Upgrade to Pro — share decks privately, control downloads, hide ads and more …

90K reasons security is a must - PHPBenelux Edition

8fc45f4725efe8e8bc8d6c1f92224b65?s=47 Michelangelo
September 17, 2014

90K reasons security is a must - PHPBenelux Edition

We all have focussed on best practices and code quality over the past years, but we seemed to forgot the most important aspect of the web: security.
This talk gives a good overview on your first-line of defence in your code, how to ensure that new exploits and hacking techniques are covered with tests and how you build solid web applications that secured enough to keep script kiddies and wanna-be hackers away. I will also give some tips what to do when you're company becomes victim of cyber crimes.

8fc45f4725efe8e8bc8d6c1f92224b65?s=128

Michelangelo

September 17, 2014
Tweet

Transcript

  1. 2 90K  reasons why  security  is  a  must

  2. About  a  year  ago 2

  3. A  year  later 3

  4. 4 https://www.flickr.com/photos/andymag/9349743409

  5. Neverending  awareness 5 https://www.flickr.com/photos/yonolatengo/8338597558

  6. Why  bother? 6 https://www.flickr.com/photos/emagic/56206868

  7. 7 In  the  news… https://www.flickr.com/photos/39908901@N06/6923408938

  8. Yes,  you’re  a  target! 8 https://www.flickr.com/photos/jeepersmedia/14546059371

  9. Email  addresses  are  valuable! 9 https://www.flickr.com/photos/horiavarlan/4514164700

  10. One  password,  many  sites! 10

  11. Who’s  aDer  my  data? 11 https://www.flickr.com/photos/teegardin/6093810333

  12. Script  kiddies 12

  13. Amateur  hacker 13 https://www.flickr.com/photos/hackny/6203305706

  14. Professional  hacker 14 https://www.flickr.com/photos/equinoxefr/6857174987

  15. Business  CompeLLon 15 https://www.flickr.com/photos/haggismac/5090028513

  16. Governments 16 https://www.flickr.com/photos/defenceimages/7985695591

  17. What  to  do  against  it? 17 https://www.flickr.com/photos/drachmann/327122302

  18. Cultural  differences 18 https://www.flickr.com/photos/robdeman/2390666040

  19. Legal  regulaLons 19 https://www.flickr.com/photos/puisney/1674586821

  20. Architectural  consideraLons 20 https://www.flickr.com/photos/niftyniall/12768922813

  21. Restrict  physical  access 21 https://www.flickr.com/photos/zapthedingbat/487133720

  22. Secure  your  network 22 https://www.flickr.com/photos/99279135@N05/14618342277

  23. Extra  care  for  privacy  data 23 https://www.flickr.com/photos/hyku/368912557

  24. Use  encrypLon 24 https://www.flickr.com/photos/ideonexus/5175383269

  25. Lock  down  your  applicaLon 25 https://www.flickr.com/photos/simon_cocks/4534589059

  26. Create  security  checkpoints 26 https://www.flickr.com/photos/paulk/2212992458

  27. Track  movements 27 https://www.flickr.com/photos/timsamoff/362730755

  28. Code  consideraLons 28 https://www.flickr.com/photos/nyuhuhuu/4443886636

  29. Security  is  not  an  aDerthought! 29 https://www.flickr.com/photos/webb-zahn/10971215425

  30. SaniLse  data,  always <?php       $id  =  $_GET['id'];

          //  sanitise  tainted  data   $clean_id  =  filter_var($id,  FILTER_SANITIZE_NUMBER_INT);   $clean_id  =  filter_var($clean_id,  FILTER_VALIDATE_INT);   if  (0  <  $clean_id)  {          $stmt  =  $pdo-­‐>prepare(                  'SELECT  *  FROM  TABLE  WHERE  `id`  =  ?'          );          $stmt-­‐>bindParam(1,  $clean_id,  PDO::PARAM_INT);          $stmt-­‐>execute();   } 30
  31. Use  the  right  tool  for  the  job 31 https://www.flickr.com/photos/florianric/7263382550

  32. 32

  33. 33

  34. Layered  security 34 https://www.flickr.com/photos/feesta/2700575201

  35. You  know  all  this,  right! 35 https://www.flickr.com/photos/sarahreido/3120877348

  36. VicLm  of  an  aVack? 36 https://www.flickr.com/photos/marittoledo/8512244945

  37. Know  you’ve  been  hacked! 37

  38. Inform  everyone  ASAP! 38 https://www.flickr.com/photos/bluerobot/5490728061

  39. Get  security  advise! 39

  40. Inform  the  world 40

  41. Your  turn 41 https://www.flickr.com/photos/tmab2003/4277896845

  42. Spread  the  word 42 https://www.flickr.com/photos/suneko/373310729

  43. Comment  on  “bad”  pracLces 43 https://www.flickr.com/photos/sebastian_bergmann/3991539605

  44. Learn  about  the  risks 44

  45. Learn  the  basics  of  hacking 45 hack.me

  46. Use  hack  cheat  sheets 46 ha.ckers.org

  47. ConLnuously  unit  test! 47

  48. Other  resources… 48

  49. EssenLal  PHP  Security 49

  50. Security  Checklist 50 snipe.ly/risk_matrix

  51. May  the  force  be  with  you 51

  52. QuesLons 52 https://www.flickr.com/photos/colinkinner/2200500024

  53. 53 https://www.flickr.com/photos/psd/2086641

  54. 54 joind.in/11926 If you like it, thanks. If you don’t,

    please tell me how to improve
  55. Contact  us 55 Consulting - Training - Audits - Graphics

    www.in2it.be - info@in2it.be