Quick-start rules of thumb: the Steps of Development

(developing the idea here)

  1. Need is determined
  2. Functions Researched
  3. Application Development Process Begins
  4. More Research
  5. More Development
  6. (repeat #4 and #5 as necessary)
  7. Test “First Working Version” of an App

now, the critical steps that follow are those which i must begin to focus on with more concern so as to develop a better method, and understanding of how to “debug” an app (not knowing whether a bug exists or not), and to check for security vulnerabilities

One thing that i’ve noticed thus far in my career as a web developer is that there are a few typical, recurring steps in the life cycle of my ideas, or my solutions to client needs from inception through development, and finally to a published, working application.

First I determine the need.
What is it about a client request which requires the development of an application?

Once I determine that, I can move on to find out what existing php functions, if any, will do the job for me. In many cases, there exists a built in function to perform the task that I need to accomplish– or at least, there is a PHP function which, although it may not be a one-stop solution to the problem, it will indeed be a necessary component of the final solution.

Usually at this point, I turn back to the original problem and begin plugging away at the solution. Oftentimes when I’ve gone back, applied what i’ve learned of the php function, or several functions which support each other toward the end solution, and i’ve arrived at a working solution, if i have no errors, i’m satisfied, and i move on to the next component of the web site itself which, depending on the complexity of the overall function of the website, the separate components may, or may not interact with each other as well as performing their own, independent fucntions.

Okay – the App “Works” — now what about “Security”?!

Not only is it difficult enough for a beginner such as myself to simply develop an application but to then go back and check for security is a whole new ball-game. Code checking, I have no problem with– so, don’t get me wrong because it’s not that– but the issue, as i would assume is the same issue for any others whose apps are easily hacked due to their inherent vulnerability, is the very awareness of where the vulnerability lies, and how to deal with it.

The PHP mail() function, for example, when used with html forms for sending mail, such as a “Contact Us” form, in which a page typically appears including a text area for the message and a few text input fields for the user to enter a message subject and his or her e-mail address. This makes for a highly effective, easy way of sending mail, however, it also makes for a very vulnerable “open door” for malicious code, and therefore exploitation of the PHP mail() function.

How can we make the mail() form secure? what can i do to protect myself, my domain name for being blacklisted, and all of the potential spam recipients from that malicious spammer who found a security hole in my simple mail() form?

the answer can be found here, under the article Email Injection on a web site named Secure PHP

Leave a Reply

Your email address will not be published. Required fields are marked *