Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Hacking with PHP

158 views

Published on

Attacks occur at an alarming rate and frequency against every online application. Creating effective counter-measures takes creativity coupled with proven techniques. From DoS to password cracking to injection attacks, see actual PHP code an attacker could use to launch attacks, and learn what works and what does not to prevent attacks from succeeding. Warning: this session will include live coding and attacks on pre-approved targets, do not try without approval from target systems first.

See code at https://github.com/mbniebergall/hacking-with-php

Published in: Software
  • Be the first to comment

  • Be the first to like this

Hacking with PHP

  1. 1. Hacking with PHP Mark Niebergall LonghornPHP 2019 https://github.com/mbniebergall/hacking-with-php
  2. 2. Mark Niebergall • PHP since 2005 • Masters degree in MIS • Senior Software Engineer • Drug screening project • Utah PHP Co-Organizer • CSSLP, SSCP Certified and SME • Father, long distance running, fishing, skiing
  3. 3. Objective • Understand attacks • Increase project security • Implement effective countermeasures
  4. 4. https://www.pexels.com/photo/architectural-design-architecture-blue-sky-bungalow-462358/
  5. 5. https://static01.nyt.com/images/2016/08/05/us/05onfire1_xp/05onfire1_xp-articleLarge-v2.jpg?quality=75&auto=webp&disable=upscale
  6. 6. Hacking with PHP • Risk to Resources • Threat Modeling • Types of Attacks • Countermeasures
  7. 7. Risk to Resources
  8. 8. Risk to Resources • Data • Functionality • Hardware • Source code
  9. 9. Threat Modeling
  10. 10. Threat Modeling • https://cybermap.kaspersky.com/
  11. 11. Threat Modeling • Identify threats - Script kiddies - Organized groups - Nation states - Curious users
  12. 12. Threat Modeling • Risk assessment
  13. 13. Types of Attacks
  14. 14. Types of Attacks • Ransomware • Malware • Covert data theft • Data decryption (credentials, personal, credit card, etc.) • Denial of Service (DoS)/Distributed DoS (DDoS) • Injection • Session hijacking • Cross-site scripting (XSS) • Spear Phishing • Name others?
  15. 15. Countermeasures
  16. 16. Countermeasures • Prevent attacks from being successful - Attacks are going to happen, can only reduce likelihood of success
  17. 17. https://www.kurdsoft.net/Photo/Editor/BLogImg/osi-model-7-layers-network-connectivity.png
  18. 18. Coding Time! • Be creative • Group input • Different attack types • How to implement countermeasures
  19. 19. Group Discussion • Attacks seen in the wild • Countermeasures used • PHP best practices • OSI model layers
  20. 20. Questions? • Feedback

×