Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building secure applications with Zend Framework 2

Building secure applications with Zend Framework 2

Security is a very important aspect of web applications and is not only limited to "filter the input and escape the output". In this talk we will present the security features of Zend Framework 2 that can help PHP developers to build secure web applications. We will talk about the Authentication and Authorization component, the Escaper component and the Cryptographic component that can be used to safely store user's password and protect sensitive data using strong cryptographic algorithms like AES, Bcrypt, Scrypt, RSA, etc.
This talk was presented at ZendCon 2013 in Santa Clara (California).

Enrico Zimuel

October 08, 2013

More Decks by Enrico Zimuel

Other Decks in Programming


  1. Building secure
    applications with ZF2
    Enrico Zimuel
    Zend Framework Team
    Zend Technologies Inc.

    View Slide

  2. 2
    About me
    • Enrico Zimuel (@ezimuel)
    • Software Engineer since 1996
    • PHP Engineer at Zend Technologies in
    the Zend Framework and Apigility Team
    • International speaker, author of books and
    technical articles
    • Researcher programmer at Informatics
    Institute of University of Amsterdam
    • Co-founder of PUG Torino (Italy)

    View Slide

  3. OWASP Top Ten Attacks 2013
    1) Injection
    2) Broken Authentication and Session Management
    3) Cross-Site Scripting (XSS)
    4) Insecure direct object references
    5) Security Misconfiguration
    6) Sensitive Data Exposure
    7) Missing function level access control
    8) Cross-Site Request Forgery (CSRF)
    9) Using components with known vulnerability
    10) Unvalidated redirects and forwards
    Source: https://www.owasp.org/index.php/Top_10_2013-Top_10

    View Slide

  4. 4
    Security “mantra”
    “Filter Input, Escape Output”

    View Slide

  5. ZF2 security in a nutshell

    Organization of the code
    – 1 public folder with redirect (.htaccess) and a single
    front controller (index.php)
    – configuration files outside the public folder, using
    simple PHP arrays: *.global.php (not sensitive data),
    and *.local.php (sensitive data, not in versioning
    using .gitignore)

    Filter input
    – Validation of user's input (Zend\Validator)
    – Filtering of user's input (Zend\Form, InputFilter)

    View Slide

  6. ZF2 security in a nutshell (2)

    Escape output
    – Zend\Escaper for HTML, CSS and JS

    Authentication and Permissions
    – Zend\Authentication (LDAP, HTTP, etc)
    – Access Control List (ACL), Role-based access
    control (RBAC)

    Protect sensitive data (cryptography)
    – AES + HMAC as default encryption and
    authentication algorithm
    – bcrypt for password storing

    View Slide

  7. Security components in ZF2










    View Slide

  8. Zend\Authentication

    View Slide

  9. 9

    Zend\Authentication provides API for
    authentication and includes concrete
    authentication adapters for common use
    case scenarios

    – Database Table
    – Digest
    – HTTP
    – LDAP
    – Your adapter

    View Slide

  10. Example

    View Slide

  11. Zend\Permissions

    View Slide

  12. 12

    The component provides a lightweight and
    flexible access control list (ACL)
    implementation for privileges

    – a resource is an object to which access is
    – a role is an object that may request
    access to a resource

    View Slide

  13. Example

    View Slide

  14. Zend\Escaper

    View Slide

  15. 15

    Escape the output, multiple
    – escapeHtml()
    – escapeHtmlAttr()
    – escapeJs()
    – escapeUrl()
    – escapeCss()

    View Slide

  16. Zend\Crypt

    View Slide

  17. Cryptography is hard

    Cryptography is hard, and implement it is
    even more hard!

    PHP offers some crypto primitives but
    you need to know how to use it (this is
    not straightforward)

    This can be a barrier that discouraged
    PHP developers

    View Slide

  18. 18
    Cryptography using ZF2

    Zend\Crypt help PHP developers to use
    strong cryptography in their projects

    In PHP we have built-in functions and
    extensions for cryptography scopes:
    – crypt()
    – Mcrypt
    – OpenSSL
    – Hash (by default in PHP 5.1.2)
    – Mhash (emulated by Hash from PHP 5.3)

    View Slide

  19. Zend\Crypt

    Zend\Crypt components:
    – Zend\Crypt\Password
    – Zend\Crypt\Key\Derivation
    – Zend\Crypt\Symmetic
    – Zend\Crypt\PublicKey
    – Zend\Crypt\Hash
    – Zend\Crypt\Hmac
    – Zend\Crypt\BlockCipher

    View Slide

  20. How to protect
    sensitive data with

    View Slide

  21. 21
    Encrypt and Authenticate

    Zend\Crypt\BlockCipher can be used to
    encrypt/decrypt sensitive data (symmetric

    Provides encryption + authentication (HMAC)

    Simplified API:
    – setKey($key)
    – encrypt($data)
    – decrypt($data)

    It uses the Mcrypt adapter

    View Slide

  22. Default encryption algorithms

    Default values used by BlockCipher:
    – AES algorithm (key of 256 bits)
    – CBC mode + HMAC (SHA-256)
    – PKCS7 padding mode (RFC 5652)
    – PBKDF2 to generate encryption key +
    authentication key for HMAC
    – Random IV for each encryption

    View Slide

  23. 23
    Example: AES encryption
    The encrypted text is encoded in Base64, you can switch to
    binary output using setBinaryOutput(true)

    View Slide

  24. Example: encryption output
    “This is the message to encrypt”
    “this is the
    encryption key”
    Legend: HMAC, IV, ciphertext

    View Slide

  25. 25
    Example: decrypt

    View Slide

  26. Zend\Crypt\PublicKey

    Implements public key algorithms

    We support:
    – RSA (Zend\Crypt\PublicKey\Rsa)
    – Diffie-Hellman
    for key exchange

    We use the OpenSSL extension

    View Slide

  27. 27
    Example: generate the keys
    You can also generate the public and private key using
    OpenSSL from the command line (Unix style syntax):
    $ ssh-keygen -t rsa

    View Slide

  28. Example: encrypt/decrypt

    View Slide

  29. 29
    Limited size using RSA

    With a key of 2048 bit we can encrypt string with
    a maximum size of 1960 bit (245 characters)

    In most use cases the RSA encryption is used
    only to encrypt a symmetric key

    Hybrid cryptosystem:
    – the ciphertext is encrypted using a symmetric
    cipher (e.g. Zend\Crypt\BlockCipher)
    – the encrypted key is attached to the
    ciphertext, in order to be decrypted using
    the private key of the receiver

    View Slide

  30. Example: digital signature

    View Slide

  31. How to store
    a password?

    View Slide

  32. How to store a password

    How do you safely store a password?

    Old school (insecure):
    – MD5/SHA1(password)
    – MD5/SHA1(password . salt)
    where salt is a random string

    New school (secure):
    – bcrypt
    – scrypt

    View Slide

  33. 33
    Why MD5/SHA1 ±salt is not secure?

    Dictionary/brute force attacks more efficient

    GPU-accelerated password hash:
    – Whitepixel project
    4 Dual HD 5970, ~ $2800
    Algorithm Speed 8 chars 9 chars 10 chars
    md5($pass) 33 billion p/s 1 ½ hour 4 ½ days 294 days

    View Slide

  34. bcrypt

    bcrypt uses Blowfish cipher + iterations to generate
    secure hash values

    bcrypt is secure against brute force attacks because
    is slow, very slow (that means attacks need huge
    amount of time to be completed)

    The algorithm needs a salt value and a work factor
    parameter (cost), which allows you to determine how
    expensive the bcrypt function will be

    View Slide

  35. 35

    We used the crypt() function of PHP to implement the
    bcrypt algorithm

    The cost is an integer value from 4 to 31

    The default value for Zend\Crypt\Password\Bcrypt is 14
    (that is equivalent to 1 second of computation using an
    Intel Core i5 CPU at 3.3 Ghz).

    The cost value depends on the CPU speed, check on
    your system! We suggest to consume at least 0.5

    View Slide

  36. Example: bcrypt

    The output of bcrypt ($hash) is a string of 60 bytes

    View Slide

  37. 37
    How to verify a password

    To check if a password is valid against an hash
    value we can use the method:
    – Bcrypt::verify($password, $hash)
    where $password is the value to check and
    $hash is the hash value generated by bcrypt

    This method returns true if the password is valid
    and false otherwise

    View Slide

  38. Thanks!
    Vote this talk at https://joind.in/9071

    View Slide