HTTP AND SECURITY
AGENDA
HTTP basics
 HTTP methods
 PHP and HTTP
 Security threats and attacks
 Security in PHP

HTTP
The Hypertext Transfer Protocol (HTTP) is
an application protocol for distributed,
collaborative, hypermedia informat...
HTTP
HTTP functions as a request-response protocol in
the client-server computing model
 The response contains completion...
HTTP SESSIONS
An HTTP session is a sequence of network
request-response transactions
 Every session has an ID and reflect...
HTTP METHODS













GET - Requests a representation of the specified resource
HEAD - likeGET request, but w...
HTTP GET
/test/demo_form.php?name1=value1&name2=val
ue2
 GET requests can be cached
 GET requests remain in the browser ...
HTTP POST
POST /test/demo_form.asp HTTP/1.1
 Host: w3schools.com
 name1=value1&name2=value2


POST requests are never c...
PHP METHODS FOR POST AND GET
GET - $_GET variable
 POST - $_POST variable
 $_REQUEST for both + $_COOKIE


if (isset($_...
AND WORDPRESS
Wordpress core does not use sessions
 Wordpress core uses only cookies
 However plugins can use sessions

SECURITY INTRODUCTION
Weakest part of site is entry point
 Write your code secure!
 Don’t be victim of laziness and get ...
CROSS SITE SCRIPTING (XSS)
Adding additional HTML or javascript to source
of page
 Injectiong trough url parameters, requ...
XSS PROTECTION
Stripping tags
 Transform characters like <,>,/,’,” etc to html
entities
 Php functions:






string...
SQL INJECTION
SQL injection is a code injection technique,
used to attack data driven applications, in which
malicious SQL...
SQL INJECTION EXAMPLE
statement = "SELECT * FROM users WHERE
name ='" + userName + "';“
 Attacker input 1: ' or '1'='1
 ...
SQL INJECTION PROTECTION
Filter user input
 Way 1:












$stmt = $dbConnection->prepare('SELECT * FROM empl...
SQL INJECTION WORDPRESS PROTECTION
Use prepare function with parameters
 $wpdb->query(
 $wpdb->prepare(





" DELETE...
SENSITIVE DATA EXPOSURE
All data that are stored should be stored hased or
encrypted
 Try to protect also transport layer...
CROSS SITE REQUEST FORGERY (CSRF)
Cross-site request forgery, also known as a
one-click attack or session riding and
abbre...
PROTECTION AGAINST CSRF
Use token when sending every action
 Token should be created for each request or at
least per ses...
INSECURE DIRECT OBJECT REFERENCES
Http and security
Upcoming SlideShare
Loading in...5
×

Http and security

1,073

Published on

Published in: Education, Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,073
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
10
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Http and security

  1. 1. HTTP AND SECURITY
  2. 2. AGENDA HTTP basics  HTTP methods  PHP and HTTP  Security threats and attacks  Security in PHP 
  3. 3. HTTP The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems  HTTP is the foundation of data communication for the World Wide Web. 
  4. 4. HTTP HTTP functions as a request-response protocol in the client-server computing model  The response contains completion status information about the request and may also contain requested content in its message body  HTTP is an application layer protocol (mostly TCP, but can use UDP) 
  5. 5. HTTP SESSIONS An HTTP session is a sequence of network request-response transactions  Every session has an ID and reflects conversation between one client and server  In PHP $_SESSION variable can hold session parameters 
  6. 6. HTTP METHODS          GET - Requests a representation of the specified resource HEAD - likeGET request, but without the response body POST - Requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI PUT - Requests that the enclosed entity be stored under the supplied URI DELETE - Deletes the specified resource. TRACE - Echoes back the received request so that a client can see what changes or additions have been made by intermediate servers. OPTIONS - Returns the HTTP methods that the server supports for the specified URL CONNECT - Converts the request connection to a transparent TCP/IP tunnel PATCH - Is used to apply partial modifications to a resource
  7. 7. HTTP GET /test/demo_form.php?name1=value1&name2=val ue2  GET requests can be cached  GET requests remain in the browser history  GET requests can be bookmarked  GET requests should never be used when dealing with sensitive data  GET requests have length restrictions (2048)  GET requests should be used only to retrieve data 
  8. 8. HTTP POST POST /test/demo_form.asp HTTP/1.1  Host: w3schools.com  name1=value1&name2=value2  POST requests are never cached  POST requests do not remain in the browser history  POST requests cannot be bookmarked  POST requests have no restrictions on data length 
  9. 9. PHP METHODS FOR POST AND GET GET - $_GET variable  POST - $_POST variable  $_REQUEST for both + $_COOKIE  if (isset($_GET['user']) && isset($_GET['gen'])) {  $user = $_GET['user'];  $gen = $_GET['gen'];  echo 'User: '. $user. ' - gender: '. $gen; } 
  10. 10. AND WORDPRESS Wordpress core does not use sessions  Wordpress core uses only cookies  However plugins can use sessions 
  11. 11. SECURITY INTRODUCTION Weakest part of site is entry point  Write your code secure!  Don’t be victim of laziness and get hacked (or put users in risk)  It’s easier to protect then to heal 
  12. 12. CROSS SITE SCRIPTING (XSS) Adding additional HTML or javascript to source of page  Injectiong trough url parameters, requests or form fields  Stored XSS, Reflected, DOM based 
  13. 13. XSS PROTECTION Stripping tags  Transform characters like <,>,/,’,” etc to html entities  Php functions:     string strip_tags ( string $str [, string $allowable_tags ] ) string htmlentities ( string $string) string htmlspecialchars( string $string)
  14. 14. SQL INJECTION SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution  Types:    Classic SQLI Blind or Inference SQL injection
  15. 15. SQL INJECTION EXAMPLE statement = "SELECT * FROM users WHERE name ='" + userName + "';“  Attacker input 1: ' or '1'='1  Attacker input 2: ' or '1'='1' -- '  Executed query:  1: SELECT * FROM users WHERE name = '' OR '1'='1';  2: SELECT * FROM users WHERE name = '' OR '1'='1' -- ';  Consider input:  a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't 
  16. 16. SQL INJECTION PROTECTION Filter user input  Way 1:         $stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?'); $stmt->bind_param('s', $name); $stmt->execute(); $result = $stmt->get_result(); while ($row = $result->fetch_assoc()) { // do something with $row } Way2: $unsafe_variable = $_POST["user-input"] ;  $safe_variable = mysql_real_escape_string($unsafe_variable);  mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')"); 
  17. 17. SQL INJECTION WORDPRESS PROTECTION Use prepare function with parameters  $wpdb->query(  $wpdb->prepare(    " DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s ", 13, 'gargle' ) );  Prepare function filters parameters and is safe from sql injection 
  18. 18. SENSITIVE DATA EXPOSURE All data that are stored should be stored hased or encrypted  Try to protect also transport layer (best using ssl) 
  19. 19. CROSS SITE REQUEST FORGERY (CSRF) Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.  Attacker creates page that request some action that only authorized user can execute  Attacker sends link of the page to the victim  Victim clicks on link and execute command as authorized user 
  20. 20. PROTECTION AGAINST CSRF Use token when sending every action  Token should be created for each request or at least per session  In wordpres you may use wp_nonce_field and wp_verify_nonce, wp_create_nonce    <form method="post"> <!-- some inputs here ... -->  <?php wp_nonce_field('name_of_my_action','name_of_nonce_field'); ?>  </form>
  21. 21. INSECURE DIRECT OBJECT REFERENCES
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×