"SELECT * FROM users WHERE email='$name'"; foreach($db->query($sql) as $user) { // ... } curl -X POST -d "name=a@b.com' OR 1=1;--" http://yoursite.com SELECT * FROM users WHERE email='a@b.com' OR 1=1;--'
"SELECT * FROM users WHERE email=:email"; $statement = $db->prepare($sql); $params = [':email' => $name]; foreach($db->execute($statement, $params) as $user) { // ... } curl -X POST -d "name=a@b.com' OR 1=1;--" http://yoursite.com SELECT * FROM users WHERE email='a@b.com\' OR 1=1;--'
information Don’t trust information provided by the user Don’t store sensitive information with an untrusted party Don’t use cookies to store sensitive data (If you are using cookies, use secure cookies - but only store identifiers)
the server Ensure strong authentication protects user identities Lock down insecure algorithms and primitives Only use trusted third-party library implementations
/** * Automatically purge the cache file from disk to clean up */ public function __destruct() { $file = "/var/www/cache/tmp/carts/{$this->cache_file}"; if ($this->cleanup && file_exists($file)) { @unlink($file); } } } $data = unserialize($_GET['data']); https://yoursite.com/endpoint.php?data=O:9:"CartCache":2:{s:10:"cache_file";s:18:"../../../i ndex.php";s:4:"data";a:0:{}}
vulnerable libraries Leverage unattended-upgrades to keep system packages up-to-date Audit the packages installed on your server - don’t install things you don’t need
vulnerable libraries Leverage unattended-upgrades to keep system packages up-to-date Audit the packages installed on your server - don’t install things you don’t need Only run current, supported versions of PHP!!!