Shulou(Shulou.com)06/01 Report--

Recently, many netizens have told me why the website programs with system vulnerabilities are all developed and designed by PHP, while there are very few cases of penetration of JAVA and Python. Let's not say python, talk about PHP and Java. Until then, why not keep one thing in mind (and you don't have to worry about it, right?): there are many types of vulnerabilities on PHP, but not complicated, and vice versa.

Why is it that most of the websites that are infiltrated in practice are developed and designed by PHP code? We can put this question aside for a while and talk about the following questions first.

1. Why do you read so many cases in the sharing practice that are all PHP code development and design websites? It is not clear that the examples mentioned by netizens refer to specific infiltration examples or some experimental teaching examples. To start with the latter, PHP language is very easy to get started, and there is a lot of free code for the PHP website open source system, so (and then why not keep in mind the previous basis), the natural environment of PHP website system vulnerabilities is easier to build and more suitable for classroom teaching. Let's talk about the previous one. 1) infiltration is generally not the analysis of individual system vulnerabilities, but the development and utilization of several system vulnerabilities, so (based on the previous basis why not keep in mind), it is obvious that there is a lot of probability on the penetration level of PHP websites, and there are many topics that should be written. 2) in terms of the situation in China, the websites that use Java are government units, large and medium-sized state-owned enterprises, etc., while those who use PHP are used by small and medium-sized enterprises, individuals, students, etc. (not to mention why the topic discussion is broadened too much), so it is not easy to infiltrate the Java website.

two。 Where can I find examples of infiltration such as JAVA/Python?

As mentioned earlier, according to what he talked about, there should be a lot of online teaching cases, such as JSP framework environment vulnerabilities, Tomcat vulnerabilities, deserialization vulnerabilities, and so on. If you want to infiltrate specific examples, there are a lot of hw activities that infiltrate the Java website every year, but the report is not easy to get.

3. Is it necessary to learn PHP?

It's not necessary, just like I don't have to eat steamed buns and bean oars tomorrow morning. But PHP has a stronger introduction to web security, and learning PHP will not prevent you from learning Java. Most of the web security starts from PHP, and there is no need to be different from others. Many people who engage in web security do not have to learn anything, or learn what they encounter in practice. In addition, "Why are most of the infiltrated websites developed and designed by PHP?"

I think this question is of little practical significance to the subject. In order to describe convenience, why not first establish a definition of "non-professional problem". To put it bluntly, the "non-professional problem" is the problem that the onlookers are unprofessional), but the defense does not take into account the problem. For example, you have been signing up for an exam, and I am still a bystander. When I finished the exam paper, I found that most of your answers were B, and then I said, "Why do most of your single questions choose B"? This is a non-professional problem, because as a defense, you will not have the "I want to choose more B" consideration, you are only thinking about solving each problem. After that, you can look for a variety of reasons why there are a lot of B choices, but it doesn't make any practical sense, because you won't take that into account in the next test. "Why are most of the infiltrated sites developed and designed by PHP?" It is a non-professional problem, which does not pay attention to those who do infiltration, and the subject now aims to become an infiltration staff, so it has no practical significance. As far as infiltrators are concerned, it is not said that the a website developed and designed by PHP will be stronger or more difficult to penetrate than the b website developed and designed by Java. It is just that PHP has the method of PHP and Java has the method of Java. If you have a need for website or APP penetration testing, you can find a professional website security company to test the security of the website and find out the loopholes to fix and prevent hackers from attacking. At present, SINESAFE, Eagle Shield Security, Green Alliance Stone Technology is a professional company in penetration testing.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.