Seminar on various security issues faced by PHP developers and ways to avoid them. The Examples used in the seminar can be downloaded from -> http://www.sanisoft.com/blog/wp-content/uploads/2009/08/security.tar.gz

1. Security in PHP Applications By: Aditya Mooley Nagpur PHP Meetup August'09

3. Zend Certified PHP 5 Engineer

4. Working with SANIsoft Technologies since last 6 years

5. Opensource contributor

6. Writing secure web applications

8. What to Secure

9. How to Secure

11. Used by individuals as well as corporates

12. Handles lot of critical and sensitive information

13. Malicious users can misuse this information if they get access to it

15. Secure database

16. Secure web server

18. register_globals is biggest evil. It must be off.

19. Don't use $_REQUEST. Use individual super globals instead.

21. Escape output

23. Cross site scripting

24. SQL Injection

25. File inclusion

26. Session fixation

27. and lot more ...

29. Check every data coming from user

34. Setting malicious cookies

35. Access to restricted area

38. Filtering out the HTML tags with strip_tags()

42. Incorrect type handling

45. Typecasting data properly before passing to SQL

46. Using Prepared Statements (MySQLi/PDO)

48. Attacker can get shell access to the server which can be used to any extent.

49. Such attacks can be prevented by properly filtering the input data before using it in include statement.

51. Example .

53. After this, there is no way for the website to differentiate between the two.

54. Attacker can perform all the actions that are allowed to the original user.

55. Example .

57. This can be done with session_regenerate_id()

58. For extra security disable the ini setting session.use_trans_sid

61. http://www.phpwact.org/security/attack/catalog

63. http://en.wikipedia.org

64. http://www.phpwact.org

65. Examples used in this presention can be downloaded from http://www.sanisoft.com/blog/wp-content/uploads/2009/08/security.tar.gz

66. Thanks