Do I have to check/test my code beforehand, or do these tools inform me when an attempt is being made in real time? Secondly, which one should I go for -- Suhosin or Spike or PHPIDS or a combo? What are the differences between them?
Asked
Active
Viewed 1,112 times
6
-
1for apache security, check the answers to this question: http://security.stackexchange.com/questions/77/apache-server-hardening – Tate Hansen Jan 27 '11 at 04:41
-
I removed the second question about apache, in order to keep the question focused on one question at a time... Also, the apache part is a duplicate. – AviD Jan 28 '11 at 08:38
1 Answers
3
Spike is a static analysis tool and you should run it on your code before deploying it on your server. It will attempt to highlight any potential programming error which you will then need to take action to fix.
Suhosin and PHPIDS will alert when an attack / event is detected in real time.
Suhosin in my experience is more about run time protection as opposed to alerting potential attacks. However it will alert on events such as scripts trying to raise memory limits and other such actions.
I have never personally deployed PHPIDS, but looking at the features that it provides you may also want to consider Apache mod_security. With mod_security it will detect events such as SQL Injection and depending on the configuration it can be logged, blocked, logged & blocked, or some other action can be taken.
Mark Davidson
- 9,367
- 6
- 43
- 61