I recently learned that it is common for people to attempt SQL injections using the HTTP referrer in PHP. What other inputs do I need to protect against?
I am currently "cleaning up" incoming $_GET[] and $_POST[], and now the server's referrer. I am also removing HTML from things like user names, and of course before I do anything I am removing invalid UTF8. (At present I am not dealing with UTF7.)
There is a large number of vulnerabilities and attacks that impact the security of your application. You can start with a list of the most common and critical ones and OWASP Top 10 is the most popular resource containing detailed information and excellent cheat sheets for a quick start.
Vulnerabilities come from insecure development practices so here is the OWASP Secure Coding Practices Quick Reference Guide in a checklists format. Implementation of these practices will mitigate most common software vulnerabilities.
Your questions is about input validation which is only a part of the problem you are trying to solve. Securing your web application is not an exact science where a complete list of all possible issues and fixes can be defined and implemented.
But still, input validation is one of the most effective technical controls for application security. It can mitigate numerous vulnerabilities including cross-site scripting, various forms of injection, and some buffer overflows.
Variables used to acquire user-supplied in PHP:
$_GET$HTTP_GET_VARS$_POST $HTTP_POST_VARS$_COOKIE $HTTP_COOKIE_VARS$_REQUEST$_FILES$HTTP_POST_FILES$_SERVER[‘REQUEST_METHOD’]$_SERVER[‘QUERY_STRING’]$_SERVER[‘REQUEST_URI’]$_SERVER[‘HTTP_ACCEPT’]$_SERVER[‘HTTP_ACCEPT_CHARSET’]$_SERVER[‘HTTP_ACCEPT_ENCODING’]$_SERVER[‘HTTP_ACCEPT_LANGUAGE’]$_SERVER[‘HTTP_CONNECTION’]$_SERVER[‘HTTP_HOST’]$_SERVER[‘HTTP_REFERER’]$_SERVER[‘HTTP_USER_AGENT’]$_SERVER[‘PHP_SELF’]
This can be anywhere in your code or even a php vulnerability at it's core. The attacker can find an rpc call or through globals and run any code on your remote machine on a machine level
This way the attacker can inject javascript code on your site and allow him to retrieve cookies and other useful information that would very easily compromise your site. Look here to see how common an attack this is.
You should configure your application in a way that when a problem occurs no information is provided to the attacker. Username enumeration is such, which means that a backend service provides the attacker with a true or false answer like invalid password or username does not exists making you vulnerable to brute force attacks
Many times your application may fail due to some piece of code that allows as many requests from the user as he/she wants. Other times this is the problem of some faulty code that requires much more time to run than it should. The latter is a very common vulnerability that most of the times requires an update to work.
