Http and security
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Http and security

on

  • 1,158 views

 

Statistics

Views

Total Views
1,158
Views on SlideShare
1,158
Embed Views
0

Actions

Likes
1
Downloads
5
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Http and security Presentation Transcript

  • 1. HTTP AND SECURITY
  • 2. AGENDA HTTP basics  HTTP methods  PHP and HTTP  Security threats and attacks  Security in PHP 
  • 3. HTTP The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems  HTTP is the foundation of data communication for the World Wide Web. 
  • 4. HTTP HTTP functions as a request-response protocol in the client-server computing model  The response contains completion status information about the request and may also contain requested content in its message body  HTTP is an application layer protocol (mostly TCP, but can use UDP) 
  • 5. HTTP SESSIONS An HTTP session is a sequence of network request-response transactions  Every session has an ID and reflects conversation between one client and server  In PHP $_SESSION variable can hold session parameters 
  • 6. HTTP METHODS          GET - Requests a representation of the specified resource HEAD - likeGET request, but without the response body POST - Requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI PUT - Requests that the enclosed entity be stored under the supplied URI DELETE - Deletes the specified resource. TRACE - Echoes back the received request so that a client can see what changes or additions have been made by intermediate servers. OPTIONS - Returns the HTTP methods that the server supports for the specified URL CONNECT - Converts the request connection to a transparent TCP/IP tunnel PATCH - Is used to apply partial modifications to a resource
  • 7. HTTP GET /test/demo_form.php?name1=value1&name2=val ue2  GET requests can be cached  GET requests remain in the browser history  GET requests can be bookmarked  GET requests should never be used when dealing with sensitive data  GET requests have length restrictions (2048)  GET requests should be used only to retrieve data 
  • 8. HTTP POST POST /test/demo_form.asp HTTP/1.1  Host: w3schools.com  name1=value1&name2=value2  POST requests are never cached  POST requests do not remain in the browser history  POST requests cannot be bookmarked  POST requests have no restrictions on data length 
  • 9. PHP METHODS FOR POST AND GET GET - $_GET variable  POST - $_POST variable  $_REQUEST for both + $_COOKIE  if (isset($_GET['user']) && isset($_GET['gen'])) {  $user = $_GET['user'];  $gen = $_GET['gen'];  echo 'User: '. $user. ' - gender: '. $gen; } 
  • 10. AND WORDPRESS Wordpress core does not use sessions  Wordpress core uses only cookies  However plugins can use sessions 
  • 11. SECURITY INTRODUCTION Weakest part of site is entry point  Write your code secure!  Don’t be victim of laziness and get hacked (or put users in risk)  It’s easier to protect then to heal 
  • 12. CROSS SITE SCRIPTING (XSS) Adding additional HTML or javascript to source of page  Injectiong trough url parameters, requests or form fields  Stored XSS, Reflected, DOM based 
  • 13. XSS PROTECTION Stripping tags  Transform characters like <,>,/,’,” etc to html entities  Php functions:     string strip_tags ( string $str [, string $allowable_tags ] ) string htmlentities ( string $string) string htmlspecialchars( string $string)
  • 14. SQL INJECTION SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution  Types:    Classic SQLI Blind or Inference SQL injection
  • 15. SQL INJECTION EXAMPLE statement = "SELECT * FROM users WHERE name ='" + userName + "';“  Attacker input 1: ' or '1'='1  Attacker input 2: ' or '1'='1' -- '  Executed query:  1: SELECT * FROM users WHERE name = '' OR '1'='1';  2: SELECT * FROM users WHERE name = '' OR '1'='1' -- ';  Consider input:  a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't 
  • 16. SQL INJECTION PROTECTION Filter user input  Way 1:         $stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?'); $stmt->bind_param('s', $name); $stmt->execute(); $result = $stmt->get_result(); while ($row = $result->fetch_assoc()) { // do something with $row } Way2: $unsafe_variable = $_POST["user-input"] ;  $safe_variable = mysql_real_escape_string($unsafe_variable);  mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')"); 
  • 17. SQL INJECTION WORDPRESS PROTECTION Use prepare function with parameters  $wpdb->query(  $wpdb->prepare(    " DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s ", 13, 'gargle' ) );  Prepare function filters parameters and is safe from sql injection 
  • 18. SENSITIVE DATA EXPOSURE All data that are stored should be stored hased or encrypted  Try to protect also transport layer (best using ssl) 
  • 19. CROSS SITE REQUEST FORGERY (CSRF) Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.  Attacker creates page that request some action that only authorized user can execute  Attacker sends link of the page to the victim  Victim clicks on link and execute command as authorized user 
  • 20. PROTECTION AGAINST CSRF Use token when sending every action  Token should be created for each request or at least per session  In wordpres you may use wp_nonce_field and wp_verify_nonce, wp_create_nonce    <form method="post"> <!-- some inputs here ... -->  <?php wp_nonce_field('name_of_my_action','name_of_nonce_field'); ?>  </form>
  • 21. INSECURE DIRECT OBJECT REFERENCES