Hello!
The other day I was compiling a list of resources on web application security for latvian speaking PHP developer forum php.lv/f and to my surprise (unlike in other categories) I could not find compilation of resources in this huge forum. So here I share what I’ve found so far:
http://www.scanit.be/uploads/php-file-upload.pdf is a good read on file upload security. I see so many tutorials (and advice given on these forums regularly) from people that don’t realise that there are ways to circumvent many of the simple upload tests suggested.
Abstract
In this paper, we compare the security weaknesses and usability limitations of both cookiebased session management and HTTP digest authentication; demonstrating how digest authentication is clearly the more secure system in practice. We propose several small changes in browser behavior and HTTP standards that will make HTTP authenti*cation schemes, such as digest authentication, a viable option in future application development.
This thread would be greatly improved if those in the know can supply sitepoint fans a long list of reputable web security companies or programmers we may hire in order to secure or fix our sites.
All this info. is good. But if u run a business and don’t know how to program, you should have a list of security experts you can hire to secure your business’ website.
Qualys is offering anyone their product QualysGuard:
Thousands of web sites are infected with malware daily, propagating the infection to visitors of their web sites at an increasing speed. To combat these threats, QualysGuard® Malware Detection is a FREE service that proactively scans web sites of any size, anywhere in the world for malware infections and threats. QualysGuard Malware Detection provides businesses with automated alerts and in-depth reporting for effective remediation of identified malware to help businesses protect their web sites and web site visitors from malware.