I am creating what amounts to a pretty basic PHP application. I am doing this because I want to learn important concepts in PHP programming and in securing PHP applications for a much bigger project that I have.
So I've been doing my best to read up on different ways of securing PHP applications against different types of attacks and so I think I have found out what appears to be the best ways of preventing these two types of attacks.
Session hijacking: Create an encrypted session id that has to be matched to the decrypted id for that user. (decrypted ID stored in the database?)
CSRF: Create a random code after every request and making sure this matches the next request. (where would this be stored? One in the database and one as a session variable?)
Any comments/help/additional reading you guys can give me on this would be great.
visionviperMember Since 25 Sep 2011
Offline Last Active Dec 15 2011 11:31 AM
- Group Just Joined
- Active Posts 5
- Profile Views 2572
- Member Title CC Lurker
- Age 30 years old
- Birthday July 11, 1989
visionviper hasn't added any friends yet.