week 5

Security

specific problems that we will discuss are,

coding vulnerabilities,
bad scripting leaving backdoors,
SSL,
password liabilities

Coding vulnerabilities

These issues occur when developers have created scripts and coding that can be changed/edited to enable operations that had not been intended to be used or created to be run. For example where strings of data have not been sanitised to remove any invalid characters that could make an operation fail or display sensitive data and even grant access to restricted areas.

Bad scripting leaving backdoors

When creating PHP pages, developers have use error reporting to enable them to get PHP error messages to potential areas of the problem so that they can update, change and edit the scripts to enable them to work, however, these codes can provide links to folders and file locations that can provide backdoors in to a system.

SSL

SSL commonly know as Secure Sockets Layer is a secure link between a server and a client machine. This connection uses encryption to ensure that the information that is sent be the server is protected (to a certain degree) from malicious attack, alteration or interception. Websites that use SSL will have URL's that have padlocks and https:// protocols in action. The image below demonstrates this in process.

Password liabilities

Access to login pages on a PHP driven website or the database backend will have passwords and username entries. The use and creation of these systems come with an automatic issue, what is hidden becomes a target to those that want to know whats behind the door. It is therefore highly important to ensure that appropriate password measures are in place. Most common issues and liabilities within any system are simple text only passwords. These can be broken quickly by high powered computers.