• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Http and security
 

Http and security

on

  • 944 views

 

Statistics

Views

Total Views
944
Views on SlideShare
944
Embed Views
0

Actions

Likes
1
Downloads
4
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Http and security Http and security Presentation Transcript

    • HTTP AND SECURITY
    • AGENDA HTTP basics  HTTP methods  PHP and HTTP  Security threats and attacks  Security in PHP 
    • HTTP The Hypertext Transfer Protocol (HTTP) is an application protocol for distributed, collaborative, hypermedia information systems  HTTP is the foundation of data communication for the World Wide Web. 
    • HTTP HTTP functions as a request-response protocol in the client-server computing model  The response contains completion status information about the request and may also contain requested content in its message body  HTTP is an application layer protocol (mostly TCP, but can use UDP) 
    • HTTP SESSIONS An HTTP session is a sequence of network request-response transactions  Every session has an ID and reflects conversation between one client and server  In PHP $_SESSION variable can hold session parameters 
    • HTTP METHODS          GET - Requests a representation of the specified resource HEAD - likeGET request, but without the response body POST - Requests that the server accept the entity enclosed in the request as a new subordinate of the web resource identified by the URI PUT - Requests that the enclosed entity be stored under the supplied URI DELETE - Deletes the specified resource. TRACE - Echoes back the received request so that a client can see what changes or additions have been made by intermediate servers. OPTIONS - Returns the HTTP methods that the server supports for the specified URL CONNECT - Converts the request connection to a transparent TCP/IP tunnel PATCH - Is used to apply partial modifications to a resource
    • HTTP GET /test/demo_form.php?name1=value1&name2=val ue2  GET requests can be cached  GET requests remain in the browser history  GET requests can be bookmarked  GET requests should never be used when dealing with sensitive data  GET requests have length restrictions (2048)  GET requests should be used only to retrieve data 
    • HTTP POST POST /test/demo_form.asp HTTP/1.1  Host: w3schools.com  name1=value1&name2=value2  POST requests are never cached  POST requests do not remain in the browser history  POST requests cannot be bookmarked  POST requests have no restrictions on data length 
    • PHP METHODS FOR POST AND GET GET - $_GET variable  POST - $_POST variable  $_REQUEST for both + $_COOKIE  if (isset($_GET['user']) && isset($_GET['gen'])) {  $user = $_GET['user'];  $gen = $_GET['gen'];  echo 'User: '. $user. ' - gender: '. $gen; } 
    • AND WORDPRESS Wordpress core does not use sessions  Wordpress core uses only cookies  However plugins can use sessions 
    • SECURITY INTRODUCTION Weakest part of site is entry point  Write your code secure!  Don’t be victim of laziness and get hacked (or put users in risk)  It’s easier to protect then to heal 
    • CROSS SITE SCRIPTING (XSS) Adding additional HTML or javascript to source of page  Injectiong trough url parameters, requests or form fields  Stored XSS, Reflected, DOM based 
    • XSS PROTECTION Stripping tags  Transform characters like <,>,/,’,” etc to html entities  Php functions:     string strip_tags ( string $str [, string $allowable_tags ] ) string htmlentities ( string $string) string htmlspecialchars( string $string)
    • SQL INJECTION SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution  Types:    Classic SQLI Blind or Inference SQL injection
    • SQL INJECTION EXAMPLE statement = "SELECT * FROM users WHERE name ='" + userName + "';“  Attacker input 1: ' or '1'='1  Attacker input 2: ' or '1'='1' -- '  Executed query:  1: SELECT * FROM users WHERE name = '' OR '1'='1';  2: SELECT * FROM users WHERE name = '' OR '1'='1' -- ';  Consider input:  a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't 
    • SQL INJECTION PROTECTION Filter user input  Way 1:         $stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?'); $stmt->bind_param('s', $name); $stmt->execute(); $result = $stmt->get_result(); while ($row = $result->fetch_assoc()) { // do something with $row } Way2: $unsafe_variable = $_POST["user-input"] ;  $safe_variable = mysql_real_escape_string($unsafe_variable);  mysql_query("INSERT INTO table (column) VALUES ('" . $safe_variable . "')"); 
    • SQL INJECTION WORDPRESS PROTECTION Use prepare function with parameters  $wpdb->query(  $wpdb->prepare(    " DELETE FROM $wpdb->postmeta WHERE post_id = %d AND meta_key = %s ", 13, 'gargle' ) );  Prepare function filters parameters and is safe from sql injection 
    • SENSITIVE DATA EXPOSURE All data that are stored should be stored hased or encrypted  Try to protect also transport layer (best using ssl) 
    • CROSS SITE REQUEST FORGERY (CSRF) Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts.  Attacker creates page that request some action that only authorized user can execute  Attacker sends link of the page to the victim  Victim clicks on link and execute command as authorized user 
    • PROTECTION AGAINST CSRF Use token when sending every action  Token should be created for each request or at least per session  In wordpres you may use wp_nonce_field and wp_verify_nonce, wp_create_nonce    <form method="post"> <!-- some inputs here ... -->  <?php wp_nonce_field('name_of_my_action','name_of_nonce_field'); ?>  </form>
    • INSECURE DIRECT OBJECT REFERENCES