Lock Down Exercises

This is the suplimental project setup for the Lock Down series on MSDN Script Junkie. The application is a PHP application running off of a MySQL database. I tried to write this as someone who was just learning PHP (I sort of am) and put in some of common insecure coding practices that I have seen in my travels. I have included setup instructions here but they assume some knowledge of web servers and database servers. I have run through the samples that are in the Lock Down series to confirm that everything works. I am new to this posting projects for people to learn from so any suggestions on how to improve would be greatly appreciated. I will be posting the "After" files later this week (7/1/2011).

  • Step 1: Download the project files from the folder icon on this page. Click on the folder at the bottom and then download the zip file
  • Step 2: Make sure you have PHP 5 (or greater) and a MySQL database somewhere accessible by the web server you will be hosting this project on. DO NOT PUT THIS ON A PUBLIC WEBSERVER!!! This project was built to be riddled with problems so don't put it out on a public server for people to attack you.
  • Step 3: Run the SQL script in the sqlscripts folder of the project on your MySQL database. The script creates the database, tables and some user data for you to start with.
  • Step 4: Load the sjLockdown folder to your web server and navigate to default.php. If the login screen appears, you should be all set.