PHP code audit
Introduction
update time:2018-02-10Preliminary preparation:
Of course, the most basic prerequisite is to at least roughly learn the syntax of PHP.
1. Install related software, such as Sublime text, Notepad++, editplus, Seay source code audit system, etc.
2. Obtain the source code and download the source code of various websites online
3. Install the website
Audit method:
Read the whole text: troublesome but comprehensive
Sensitive function parameter backtracking method: efficient and commonly used, Seay source code audit system
Targeted function analysis method: mainly audit based on the business logic of the program. First, use the browser to access one by one to see what functions the program has, and speculate on possible vulnerabilities based on the relevant functions
Basic audit process:
1. Overall understanding
2. Conduct audits for each function according to the directed function method
3. Sensitive function parameter backtracking method
Of course, the most basic prerequisite is to at least roughly learn the syntax of PHP.
1. Install related software, such as Sublime text, Notepad++, editplus, Seay source code audit system, etc.
2. Obtain the source code and download the source code of various websites online
3. Install the website
Audit method:
Read the whole text: troublesome but comprehensive
Sensitive function parameter backtracking method: efficient and commonly used, Seay source code audit system
Targeted function analysis method: mainly audit based on the business logic of the program. First, use the browser to access one by one to see what functions the program has, and speculate on possible vulnerabilities based on the relevant functions
Basic audit process:
1. Overall understanding
2. Conduct audits for each function according to the directed function method
3. Sensitive function parameter backtracking method
Statement:
All resources on this website are contributed and published by netizens, or reprinted by major download sites. Please check the integrity of the software yourself! All resources on this website are for learning and reference only. Please do not use them for commercial purposes, otherwise you will be responsible for all consequences incurred! If there is any infringement, please contact us to delete and remove it. Contact information: admin@php.cn
Related recommendations
See more- 03-01Scanned version of "PHP Complete Self-Study Manual" [PDF]
- 10-09ThinkPHP5 quick start manual Chinese pdf version
- 02-12Brother Niao's Linux Private Cooking - Basic Learning Chapter 4th Edition HD Complete Bookmark PDF Version
- 03-03PHP language advanced and advanced application Chinese translation version
- 02-23PHP professional project example development PDF format
Recent Updates
See more- 05-09ThinkPHP6 backend management payment system--practical development courseware
- 11-06PHP+MySQL basic introductory course courseware
- 11-06HTML5CSS3JavaScriptES6 introductory course courseware
- 09-21WeChat Mini Program Accounting Book Development Practical Courseware
- 08-15ThinkPHP configuration development and CMS backend practical courseware
Latest courses
See more![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
- [Web front-end] Node.js quick start
- This course is specially designed for beginners and aims to help students quickly master the basic knowledge and core technologies of Node.js. The course starts with the installation and environment configuration of Node.js, and gradually analyzes its asynchronous programming model, module system and event-driven mechanism in depth. Through a wealth of practical cases, students will learn how to use Node.js to build an efficient and stable web server, process HTTP requests and responses, and perform file operations and database interactions. In addition, the course will also introduce typical application scenarios of Node.js in front-end development, helping students quickly improve their practical capabilities and easily cope with the challenges of front-end development.
- Complete collection of foreign web development full-stack courses
- This course is a comprehensive tutorial covering HTML, CSS, JavaScript, Vue.js, React, Flutter and mobile APP development. From basic web page production to complex front-end and back-end interactions, to practical development of mobile applications, the courses are rich in content and highly practical. Through a series of practical projects, students will gain an in-depth understanding of and master various development skills and quickly grow into full-stack development engineers. Both beginners and experienced developers can benefit from it. Through the study of this course, you will have the ability to independently develop web applications and mobile applications, laying a solid foundation for future career development.
- Go language practical GraphQL
- This course is designed to help learners master how to use Go language to implement GraphQL services. The course starts with the basic knowledge of GraphQL, and deeply analyzes the characteristics and advantages of its data query language. Then, combined with the characteristics of the Go language, it explains in detail how to build a GraphQL server, process requests, define data patterns, etc. Through rich practical cases, learners will learn how to integrate GraphQL in actual projects to improve the flexibility and efficiency of data interaction. The course is suitable for developers with a certain foundation in Go language and is a must-have for building efficient and modern APIs.
- 550W fan master learns JavaScript from scratch step by step
- This course is specially designed for beginners and is taught by Google bosses. The course starts with the basic knowledge of JavaScript and gradually deepens it, covering syntax, functions, objects, event processing, etc. Through vivid cases and practical exercises, students can quickly master the core skills of JavaScript. The boss will personally answer students' questions and share programming experience, allowing students to grow into JavaScript masters in a relaxed and pleasant atmosphere. Whether you are a novice at programming or a developer looking to improve your skills, this course will be your best choice for learning JavaScript.
- Python master Mosh, a beginner with zero basic knowledge can get started in 6 hours
- This course takes you on a programming journey. Starting from scratch, this 6-hour course will guide you through the fundamentals and advanced concepts of Python. Whether you're a beginner or an experienced programmer looking to improve your skills, Mosh's in-depth explanations and clear teaching methods will get you up to speed with Python quickly. Learn more about variables, data types, conditionals, loops, functions, objects, and modules and solidify your understanding with hands-on exercises. This course is ideal for learning Python and preparing you for a variety of career fields. Mosh's expertise and passion for education will give you the confidence to start on your path to becoming a proficient Python developer.