Login   Register  
PHP Classes
elePHPant
Icontem

PHP application Security

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      PHP Classes blog  >  Using Grep to Find Se...  >  All threads  >  PHP application Security  >  (Un) Subscribe thread alerts  
Subject:PHP application Security
Summary:an extended view of grepping
Messages:2
Author:user has left the account
Date:2013-05-07 19:10:31
Update:2013-05-09 22:45:49
 

  1. PHP application Security   Reply   Report abuse  
Picture of user has left the account
user has left the account
2013-05-07 20:08:13
Trying to match possible vulnerabilities in a fast manner, using grep is a good approach.

This is more or less how anti-virus applications work, with scanning signatures.

The problme is that nowadays, no hacker with some knowledge, or without any, will use raw php, but rather obfuscated, either hand-crafted or a ready-made script.

The next step is to extend these grep searches for patterns like:

base64_decode(), eval(), etc..

or combinations

  2. Re: PHP application Security   Reply   Report abuse  
Picture of Manuel Lemos
Manuel Lemos
2013-05-09 22:45:49 - In reply to message 1 from user has left the account
Right, as mentioned in the article this is just fast way to determine if scripts have basic vulnerabilities. More complex vulnerabilities require a deeper code analysis.

Still, many people write code with basic vulnerabilities and this technique would be useful to do basic audits of that code.