Ask HN: What were some of the more devastating PHP exploits?

2 points by GigabyteCoin ↗ HN
I am re-writing an old website of mine in PHP. I am curious what some of the worst PHP security exploits are that have been found in the recent past.

2 comments

[ 4.2 ms ] story [ 23.9 ms ] thread
PHP itself has been pretty secure for a while. If you're concerned about security within your application, go with a framework that handles things like database access for you.

The biggest thing to watch out for is SQL injection. There's so much old, viulnerable PHP code out there - and much of it in the examples people put out there for beginners!

OWASP has a PHP Security Cheat Sheet you might find helpful: https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet

Thank you for your insightful comment. I am reading through the owasp web page you linked right now.