Secure PHP Development with Inspekt

1,740 views
1,628 views

Published on

Published in: Technology
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total views
1,740
On SlideShare
0
From Embeds
0
Number of Embeds
7
Actions
Shares
0
Downloads
14
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

Secure PHP Development with Inspekt

  1. 1. PUT DOWN THE SUPERGLOBALS! Secure PHP Dev with Inspekt  Ed Finkler • inspekt.org • @funkatron  tek-X 2010 • #tekx • #inspekt • http://joind.in/1593
  2. 2. Vulnerabilities! Thursday; May 20, 2010 - Inspekt.org
  3. 3. What causes them? Thursday; May 20, 2010 - Inspekt.org
  4. 4. Letting bad stuff in! Thursday; May 20, 2010 - Inspekt.org
  5. 5. Where's bad stuff? Thursday; May 20, 2010 - Inspekt.org
  6. 6. EVERYWHERE!!! Thursday; May 20, 2010 - Inspekt.org
  7. 7. FIEO Thursday; May 20, 2010 - Inspekt.org
  8. 8. Keep bad stuff from getting in Thursday; May 20, 2010 - Inspekt.org
  9. 9. Don't send bad stuff out Thursday; May 20, 2010 - Inspekt.org
  10. 10. Most of us know this Thursday; May 20, 2010 - Inspekt.org
  11. 11. PHP makes it harder than it should be Thursday; May 20, 2010 - Inspekt.org
  12. 12. It should be easy to do safe things Thursday; May 20, 2010 - Inspekt.org
  13. 13. It should be hard to do dangerous things Thursday; May 20, 2010 - Inspekt.org
  14. 14. Right now it's harder to be safe Thursday; May 20, 2010 - Inspekt.org
  15. 15. That sucks Thursday; May 20, 2010 - Inspekt.org
  16. 16. That won't change anytime soon Thursday; May 20, 2010 - Inspekt.org
  17. 17. Inspekt is an attempt to change that Thursday; May 20, 2010 - Inspekt.org
  18. 18. Make developers show intent Thursday; May 20, 2010 - Inspekt.org
  19. 19. Stop direct access to Superglobals Thursday; May 20, 2010 - Inspekt.org
  20. 20. example: SuperCage Thursday; May 20, 2010 - Inspekt.org
  21. 21. Consequences Thursday; May 20, 2010 - Inspekt.org
  22. 22. Simplify Thursday; May 20, 2010 - Inspekt.org
  23. 23. Centralize Thursday; May 20, 2010 - Inspekt.org
  24. 24. Avoid piecemeal filtering Thursday; May 20, 2010 - Inspekt.org
  25. 25. Force demonstration of intent Thursday; May 20, 2010 - Inspekt.org
  26. 26. Auditability Thursday; May 20, 2010 - Inspekt.org
  27. 27. $_ OH NO YOU DIDN'T Thursday; May 20, 2010 - Inspekt.org
  28. 28. Scoping Thursday; May 20, 2010 - Inspekt.org
  29. 29. Superglobals are indeed GLOBAL Thursday; May 20, 2010 - Inspekt.org
  30. 30. Use Singleton Thursday; May 20, 2010 - Inspekt.org
  31. 31. Additional Functionality Thursday; May 20, 2010 - Inspekt.org
  32. 32. Auto-filtering Thursday; May 20, 2010 - Inspekt.org
  33. 33. example:config Thursday; May 20, 2010 - Inspekt.org
  34. 34. wrap an arbitrary array in a cage Thursday; May 20, 2010 - Inspekt.org
  35. 35. example:filter_array_cage Thursday; May 20, 2010 - Inspekt.org
  36. 36. Build your own filters Thursday; May 20, 2010 - Inspekt.org
  37. 37. example:extending Thursday; May 20, 2010 - Inspekt.org
  38. 38. filter an array or scalar Thursday; May 20, 2010 - Inspekt.org
  39. 39. example:filter_static_methods Thursday; May 20, 2010 - Inspekt.org
  40. 40. Questions? http://funkatron.github.com/inspekt/ Thursday; May 20, 2010 - Inspekt.org

×