Because the code is hosted on Bae, we don't have to consider the security of the server for the time being, so the security I'm referring to is probably more about code security.
But there was no systematic understanding of how this piece would be done, but it was fragmented to some of the most common possible attack points: XSS, SQL injection, and so on.
But it's always patchwork to feel like you're on your own. I would like to know if there is a system of security testing procedures or standards to assess the security of their own sites?
Or, are there any friends who can share some of their experiences in dealing with this kind of problem?
Reply content:
A project, the server with PHP, no framework, the code is hosted on Bae, so security this piece has to do itself.
Because the code is hosted on Bae, we don't have to consider the security of the server for the time being, so the security I'm referring to is probably more about code security.
But there was no systematic understanding of how this piece would be done, but it was fragmented to some of the most common possible attack points: XSS, SQL injection, and so on.
But it's always patchwork to feel like you're on your own. I would like to know if there is a system of security testing procedures or standards to assess the security of their own sites?
Or, are there any friends who can share some of their experiences in dealing with this kind of problem?
360 Website Detection: http://webscan.360.cn/
and brother Bird's taint expansion: Http://pecl.php.net/package/taint
Say to your leader, use dark clouds to test: http://test.wooyun.org
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
