Security. Sounds relay good. Secure data. Secure communication. Guaranteed privacy. They all sound good. But do they exist in the real world ? Probably Yes. Is your data secure? Are your communications secure? Do you have a guarantee of your privacy? Probably Not. Do you care about this? If you don’t just wait until it happens to get hit. If you do care then when is the last time you got an audit of your IT infrastructure? I thought so.  Do I scare you? I hope so.

Security is something we will never have 100%. Still this does not mean that we should not care about it. Security must be teached, understood and most importantly practiced. From the common user that surfs the web and reads emails to the highly trained developer that writes critical applications.

Let’s try to make the IT world a safer world.

The security topics on this site will be discussed on the Secutiry section of the weblog. 

Here goes… my first security related post

Intro

First i must say that this will not be a way to prove that your application is secure, it will only be a quick & dirty way of finding common bugs in web applications. The following will be a few techniques that i tend to use the first time i see an web application ( and generally a database application ). I will use PHP for the few code examples but the vulnerabilities presented are not limited to PHP, in fact are independent of the server-side programming language used.

(more…)