfony.com/doc/current/book/security.html and https://secure.php.net/manual/en/security.php (this should be short and easy application of best practices / tweaking known settings)
Read anything relevant on OWASP. It may be hard to do all of it, but some sections to point out are: Top 10 web issues, Development guide, Cheat sheets.
Keep applying what you learned and read more :)
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 5 years ago.
Improve this question
I see that sonarQube can be used for measuring code quality and for finding security vulnerabilities. I am having hard time deciding whether to replace the custom-build BDD security testing scenarios with sonarQube testing for my backend services. BDD testing usually takes longer than the sonarQube analysis. I would appreciate your suggestions on this.
Thanks
These two things are complementary. I wouldn't stop either in favor of the other.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
If you are making a Website which will not support IE8 and all browsers older then that. Whats the best practice for that? Should there just be an alert and the Site should show anyways (and look bad) or should the site completly be replaced by a warning?
Personally the approach I would take is similar to that of viewing a website on a mobile device, sometimes you will get a warning saying the website is not compatible. I.E like you said replace the website with a warning, possibly suggesting that the user updates their browser. Hope this helps!
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I was wondering if ServiceStack caching api works with AppFabric or if someone has done something similar already.
I don't think you have an implementation out of the box, but you do have an Azure Cache implementation, which has all that you might need to implement one yourself.
If you have already used DataCacheFactory, DataCache, etc. is not a big deal. ICacheClient has just a couple of short methods to implement.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I know that when you submit an application for Apple Store, it gets tested: if they find a vulnerability the application gets reject.
How do they do this checking? How accurate is it? What vulnerabilities are most likely to get accepted, fooling the test?
Apple isn't the only one, Mozilla also does this for their add-ons. In both cases, its a mix of developers reading though the code aided by static code analysis.