OT PHP crew

Discussion in 'OT Technology' started by Leb_CRX, May 17, 2006.

  1. Leb_CRX

    Leb_CRX OT's resident terrorist

    Joined:
    Apr 22, 2001
    Messages:
    39,994
    Likes Received:
    0
    Location:
    Ottawa, Canada
    ok so i'm currently working on a major app for one of my clients, and security testing has been brought up...here's what i've identified as potential problems, hoping I can get some more knowledable folks to point out areas I've missed

    besides the obvious (security holes in apache (if any)) , the server being prone to DOS attacks ... we have mysql port drop on the firewall so only access from localhost, and ssh has a diff port #

    we have with the actual app
    -Unanticipated navigation path
    -session hijacks
    -sql injeciton
    -post/get tamperage to gain a diff role (admin, etc)
    -Man-in-the-middle packet interception
     

Share This Page