XOOPS Securilty flow

1,038 views
952 views

Published on

How to keep your site safety

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,038
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
8
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Your introductory or title slide should convey the overall “feeling” and focus of your presentation. For instance, I typically present about small-business trends, new business ideas, growth opportunities or other positive trends. In this sample presentation, I’m talking about new business ideas, so I used a sun graphic in this slide template to convey a positive feeling. Personalize this slide template with your company’s logo. To add a logo to all slides, place it on the Slide Master. To access the Slide Master, on the Themes tab of the Ribbon, click Edit Master and then click Slide Master.Disclaimer: You understand that Microsoft does not endorse or control the content provided in the following presentation. Microsoft provides this content to you for informational purposes only; it is not intended to be relied upon as business or financial advice. Microsoft does not guarantee or otherwise warrant the accuracy or validity of this information and encourages you to consult with a business or financial professional as appropriate.RIEVA LESONSKY Founder and President, GrowBiz Media RievaLesonsky is founder and president of GrowBiz Media, a content and consulting company specializing in covering small businesses and entrepreneurship. A nationally known speaker and authority on entrepreneurship, Lesonsky has been covering America’s entrepreneurs for nearly 30 years. Before co-founding GrowBiz Media, Lesonsky was Editorial Director of Entrepreneur Magazine.
  • I like to speak spontaneously, so I use PowerPoint as an outline to keep me on track. It’s best to keep your PowerPoint text brief, simply reinforcing key points you will talk about at more length. You can use this slide template to convey a series of steps or related points in a short format.
  • This slide template can show steps, stages or how various elements or factors combine to make one key result or goal. For instance, you could show how various departments in your business work together to make the sale, how key customer groups will all purchase your product, or how different funding sources will provide the total you need. This slide template also makes an excellent concluding slide for your presentation, enabling you to graphically sum up your key points into one final whole.
  • I like to use an off-balance layout to keep things from getting too symmetrical. Customize this slide template graphics of your choice, including photos, clip art, your logo or illustrations. Good photos really help cement an idea in the audience’s mind. This slide is animated to display an appropriate image as you introduce each business type.
  • I like to use an off-balance layout to keep things from getting too symmetrical. Customize this slide template graphics of your choice, including photos, clip art, your logo or illustrations. Good photos really help cement an idea in the audience’s mind. This slide is animated to display an appropriate image as you introduce each business type.
  • I like to use an off-balance layout to keep things from getting too symmetrical. Customize this slide template graphics of your choice, including photos, clip art, your logo or illustrations. Good photos really help cement an idea in the audience’s mind. This slide is animated to display an appropriate image as you introduce each business type.
  • A plain old bulleted list can get boring, so use graphics to liven it up. An image that conveys what you’re saying in visual format (like this diagram) can reinforce your ideas in the audience’s mind.
  • XOOPS Securilty flow

    1. 1. XOOPS Cube and Security<br />WeeklyCMS 6.25 at Microsoft Japan<br />
    2. 2. 自己紹介 Yoshi Sakai<br />有限会社ブルームーン ソフト開発 代表取締役Bluemooninc.jp<br />XOOPS Cube YouTube Channel and SNSXoopscube.info<br />WeeklyCMS USTREAM TV Show<br />@bluemooninc<br />Guitar freak<br />
    3. 3. How to keepSecure CMS<br />
    4. 4. ProtectorModule<br />-悪意あるクローラー(メール収集ボットなど)<br />- システムグローバル変数汚染<br />- セッションハイジャック<br />- ヌルバイト攻撃<br />- ディレクトリ遡り攻撃<br />- いくつかの危険なCSRF (XOOPS 2.0.9.2Under)<br />- Brute Force (パスワード総当たり)<br />- 拡張子偽装画像ファイルアップロード (すなわち、IE Content-Type XSS)<br />- 実行可能なファイルをアップロードする攻撃<br />- XMLRPC関連<br />- コメントSPAM/トラックバックSPAM等、あらゆるSPAM<br />
    5. 5. Check Source Code <br />foreach ($_POST as $key => $value){    $$key = $value;}foreach ($_GET as $key => $value){    $$key = $value;}<br />$hoge = isset($_GET[‘hoge’]) ? $_GET[‘hoge’] : 0;<br />  <br />
    6. 6. Check Source Code <br />DO NOT useforeach $_POST and $_GET <br />$hoge = isset($_GET[‘hoge’]) ? Intval($_GET[‘hoge’]) : 0;<br />$hoge = isset($_GET[‘hoge’]) ? htmlspecialchars($_GET[‘hoge’],ENT_QUOTES) : “”;<br />  <br />
    7. 7. SQLInjection<br />$name_bad=addslashes($name_bad);<br />// a good user's name$name = "timmy"; $query = "SELECT * FROM customers WHERE username = '$name'”;echo "Normal: " . $query . "<br />”;// user input that uses SQL Injection$name_bad = "' OR 1'"; // not a very safe one$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'”;<br />SELECT * FROM customers WHERE username = '' OR 1'' <br />SELECT * FROM customers WHERE username = '' OR 1''<br />
    8. 8. MyTextSanitizer class for HTML<br />$myts =& MyTextSanitizer::getInstance();<br />GETやPOSTで取得した文字列(VARCHAR型)をHTML上に表示したい ⇒makeTboxData4Preview()GETやPOSTで取得した文字列(VARCHAR型)をHTMLのテキストフォーム内に表示したい ⇒makeTboxData4PreviewInForm()GETやPOSTで取得した文字列(TEXT型)をHTML上に表示したい ⇒makeTareaData4Preview()GETやPOSTで取得した文字列(TEXT型)をHTMLのテキストフォーム内に表示したい ⇒makeTareaData4PreviewInForm()<br />
    9. 9. MyTextSanitizer class for DB<br />GETやPOSTで取得した文字列(VARCHAR型)をDBに格納したい ⇒makeTboxData4Save()DBから取得した文字列(VARCHAR型)をHTML上に表示したい ⇒makeTboxData4Show()DBから取得した文字列(VARCHAR型)をHTMLのテキストフォーム内に表示したい ⇒makeTboxData4Edit()GETやPOSTで取得した文字列(TEXT型)をDBに格納したい ⇒makeTareaData4Save()DBから取得した文字列(TEXT型)をHTML上に表示したい ⇒makeTareaData4Show()DBから取得した文字列(TEXT型)をHTMLのテキストフォーム内に表示したい ⇒makeTareaData4Edit()<br />

    ×