Building secure applications with Zend Framework 2

Transcript

1. Building secure
   applications with ZF2
   Enrico Zimuel
   Zend Framework Team
   Zend Technologies Inc.
   

   View Slide

2. 2
   About me
   • Enrico Zimuel (@ezimuel)
   • Software Engineer since 1996
   • PHP Engineer at Zend Technologies in
   the Zend Framework and Apigility Team
   • International speaker, author of books and
   technical articles
   • Researcher programmer at Informatics
   Institute of University of Amsterdam
   • Co-founder of PUG Torino (Italy)
   

   View Slide

3. OWASP Top Ten Attacks 2013
   1) Injection
   2) Broken Authentication and Session Management
   3) Cross-Site Scripting (XSS)
   4) Insecure direct object references
   5) Security Misconfiguration
   6) Sensitive Data Exposure
   7) Missing function level access control
   8) Cross-Site Request Forgery (CSRF)
   9) Using components with known vulnerability
   10) Unvalidated redirects and forwards
   Source: https://www.owasp.org/index.php/Top_10_2013-Top_10
   

   View Slide

4. 4
   Security “mantra”
   “Filter Input, Escape Output”
   

   View Slide

5. ZF2 security in a nutshell
   ●
   Organization of the code
   – 1 public folder with redirect (.htaccess) and a single
   front controller (index.php)
   – configuration files outside the public folder, using
   simple PHP arrays: *.global.php (not sensitive data),
   and *.local.php (sensitive data, not in versioning
   using .gitignore)
   ●
   Filter input
   – Validation of user's input (Zend\Validator)
   – Filtering of user's input (Zend\Form, InputFilter)
   – CAPTCHA
   

   View Slide

6. ZF2 security in a nutshell (2)
   ●
   Escape output
   – Zend\Escaper for HTML, CSS and JS
   ●
   Authentication and Permissions
   – Zend\Authentication (LDAP, HTTP, etc)
   – Access Control List (ACL), Role-based access
   control (RBAC)
   ●
   Protect sensitive data (cryptography)
   – AES + HMAC as default encryption and
   authentication algorithm
   – bcrypt for password storing
   

   View Slide

7. Security components in ZF2
   ●
   Zend\Authentication
   ●
   Zend\Captcha
   ●
   Zend\Crypt
   ●
   Zend\Escaper
   ●
   Zend\Filter
   ●
   Zend\InputFilter
   ●
   Zend\Permissions
   ●
   Zend\Math
   ●
   Zend\Validator
   

   View Slide

8. Zend\Authentication
   

   View Slide

9. 9
   Authentication
   ●
   Zend\Authentication provides API for
   authentication and includes concrete
   authentication adapters for common use
   case scenarios
   ●
   Adapters:
   – Database Table
   – Digest
   – HTTP
   – LDAP
   – Your adapter
   

   View Slide

10. Example
    

    View Slide

11. Zend\Permissions
    

    View Slide

12. 12
    Zend\Permissions\Acl
    ●
    The component provides a lightweight and
    flexible access control list (ACL)
    implementation for privileges
    management
    ●
    Terminology:
    – a resource is an object to which access is
    controlled
    – a role is an object that may request
    access to a resource
    

    View Slide

13. Example
    

    View Slide

14. Zend\Escaper
    

    View Slide

15. 15
    Escaper
    ●
    Escape the output, multiple
    formats:
    – escapeHtml()
    – escapeHtmlAttr()
    – escapeJs()
    – escapeUrl()
    – escapeCss()
    

    View Slide

16. Zend\Crypt
    

    View Slide

17. Cryptography is hard
    ●
    Cryptography is hard, and implement it is
    even more hard!
    ●
    PHP offers some crypto primitives but
    you need to know how to use it (this is
    not straightforward)
    ●
    This can be a barrier that discouraged
    PHP developers
    

    View Slide

18. 18
    Cryptography using ZF2
    ●
    Zend\Crypt help PHP developers to use
    strong cryptography in their projects
    ●
    In PHP we have built-in functions and
    extensions for cryptography scopes:
    – crypt()
    – Mcrypt
    – OpenSSL
    – Hash (by default in PHP 5.1.2)
    – Mhash (emulated by Hash from PHP 5.3)
    

    View Slide

19. Zend\Crypt
    ●
    Zend\Crypt components:
    – Zend\Crypt\Password
    – Zend\Crypt\Key\Derivation
    – Zend\Crypt\Symmetic
    – Zend\Crypt\PublicKey
    – Zend\Crypt\Hash
    – Zend\Crypt\Hmac
    – Zend\Crypt\BlockCipher
    

    View Slide

20. How to protect
    sensitive data with
    ZF2
    

    View Slide

21. 21
    Encrypt and Authenticate
    ●
    Zend\Crypt\BlockCipher can be used to
    encrypt/decrypt sensitive data (symmetric
    encryption)
    ●
    Provides encryption + authentication (HMAC)
    ●
    Simplified API:
    – setKey($key)
    – encrypt($data)
    – decrypt($data)
    ●
    It uses the Mcrypt adapter
    

    View Slide

22. Default encryption algorithms
    ●
    Default values used by BlockCipher:
    – AES algorithm (key of 256 bits)
    – CBC mode + HMAC (SHA-256)
    – PKCS7 padding mode (RFC 5652)
    – PBKDF2 to generate encryption key +
    authentication key for HMAC
    – Random IV for each encryption
    

    View Slide

23. 23
    Example: AES encryption
    The encrypted text is encoded in Base64, you can switch to
    binary output using setBinaryOutput(true)
    

    View Slide

24. Example: encryption output
    064b05b885342dc91e7915e492715acf0f89
    6620dbf9d1e00dd0798b15e72e8cZg+hO3
    4C3f3eb8TeJM9xWQRVex1y5zeLrBsNv+d
    YeVy3SBJa+pXZbUQYNZw0xS9s
    Zend\Crypt\BlockCipher::encrypt
    “This is the message to encrypt”
    “this is the
    encryption key”
    Legend: HMAC, IV, ciphertext
    

    View Slide

25. 25
    Example: decrypt
    

    View Slide

26. Zend\Crypt\PublicKey
    ●
    Implements public key algorithms
    ●
    We support:
    – RSA (Zend\Crypt\PublicKey\Rsa)
    – Diffie-Hellman
    (Zend\Crypt\PublicKey\DiffieHellman),
    for key exchange
    ●
    We use the OpenSSL extension
    

    View Slide

27. 27
    Example: generate the keys
    You can also generate the public and private key using
    OpenSSL from the command line (Unix style syntax):
    $ ssh-keygen -t rsa
    

    View Slide

28. Example: encrypt/decrypt
    

    View Slide

29. 29
    Limited size using RSA
    ●
    With a key of 2048 bit we can encrypt string with
    a maximum size of 1960 bit (245 characters)
    ●
    In most use cases the RSA encryption is used
    only to encrypt a symmetric key
    ●
    Hybrid cryptosystem:
    – the ciphertext is encrypted using a symmetric
    cipher (e.g. Zend\Crypt\BlockCipher)
    – the encrypted key is attached to the
    ciphertext, in order to be decrypted using
    the private key of the receiver
    

    View Slide

30. Example: digital signature
    

    View Slide

31. How to store
    a password?
    

    View Slide

32. How to store a password
    ●
    How do you safely store a password?
    ●
    Old school (insecure):
    – MD5/SHA1(password)
    – MD5/SHA1(password . salt)
    where salt is a random string
    ●
    New school (secure):
    – bcrypt
    – scrypt
    

    View Slide

33. 33
    Why MD5/SHA1 ±salt is not secure?
    ●
    Dictionary/brute force attacks more efficient
    ●
    GPU-accelerated password hash:
    – Whitepixel project
    whitepixel.zorinaq.com
    4 Dual HD 5970, ~ $2800
    Algorithm Speed 8 chars 9 chars 10 chars
    md5($pass) 33 billion p/s 1 ½ hour 4 ½ days 294 days
    

    View Slide

34. bcrypt
    ●
    bcrypt uses Blowfish cipher + iterations to generate
    secure hash values
    ●
    bcrypt is secure against brute force attacks because
    is slow, very slow (that means attacks need huge
    amount of time to be completed)
    ●
    The algorithm needs a salt value and a work factor
    parameter (cost), which allows you to determine how
    expensive the bcrypt function will be
    

    View Slide

35. 35
    Zend\Crypt\Password\Bcrypt
    ●
    We used the crypt() function of PHP to implement the
    bcrypt algorithm
    ●
    The cost is an integer value from 4 to 31
    ●
    The default value for Zend\Crypt\Password\Bcrypt is 14
    (that is equivalent to 1 second of computation using an
    Intel Core i5 CPU at 3.3 Ghz).
    ●
    The cost value depends on the CPU speed, check on
    your system! We suggest to consume at least 0.5
    second.
    

    View Slide

36. Example: bcrypt
    ●
    The output of bcrypt ($hash) is a string of 60 bytes
    

    View Slide

37. 37
    How to verify a password
    ●
    To check if a password is valid against an hash
    value we can use the method:
    – Bcrypt::verify($password, $hash)
    where $password is the value to check and
    $hash is the hash value generated by bcrypt
    ●
    This method returns true if the password is valid
    and false otherwise
    

    View Slide

38. Thanks!
    Vote this talk at https://joind.in/9071
    

    View Slide