Comprehensive Analysis of Secure Coding Standards in PHP Development

Verified

Added on 2023/05/27

AI Summary

This report provides a detailed overview of secure coding standards in PHP, emphasizing the importance of security in web application development. It begins by highlighting cybercrimes that can result from poor coding practices, such as spoofed mail, remote file creation, remote file inclusion, and information disclosure. The report then delves into secure coding standards, including defensive programming techniques, restricted access, intelligent PHP scripts, prevention of error disclosure, and secure input validation. It also discusses the principle of least privileges and the significance of input sanitization and output validation to prevent injection attacks. The conclusion reinforces the benefits of PHP and stresses the need to implement and adhere to these standards to reduce cybercrime frequency. This report provides valuable insights for PHP developers seeking to enhance the security of their applications.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmqwertyuiopasdfghjkl
zxcvbnmqwertyuiopasdfghjklzxc
vbnmqwertyuiopasdfghjklzxcvb
nmqwertyuiopasdfghjklzxcvbnm
qwertyuiopasdfghjklzxcvbnmqw
ertyuiopasdfghjklzxcvbnmqwert
yuiopasdfghjklzxcvbnmqwertyui
opasdfghjklzxcvbnmqwertyuiop
asdfghjklzxcvbnmqwertyuiopasd
fghjklzxcvbnmqwertyuiopasdfgh
jklzxcvbnmrtyuiopasdfghjklzxcv
Secure Coding Standards in PHP
Report
2/15/2019

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Secure Coding Standards in PHP
Table of Contents
Introduction...........................................................................................................................................2
Cybercrime(s) due to Poor Coding........................................................................................................2
Secure Coding in PHP...........................................................................................................................3
Conclusion.............................................................................................................................................3
References.............................................................................................................................................5
1

Secure Coding Standards in PHP
Introduction
There are a number of different programming languages that have been developed. Each of
these programming languages comes with their own coding styles and standards. Security is
one of the primary factors that shall be considered while selecting a programming language
for a specific application or program. It is because poor coding may result in the occurrence
of information security threats and attacks (Hopkins, 2014). The report discusses the
cybercrimes that have occurred due to poor coding and brings out the secure coding standards
and guidelines for PHP programming language.
Cybercrime(s) due to Poor Coding
There are a number of cybercrimes that may occur due to poor coding. One such popular
example is spoofed mail. These are the cyberattacks that may be executed by exploiting the
PHP vulnerabilities in the poorly written code. These codes may facilitate the web application
in sending the fake mails to the users. The header information may be acquired from the code
and the value may then be passed on to the PHP function.
PHP Script to send fake mails (Sahu and Tomar, 2014)
The URL can be easily modified by the malicious entities in the poorly written code to send
the fake mails to the users. The confidential information may then be acquired from the users
which may be misused.
Remote File Creation (RFC) is another form of cyberattack that may occur due to poor
coding in PHP. It is the security vulnerability that may manipulate the root directory of the
server. Improper sanitization of the input values along with the poorly written code may give
shape to the attack. Remote File Inclusion (RFI) and Information Disclosure are the two other
forms of information security and privacy attacks that may occur due to the poorly written
PHP code.
2

Secure Coding Standards in PHP
Secure Coding in PHP
There are different standards and guidelines that the developers may follow to carry out
secure coding in PHP.
One such standard is defensive programming technique. It is the technique that promotes
writing of the PHP programming code in such a manner that the code behaves in a
predictable way irrespective of the inputs that are given. The selection of correct form
submission method is one of the aspects that are promoted in this technique to prevent the
cybercrimes. Restricted access is another parameter that is covered in this technique (Savidis,
2014). It suggests that the configuration files, data files, and scripting pages must be managed
separately and the configuration file shall not be put in the root directory. Intelligent PHP
script is also promoted in this technique that does not allow direct passing of the inputs to the
statements, such as include, require, etc. The prevention of error disclosure from the end
users and the secure input validation are the two other methods that come under the coding
technique and standard.
Principle of Least Privileges is another secure coding standard that may be followed in the
PHP codes. The injection attacks, such as SQL injection attacks, XML injection attacks, and
cross-site scripting attacks can be avoided by incorporating the coding standard. The policy
ensures that resource alterations are avoided to make sure that the information integrity is
preserved at all times. Also, the user access control measures are included in the PHP script
so that the unauthorized entities do not succeed in altering the code snippets (Anis, 2018).
The policy also makes sure that there are certain rules that are applied to the web application
to monitor and control the behaviour of the code. Malicious injection attacks and the
unauthorized alterations can be easily avoided as an outcome. Input sanitization and output
validation are also the two security standards and policies that may be used to prevent the
injection attacks. Sub-resource integrity can be used as a coding standard to prevent the
resource alteration issues.
Conclusion
PHP is a programming language that comes with numerous benefits, such as ease of coding,
enhanced portability, inter-operability, and scalability of the code. It is necessary that
information security and privacy is also considered as an essential parameter at the time of
code development. The coding standards that have been discussed above shall be included
3

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

Secure Coding Standards in PHP
and followed so that the frequency of cybercrimes is controlled and is brought down (Kim,
2012).
4

Secure Coding Standards in PHP
References
Anis, A. (2018). Securing web applications with secure coding practices and integrity
verification. School of Computing, [online] 1, pp.26-36. Available at:
https://qspace.library.queensu.ca/bitstream/handle/1974/23984/Anis_Arafa_M_201803_MSC
.pdf?sequence=3&isAllowed=y [Accessed 15 Feb. 2019].
Hopkins, P. (2014). Secure Systems Development and Secure Coding. Engineering &
Technology Reference.
Kim, Y. (2012). Refined Secure Network Coding Scheme with no Restriction on Coding
Vectors. IEEE Communications Letters, 16(11), pp.1907-1910.
Sahi, D. and Tomar, D. (2014). Defensive Programming to Reduce PHP Vulnerabilities.
International Journal of Advances in Computer Networks and Its Security, [online] 4, pp.71-
75. Available at:
https://www.researchgate.net/publication/263818362_Defensive_Programming_to_Reduce_P
HP_Vulnerabilities [Accessed 15 Feb. 2019].
Savidis, A. (2014). The implementation of generic smart pointers for advanced defensive
programming. Software: Practice and Experience, 34(10), pp.977-1009.
5

1 out of 6

+13062052269

info@desklib.com

Comprehensive Analysis of Secure Coding Standards in PHP Development

Contribute Materials

Secure Best Marks with AI Grader

Secure Best Marks with AI Grader

Related Documents

IT Networking: Designing Secure Networks, Risk Assessment & Auditing

Report on CRM Vendor Analysis and Recommendation for Around the World