php security question

[Leb_CRX]

ok so i'm currently working on a major app for one of my clients, and security testing has been brought up...here's what i've identified as potential problems, hoping I can get some more knowledable folks to point out areas I've missed

besides the obvious (security holes in apache (if any)) , the server being prone to DOS attacks ... we have mysql port drop on the firewall so only access from localhost, and ssh has a diff port #

we have with the actual app
-Unanticipated navigation path
-session hijacks
-sql injeciton
-post/get tamperage to gain a diff role (admin, etc)
-Man-in-the-middle packet interception

 

[maw]

ok so i'm currently working on a major app for one of my clients, and security testing has been brought up...here's what i've identified as potential problems, hoping I can get some more knowledable folks to point out areas I've missed

besides the obvious (security holes in apache (if any)) , the server being prone to DOS attacks ... we have mysql port drop on the firewall so only access from localhost, and ssh has a diff port #

we have with the actual app
-Unanticipated navigation path
-session hijacks
-sql injeciton
-post/get tamperage to gain a diff role (admin, etc)
-Man-in-the-middle packet interception

what about the physical security of the server itself?

 

[Leb_CRX]

what about the physical security of the server itself?

good point, thanks for bringing that up, I will include it in the document

currently located in a grade 'a' facility