Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building secure applications with Zend Framework 2

Building secure applications with Zend Framework 2

Security is a very important aspect of web applications and is not only limited to "filter the input and escape the output". In this talk we will present the security features of Zend Framework 2 that can help PHP developers to build secure web applications. We will talk about the Authentication and Authorization component, the Escaper component and the Cryptographic component that can be used to safely store user's password and protect sensitive data using strong cryptographic algorithms like AES, Bcrypt, Scrypt, RSA, etc.
This talk was presented at ZendCon 2013 in Santa Clara (California).

Enrico Zimuel

October 08, 2013

More Decks by Enrico Zimuel

Other Decks in Programming


  1. 2 About me • Enrico Zimuel (@ezimuel) • Software Engineer

    since 1996 • PHP Engineer at Zend Technologies in the Zend Framework and Apigility Team • International speaker, author of books and technical articles • Researcher programmer at Informatics Institute of University of Amsterdam • Co-founder of PUG Torino (Italy)
  2. OWASP Top Ten Attacks 2013 1) Injection 2) Broken Authentication

    and Session Management 3) Cross-Site Scripting (XSS) 4) Insecure direct object references 5) Security Misconfiguration 6) Sensitive Data Exposure 7) Missing function level access control 8) Cross-Site Request Forgery (CSRF) 9) Using components with known vulnerability 10) Unvalidated redirects and forwards Source: https://www.owasp.org/index.php/Top_10_2013-Top_10
  3. ZF2 security in a nutshell • Organization of the code

    – 1 public folder with redirect (.htaccess) and a single front controller (index.php) – configuration files outside the public folder, using simple PHP arrays: *.global.php (not sensitive data), and *.local.php (sensitive data, not in versioning using .gitignore) • Filter input – Validation of user's input (Zend\Validator) – Filtering of user's input (Zend\Form, InputFilter) – CAPTCHA
  4. ZF2 security in a nutshell (2) • Escape output –

    Zend\Escaper for HTML, CSS and JS • Authentication and Permissions – Zend\Authentication (LDAP, HTTP, etc) – Access Control List (ACL), Role-based access control (RBAC) • Protect sensitive data (cryptography) – AES + HMAC as default encryption and authentication algorithm – bcrypt for password storing
  5. Security components in ZF2 • Zend\Authentication • Zend\Captcha • Zend\Crypt

    • Zend\Escaper • Zend\Filter • Zend\InputFilter • Zend\Permissions • Zend\Math • Zend\Validator
  6. 9 Authentication • Zend\Authentication provides API for authentication and includes

    concrete authentication adapters for common use case scenarios • Adapters: – Database Table – Digest – HTTP – LDAP – Your adapter
  7. 12 Zend\Permissions\Acl • The component provides a lightweight and flexible

    access control list (ACL) implementation for privileges management • Terminology: – a resource is an object to which access is controlled – a role is an object that may request access to a resource
  8. 15 Escaper • Escape the output, multiple formats: – escapeHtml()

    – escapeHtmlAttr() – escapeJs() – escapeUrl() – escapeCss()
  9. Cryptography is hard • Cryptography is hard, and implement it

    is even more hard! • PHP offers some crypto primitives but you need to know how to use it (this is not straightforward) • This can be a barrier that discouraged PHP developers
  10. 18 Cryptography using ZF2 • Zend\Crypt help PHP developers to

    use strong cryptography in their projects • In PHP we have built-in functions and extensions for cryptography scopes: – crypt() – Mcrypt – OpenSSL – Hash (by default in PHP 5.1.2) – Mhash (emulated by Hash from PHP 5.3)
  11. Zend\Crypt • Zend\Crypt components: – Zend\Crypt\Password – Zend\Crypt\Key\Derivation – Zend\Crypt\Symmetic

    – Zend\Crypt\PublicKey – Zend\Crypt\Hash – Zend\Crypt\Hmac – Zend\Crypt\BlockCipher
  12. 21 Encrypt and Authenticate • Zend\Crypt\BlockCipher can be used to

    encrypt/decrypt sensitive data (symmetric encryption) • Provides encryption + authentication (HMAC) • Simplified API: – setKey($key) – encrypt($data) – decrypt($data) • It uses the Mcrypt adapter
  13. Default encryption algorithms • Default values used by BlockCipher: –

    AES algorithm (key of 256 bits) – CBC mode + HMAC (SHA-256) – PKCS7 padding mode (RFC 5652) – PBKDF2 to generate encryption key + authentication key for HMAC – Random IV for each encryption
  14. 23 Example: AES encryption The encrypted text is encoded in

    Base64, you can switch to binary output using setBinaryOutput(true)
  15. Zend\Crypt\PublicKey • Implements public key algorithms • We support: –

    RSA (Zend\Crypt\PublicKey\Rsa) – Diffie-Hellman (Zend\Crypt\PublicKey\DiffieHellman), for key exchange • We use the OpenSSL extension
  16. 27 Example: generate the keys You can also generate the

    public and private key using OpenSSL from the command line (Unix style syntax): $ ssh-keygen -t rsa
  17. 29 Limited size using RSA • With a key of

    2048 bit we can encrypt string with a maximum size of 1960 bit (245 characters) • In most use cases the RSA encryption is used only to encrypt a symmetric key • Hybrid cryptosystem: – the ciphertext is encrypted using a symmetric cipher (e.g. Zend\Crypt\BlockCipher) – the encrypted key is attached to the ciphertext, in order to be decrypted using the private key of the receiver
  18. How to store a password • How do you safely

    store a password? • Old school (insecure): – MD5/SHA1(password) – MD5/SHA1(password . salt) where salt is a random string • New school (secure): – bcrypt – scrypt
  19. 33 Why MD5/SHA1 ±salt is not secure? • Dictionary/brute force

    attacks more efficient • GPU-accelerated password hash: – Whitepixel project whitepixel.zorinaq.com 4 Dual HD 5970, ~ $2800 Algorithm Speed 8 chars 9 chars 10 chars md5($pass) 33 billion p/s 1 ½ hour 4 ½ days 294 days
  20. bcrypt • bcrypt uses Blowfish cipher + iterations to generate

    secure hash values • bcrypt is secure against brute force attacks because is slow, very slow (that means attacks need huge amount of time to be completed) • The algorithm needs a salt value and a work factor parameter (cost), which allows you to determine how expensive the bcrypt function will be
  21. 35 Zend\Crypt\Password\Bcrypt • We used the crypt() function of PHP

    to implement the bcrypt algorithm • The cost is an integer value from 4 to 31 • The default value for Zend\Crypt\Password\Bcrypt is 14 (that is equivalent to 1 second of computation using an Intel Core i5 CPU at 3.3 Ghz). • The cost value depends on the CPU speed, check on your system! We suggest to consume at least 0.5 second.
  22. 37 How to verify a password • To check if

    a password is valid against an hash value we can use the method: – Bcrypt::verify($password, $hash) where $password is the value to check and $hash is the hash value generated by bcrypt • This method returns true if the password is valid and false otherwise