Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Secure PHP - NomadPHP Lightning Talk

Secure PHP - NomadPHP Lightning Talk

Ben Edmunds

August 19, 2014
Tweet

More Decks by Ben Edmunds

Other Decks in Programming

Transcript

  1. Who is this guy? Ben Edmunds ! Open Source Author

    PHP Town Hall Podcast CTO at Mindfulware
  2. PDO

  3. PDO $stmt = $db->prepare(‘ SELECT * FROM users WHERE id=:id

    ’); ! $stmt->bindParam(‘:id’, $id); $stmt->execute();
  4. Safe Defaults class Your Controller { protected $var1 = ‘default

    value’; ! function __construct() { … } }
  5. Safe Defaults $something = false; ! foreach ($array as $k

    => $v) { $something = $v->foo; if ($something == ‘bar’) { … } }
  6. Popular Hacks //Persistent XSS ! Same idea, except with data

    that is saved to the server and re-displayed
  7. Popular Hacks //CSRF Protection ! POST / PUT / UPDATE

    / DELETE behind forms with one-time use tokens ! !
  8. Popular Hacks //CSRF Protection ! function generateCsrf() { $token =

    mcrypt_create_iv( 16, MCRYPT_DEV_URANDOM); Session::flash('csrfToken', $token); return $token; }
  9. Unit Testing class ApiAuthTest extends PHPUnit_Framework_TestCase { ! public function

    testVerify() { ! $auth = new apiAuth(); $this->assertTrue($auth->verify());
  10. Unit Testing class ApiAuthTest extends PHPUnit_Framework_TestCase { ! public function

    testVerify() { ! $auth = new apiAuth(); $this->assertTrue($auth->verify());
  11. Unit Testing $ phpunit tests ! PHPUnit 3.3.17 by Sebastian

    Bergmann. Time: 0.01 seconds OK (1 tests, 1 assertions)