The document discusses secure PHP coding practices and emphasizes the importance of mitigating vulnerabilities that could lead to reputation loss, financial damages, or data disclosure. It highlights common vulnerabilities such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF), providing examples of exploitation techniques and prevention strategies. Key recommendations include escaping user input, using session tokens, and implementing strict input validation to enhance security in web applications.

1. Secure PHP Coding Practices @jeffchannell

2. Why Should I Care? Loss of reputation (to you as a developer)

3. Financial Loss

4. Disclosure of Information

5. Damage to other sites

6. Basic Guidelines Trust Nothing Escape for the occasion

7. Understand different exploitation techniques

8. Who is this guy? Web developer with Anything Digital Security researcher

9. Discovered numerous vulnerabilities, primarily in Joomla! extensions

10. Common Vulnerability Types Information Disclosure

11. SQL Injection

12. Code Execution

13. Cross Site Scripting (XSS)

14. Cross Site Request Forgery (CSRF)

15. Information Disclosure Reveals non-public information

16. Cannot be used by itself to gain access

17. Useful to an attacker

18. Generally involves absolute paths to files (Path Disclosure)

19. Error reporting generally includes paths

20. MySQL errors

21. SQL Injection Caused by passing user-supplied input directly into an SQL query

22. Allows an attacker to alter the query

23. Does not always divulge information directly (known as “Blind Injection”)

24. SQL Injection – Example 1 $id = JRequest::getVar( 'id' ); $query = 'SELECT id, title FROM #__foobar WHERE id = ' . $id ; $db = JFactory::getDbo(); $db ->setQuery( $query ); $results = $db ->loadObject();

25. SQL Injection – Example 1 User input is concatenated with the query

26. SQL Injection – Example 1 User input is concatenated with the query

27. A malicious user can exploit this using the following request: index.php?option=com_foobar&id= 0 union select 1,2

28. SQL Injection – Example 1 User input is concatenated with the query

29. A malicious user can exploit this using the following request: index.php?option=com_foobar&id= 0 union select 1,2 This causes the query to become: SELECT id, title FROM #__foobar WHERE id = 0 union select 1,2

30. SQL Injection – Example 1 $id = JRequest::get Int ( 'id' ); $query = 'SELECT id, title FROM #__foobar WHERE id = ' . $id ; $db = JFactory::getDbo(); $db ->setQuery( $query ); $results = $db ->loadObject();

31. SQL Injection – Example 2 $title = JRequest::getVar( 'title' ); $query = 'SELECT id, title FROM #__foobar WHERE title = \'' . $title . '\'' ; $db = JFactory::getDbo(); $db ->setQuery( $query ); $results = $db ->loadObject();