Historical security flaws of popular PHP CMS's?
Posted
by VirtuosiMedia
on Stack Overflow
See other posts from Stack Overflow
or by VirtuosiMedia
Published on 2010-06-01T17:31:36Z
Indexed on
2010/06/01
17:33 UTC
Read the original article
Hit count: 303
I'm creating a PHP CMS, one that I hope will be used by the public. Security is a major concern and I'd like to learn from some of the popular PHP CMS's like Wordpress, Joomla, Drupal, etc. What are some security flaws or vulnerabilities that they have they had in the past that I can avoid in my application and what strategies can I use to avoid them? What are other issues that I need to be concerned with that they perhaps didn't face as a vulnerability because they handled it correctly from the start? What additional security features or measures would you include? Please be as specific as possible. I'm generally aware of most of the usual attack vectors, but I want to make sure that all the bases are covered, so don't be afraid to mention the obvious as well. Assume PHP 5.2+.
© Stack Overflow or respective owner