Rise of the Planet of the Anonymous

894 views

Published on

Rise of the Planet of the Anonymous
(and what you should do as a PHP developer). Knowledge sharing session at OWASP Day Kuala Lumpur, Malaysia 2011

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
894
On SlideShare
0
From Embeds
0
Number of Embeds
136
Actions
Shares
0
Downloads
13
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Rise of the Planet of the Anonymous

  1. 1. OWASP Day Kuala Lumpur 2011 Rise of the Planet of the Anonymous Errazudin Ishakwww.mimos.my © 2009 MIMOS Berhad. All Rights Reserved.
  2. 2. Rise of the Planet of the Anonymous (and what you should do as a PHP developer)www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  3. 3. Agenda • You • Me • Anonymous • Why PHP • PHP Security • Resourceswww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  4. 4. About YouName :Designation :Day job :Night job :www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  5. 5. About Me • Errazudin Ishak • @errazudin • Senior engineer @ Mimos Bhd Malaysia • Focuses on web application development, deployment, performance and stability. • 2009 : foss.my , MyGOSSCON • 2010 : Entp. PHP Techtalk, BarcampKL, PHP Meetup, MOSC2010, PHP Northwest UK, MyGOSSCON • 2011 : INTAN Tech Update, Wordpress Conf. Asia, Joomla! Day, MOSCwww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  6. 6. www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  7. 7. www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  8. 8. ANONYMOUSwww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  9. 9. Why so serious? – Joker www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  10. 10. News http://goo.gl/oVjqz 91 ATTACKED 76 RECOVEREDwww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  11. 11. Internet“…anonymous,uncontrolled, always on,and instantly accessiblefrom anywhere”www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  12. 12. Evolution…www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  13. 13. ..becomes revolution http://evolutionofweb.appspot.com/www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  14. 14. Does it apply here? (web security)"Good programmerswrite code, greatprogrammers reuse" Defcon19www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  15. 15. Web securityCompletely secure systemis virtually impossiblewww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  16. 16. Why? RISK USABILITYwww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  17. 17. Agenda • You • Me • Anonymous • Why PHP • PHP Security • Resourceswww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  18. 18. Why PHP? “More internet applications speak PHP than any other”www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  19. 19. Why PHP? Usage of server-side programming languages for websites 1% 1% 0% 4% 1% PHP 22% ASP.NET Java ColdFusion 77% Perl Ruby Python Source : http://w3techs.comwww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  20. 20. Why PHP? Usage of server-side programming languages for websites 4% 1% 1% 0% 1% PHP 22% ASP.NET Java ColdFusion 77% Perl Ruby Python Source : http://w3techs.comwww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  21. 21. PHP Secure? User Enterprise PHP Developerwww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  22. 22. PHP Secure? PHP is not the culprit, we (developer,sys admin,architect) are.www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  23. 23. Why PHP? “People have to understand their systems well to know where security issues are likely to appear” Rasmus Lerdorfwww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  24. 24. Agenda • You • Me • Anonymous • Why PHP • PHP Security • Resourceswww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  25. 25. PHP Security Secure Ecosystemwww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  26. 26. PHP Security Dev/prod environment Up to date Secure Ecosystem, Secured network Maintain it! Access (Permissions)www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  27. 27. PHP Security Secure Operationswww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  28. 28. PHP Security Human only Secure User identitification Operations, also practice Role based actions it! Track/Audit trailwww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  29. 29. PHP Security Secure Programmingwww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  30. 30. PHP Security Input validation DB SecureProgramming, XSS/CSRF/Session practice it! Access (Permissions)www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  31. 31. PHP Security “Security take an ongoing effort and a lot of little things instead of one big one” Cal Evanswww.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  32. 32. Security. (Remember Risk – Usability)www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  33. 33. Resources• php|architect’s Guide to PHP Security http://goo.gl/cUxuB• Pro PHP Security http://goo.gl/HGIkI• Defcon 19 http://goo.gl/S8Qw4• Artur Ejsmont’s blog http://goo.gl/HGUkg• Php.net• Zend.com• Phpcoe.mimos.my www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
  34. 34. THANK YOU @errazudin errazudin.ishak@mimos.my errazudin.ishak@gmail.com* All images, logos and data are the copyright oftheir respective owners www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.

×