Chris Cornutt wrote “PREPARING FOR PENTESTING (@ LONGHORN PHP 2018)” blog post for his upcoming talk at the conference. I’d gladly attend the talk, but the time and place didn’t work out for me this time. Here are a few useful links from his blog post that might come in handy for anyone evaluating the security of their PHP application and preparing for the penetration testing:
- OWASP Top 10 2017 – the ten most critical web application security risks
- PortSwigger Burp Suite (community edition)
- PHP Security Cheat Sheet
- Top 7 PHP Security Blunders
- The 2018 Guide to Building Secure PHP Software
The above are not a replacement for the talk, but if you are like me and can’t attend, these should at least get you started in the right direction.