Mark Niebergall, profile picture
Uploaded byMark Niebergall
PDF, PPTX445 views

Hacking with PHP

The document discusses hacking with PHP, focusing on increasing project security and understanding various cyber threats. It covers risk assessment, types of attacks such as ransomware and XSS, and effective countermeasures to enhance security. Additionally, it encourages creative coding and group discussions around real-world attack experiences and best practices.

Embed presentation

Download as PDF, PPTX
Hacking with PHP Mark Niebergall LonghornPHP 2019 https://github.com/mbniebergall/hacking-with-php
Mark Niebergall • PHP since 2005 • Masters degree in MIS • Senior Software Engineer • Drug screening project • Utah PHP Co-Organizer • CSSLP, SSCP Certified and SME • Father, long distance running, fishing, skiing
Objective • Understand attacks • Increase project security • Implement effective countermeasures
https://www.pexels.com/photo/architectural-design-architecture-blue-sky-bungalow-462358/
https://static01.nyt.com/images/2016/08/05/us/05onfire1_xp/05onfire1_xp-articleLarge-v2.jpg?quality=75&auto=webp&disable=upscale
Hacking with PHP • Risk to Resources • Threat Modeling • Types of Attacks • Countermeasures
Risk to Resources
Risk to Resources • Data • Functionality • Hardware • Source code
Threat Modeling
Threat Modeling • https://cybermap.kaspersky.com/
Threat Modeling • Identify threats - Script kiddies - Organized groups - Nation states - Curious users
Threat Modeling • Risk assessment
Types of Attacks
Types of Attacks • Ransomware • Malware • Covert data theft • Data decryption (credentials, personal, credit card, etc.) • Denial of Service (DoS)/Distributed DoS (DDoS) • Injection • Session hijacking • Cross-site scripting (XSS) • Spear Phishing • Name others?
Countermeasures
Countermeasures • Prevent attacks from being successful - Attacks are going to happen, can only reduce likelihood of success
https://www.kurdsoft.net/Photo/Editor/BLogImg/osi-model-7-layers-network-connectivity.png
Coding Time! • Be creative • Group input • Different attack types • How to implement countermeasures
Group Discussion • Attacks seen in the wild • Countermeasures used • PHP best practices • OSI model layers
Questions? • Feedback

More Related Content

PDF
MonkeySpider at Sicherheit 2008
byAli Ikinci
 
PPTX
Building Better WordPress Sites
byBrian LaFrance
 
PDF
Talesh Seeparsan - The Hound of the Malwarevilles
byMeet Magento Italy
 
PPTX
Secure programming with php
byMohmad Feroz
 
PDF
Php vulnerability presentation
bySqa Enthusiast
 
PDF
Hacking sites for fun and profit
byDavid Stockton
 
PDF
Dip Your Toes in the Sea of Security (PHP Dorset, 2nd June 2014)
byJames Titcumb
 
PDF
Hacking sites for fun and profit
byDavid Stockton
 
MonkeySpider at Sicherheit 2008
byAli Ikinci
 
Building Better WordPress Sites
byBrian LaFrance
 
Talesh Seeparsan - The Hound of the Malwarevilles
byMeet Magento Italy
 
Secure programming with php
byMohmad Feroz
 
Php vulnerability presentation
bySqa Enthusiast
 
Hacking sites for fun and profit
byDavid Stockton
 
Dip Your Toes in the Sea of Security (PHP Dorset, 2nd June 2014)
byJames Titcumb
 
Hacking sites for fun and profit
byDavid Stockton
 

Similar to Hacking with PHP

PDF
Hacking sites for fun and profit
byDavid Stockton
 
PPTX
Hardening Enterprise Apache
byguestd9aa5
 
PDF
Cybersecurity State of the Union
byMark Niebergall
 
PPTX
Prevent hacking
byViswanath Polaki
 
ODP
Security In PHP Applications
byAditya Mooley
 
PPTX
Securing your web apps now
byStephan Steynfaardt
 
PPTX
Vulnerabilities on Various Data Processing Levels
byPositive Hack Days
 
PDF
ENPM808 Independent Study Final Report - amaster 2019
byAlexander Master
 
PPTX
Php security common 2011
by10n Software, LLC
 
PDF
BH_US_12_Argyros_PRNG_Slides_text Presentatiion
byrollingacres
 
PDF
Secure PHP Coding
byNarudom Roongsiriwong, CISSP
 
PPTX
Vulnerabilities in data processing levels
bybeched
 
PPTX
Types of cyber attacks
bykrishh sivakrishna
 
PDF
Session10-PHP Misconfiguration
byzakieh alizadeh
 
PDF
Anatomy of PHP Shells
byVedran Krivokuca
 
PDF
Web Security: What's wrong, and how the bad guys can break your website
byAndrew Sorensen
 
PDF
Dip Your Toes in the Sea of Security (PHP UK 2016)
byJames Titcumb
 
PDF
DrupalCamp London 2017 - Web site insecurity
byGeorge Boobyer
 
PDF
Cyber Kill Chain: Web Application Exploitation
byPrathan Phongthiproek
 
ODP
How secure is your code?
byMikee Franklin
 
Hacking sites for fun and profit
byDavid Stockton
 
Hardening Enterprise Apache
byguestd9aa5
 
Cybersecurity State of the Union
byMark Niebergall
 
Prevent hacking
byViswanath Polaki
 
Security In PHP Applications
byAditya Mooley
 
Securing your web apps now
byStephan Steynfaardt
 
Vulnerabilities on Various Data Processing Levels
byPositive Hack Days
 
ENPM808 Independent Study Final Report - amaster 2019
byAlexander Master
 
Php security common 2011
by10n Software, LLC
 
BH_US_12_Argyros_PRNG_Slides_text Presentatiion
byrollingacres
 
Secure PHP Coding
byNarudom Roongsiriwong, CISSP
 
Vulnerabilities in data processing levels
bybeched
 
Types of cyber attacks
bykrishh sivakrishna
 
Session10-PHP Misconfiguration
byzakieh alizadeh
 
Anatomy of PHP Shells
byVedran Krivokuca
 
Web Security: What's wrong, and how the bad guys can break your website
byAndrew Sorensen
 
Dip Your Toes in the Sea of Security (PHP UK 2016)
byJames Titcumb
 
DrupalCamp London 2017 - Web site insecurity
byGeorge Boobyer
 
Cyber Kill Chain: Web Application Exploitation
byPrathan Phongthiproek
 
How secure is your code?
byMikee Franklin
 

More from Mark Niebergall

PDF
Filesystem Management with Flysystem - php[tek] 2023
byMark Niebergall
 
PDF
Leveling Up With Unit Testing - php[tek] 2023
byMark Niebergall
 
PDF
Filesystem Management with Flysystem at PHP UK 2023
byMark Niebergall
 
PDF
Leveling Up With Unit Testing - LonghornPHP 2022
byMark Niebergall
 
PDF
Developing SOLID Code
byMark Niebergall
 
PDF
Unit Testing from Setup to Deployment
byMark Niebergall
 
PDF
Stacking Up Middleware
byMark Niebergall
 
PDF
BDD API Tests with Gherkin and Behat
byMark Niebergall
 
PDF
BDD API Tests with Gherkin and Behat
byMark Niebergall
 
PDF
Relational Database Design Bootcamp
byMark Niebergall
 
PDF
Starting Out With PHP
byMark Niebergall
 
PDF
Automatic PHP 7 Compatibility Checking Using php7cc (and PHPCompatibility)
byMark Niebergall
 
PDF
Debugging PHP with Xdebug - PHPUK 2018
byMark Niebergall
 
PDF
Advanced PHP Simplified - Sunshine PHP 2018
byMark Niebergall
 
PDF
Defensive Coding Crash Course Tutorial
byMark Niebergall
 
PDF
Inheritance: Vertical or Horizontal
byMark Niebergall
 
PDF
Cryptography With PHP - ZendCon 2017 Workshop
byMark Niebergall
 
PDF
Defensive Coding Crash Course - ZendCon 2017
byMark Niebergall
 
PDF
Leveraging Composer in Existing Projects
byMark Niebergall
 
PDF
Defensive Coding Crash Course
byMark Niebergall
 
Filesystem Management with Flysystem - php[tek] 2023
byMark Niebergall
 
Leveling Up With Unit Testing - php[tek] 2023
byMark Niebergall
 
Filesystem Management with Flysystem at PHP UK 2023
byMark Niebergall
 
Leveling Up With Unit Testing - LonghornPHP 2022
byMark Niebergall
 
Developing SOLID Code
byMark Niebergall
 
Unit Testing from Setup to Deployment
byMark Niebergall
 
Stacking Up Middleware
byMark Niebergall
 
BDD API Tests with Gherkin and Behat
byMark Niebergall
 
BDD API Tests with Gherkin and Behat
byMark Niebergall
 
Relational Database Design Bootcamp
byMark Niebergall
 
Starting Out With PHP
byMark Niebergall
 
Automatic PHP 7 Compatibility Checking Using php7cc (and PHPCompatibility)
byMark Niebergall
 
Debugging PHP with Xdebug - PHPUK 2018
byMark Niebergall
 
Advanced PHP Simplified - Sunshine PHP 2018
byMark Niebergall
 
Defensive Coding Crash Course Tutorial
byMark Niebergall
 
Inheritance: Vertical or Horizontal
byMark Niebergall
 
Cryptography With PHP - ZendCon 2017 Workshop
byMark Niebergall
 
Defensive Coding Crash Course - ZendCon 2017
byMark Niebergall
 
Leveraging Composer in Existing Projects
byMark Niebergall
 
Defensive Coding Crash Course
byMark Niebergall
 

Recently uploaded

PPTX
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
PDF
Build Modern Applications with Amazon Aurora DSQL- AWS User Group Bonn 2026
byVadym Kazulkin
 
PDF
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
PPTX
How CFD Simulations Support Sustainable Data Center Design Optimization
byWeb Synergies
 
PPTX
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
PDF
Massage Booking App Development Company
byV3CUBE TECHNOLABS
 
PDF
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
PDF
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
PPTX
Chapter Two Logic and Language - Copy.pptx
byGediyonBelay
 
PDF
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
PPTX
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
PDF
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
PDF
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
PPTX
Introduction to n8n infrstructure and ho to install it
byMassimiliano Iommi
 
PDF
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
PDF
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
PDF
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
PDF
Routing Guidelines: Unlocking Smarter Query Routing in MySQL Architectures
byMiguel Araújo
 
PPTX
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 
PPTX
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 
‘Analyzing Application Logs Using AI’ Webinar
byTier1 app
 
Build Modern Applications with Amazon Aurora DSQL- AWS User Group Bonn 2026
byVadym Kazulkin
 
Ontwikkel sneller en veiliger met GitHub Copilot
byDelta-N
 
How CFD Simulations Support Sustainable Data Center Design Optimization
byWeb Synergies
 
Pitch Deck for MEVIA OS - No Apps, Infinite, Decentralized Operating System
byDr. Edwin Hernandez
 
Massage Booking App Development Company
byV3CUBE TECHNOLABS
 
JFokus 2026 - Please pass the salt- Serve up passwords with a side of entropy...
byOrtus Solutions, Corp
 
SAP ERP to SAP S_4HANA Cloud Private Edition Delta Scope
bychuck78
 
Chapter Two Logic and Language - Copy.pptx
byGediyonBelay
 
Versnel innovatie met GitHub Enterprise - Rick Smit GitHub
byDelta-N
 
Best Digital Marketing Company in Lucknow
bydigitallearning9277
 
Metrics, Logs, Traces, and Mayhem_ Introducing an observability adventure gam...
byImma Valls Bernaus
 
MySQL Routing Guidelines: Designing Smarter Query Routing Together
byMiguel Araújo
 
Introduction to n8n infrstructure and ho to install it
byMassimiliano Iommi
 
eresource Xcel ERP for Maunfacturing - Best Manufacturing ERP for SME
byeresource Infotech Pvt.Ltd
 
Doctor On Call App Development for Digital Healthcare.
byV3CUBE TECHNOLABS
 
Introduction to Modern Artificial Intelligence.pdf
byAI n Dot Net
 
Routing Guidelines: Unlocking Smarter Query Routing in MySQL Architectures
byMiguel Araújo
 
Salesforce Spring '26 Release presentation - Melbourne Salesforce User Group
byAnne N
 
40m_wAIred_DigitalPlatformRabobank_10022026.pptx
bySimonedeGijt
 

Hacking with PHP