CornerShot
« expect://
Introduction »
PHP Manual
Security
Security
Introduction
General considerations
Installed as CGI binary
Possible attacks
Case 1: only public files served
Case 2: using cgi.force_redirect
Case 3: setting doc_root or user_dir
Case 4: PHP parser outside of web tree
Installed as an Apache module
Session Security
Filesystem Security
Null bytes related issues
Database Security
Designing Databases
Connecting to Database
Encrypted Storage Model
SQL Injection
Error Reporting
User Submitted Data
Hiding PHP
Keeping Current