Building secure applications with Zend Framework 2

Transcript

1. Building secure applications with ZF2 Enrico Zimuel Zend Framework Team

   Zend Technologies Inc.

2. 2 About me • Enrico Zimuel (@ezimuel) • Software Engineer

   since 1996 • PHP Engineer at Zend Technologies in the Zend Framework and Apigility Team • International speaker, author of books and technical articles • Researcher programmer at Informatics Institute of University of Amsterdam • Co-founder of PUG Torino (Italy)

3. OWASP Top Ten Attacks 2013 1) Injection 2) Broken Authentication

   and Session Management 3) Cross-Site Scripting (XSS) 4) Insecure direct object references 5) Security Misconfiguration 6) Sensitive Data Exposure 7) Missing function level access control 8) Cross-Site Request Forgery (CSRF) 9) Using components with known vulnerability 10) Unvalidated redirects and forwards Source: https://www.owasp.org/index.php/Top_10_2013-Top_10

4. 4 Security “mantra” “Filter Input, Escape Output”

5. ZF2 security in a nutshell • Organization of the code

   – 1 public folder with redirect (.htaccess) and a single front controller (index.php) – configuration files outside the public folder, using simple PHP arrays: *.global.php (not sensitive data), and *.local.php (sensitive data, not in versioning using .gitignore) • Filter input – Validation of user's input (Zend\Validator) – Filtering of user's input (Zend\Form, InputFilter) – CAPTCHA

6. ZF2 security in a nutshell (2) • Escape output –

   Zend\Escaper for HTML, CSS and JS • Authentication and Permissions – Zend\Authentication (LDAP, HTTP, etc) – Access Control List (ACL), Role-based access control (RBAC) • Protect sensitive data (cryptography) – AES + HMAC as default encryption and authentication algorithm – bcrypt for password storing

7. Security components in ZF2 • Zend\Authentication • Zend\Captcha • Zend\Crypt

   • Zend\Escaper • Zend\Filter • Zend\InputFilter • Zend\Permissions • Zend\Math • Zend\Validator

8. Zend\Authentication

9. 9 Authentication • Zend\Authentication provides API for authentication and includes

   concrete authentication adapters for common use case scenarios • Adapters: – Database Table – Digest – HTTP – LDAP – Your adapter

10. Example

11. Zend\Permissions

12. 12 Zend\Permissions\Acl • The component provides a lightweight and flexible

    access control list (ACL) implementation for privileges management • Terminology: – a resource is an object to which access is controlled – a role is an object that may request access to a resource

13. Example

14. Zend\Escaper

15. 15 Escaper • Escape the output, multiple formats: – escapeHtml()

    – escapeHtmlAttr() – escapeJs() – escapeUrl() – escapeCss()

16. Zend\Crypt

17. Cryptography is hard • Cryptography is hard, and implement it

    is even more hard! • PHP offers some crypto primitives but you need to know how to use it (this is not straightforward) • This can be a barrier that discouraged PHP developers

18. 18 Cryptography using ZF2 • Zend\Crypt help PHP developers to

    use strong cryptography in their projects • In PHP we have built-in functions and extensions for cryptography scopes: – crypt() – Mcrypt – OpenSSL – Hash (by default in PHP 5.1.2) – Mhash (emulated by Hash from PHP 5.3)

19. Zend\Crypt • Zend\Crypt components: – Zend\Crypt\Password – Zend\Crypt\Key\Derivation – Zend\Crypt\Symmetic

    – Zend\Crypt\PublicKey – Zend\Crypt\Hash – Zend\Crypt\Hmac – Zend\Crypt\BlockCipher

20. How to protect sensitive data with ZF2

21. 21 Encrypt and Authenticate • Zend\Crypt\BlockCipher can be used to

    encrypt/decrypt sensitive data (symmetric encryption) • Provides encryption + authentication (HMAC) • Simplified API: – setKey($key) – encrypt($data) – decrypt($data) • It uses the Mcrypt adapter

22. Default encryption algorithms • Default values used by BlockCipher: –

    AES algorithm (key of 256 bits) – CBC mode + HMAC (SHA-256) – PKCS7 padding mode (RFC 5652) – PBKDF2 to generate encryption key + authentication key for HMAC – Random IV for each encryption

23. 23 Example: AES encryption The encrypted text is encoded in

    Base64, you can switch to binary output using setBinaryOutput(true)

24. Example: encryption output 064b05b885342dc91e7915e492715acf0f89 6620dbf9d1e00dd0798b15e72e8cZg+hO3 4C3f3eb8TeJM9xWQRVex1y5zeLrBsNv+d YeVy3SBJa+pXZbUQYNZw0xS9s Zend\Crypt\BlockCipher::encrypt “This is

    the message to encrypt” “this is the encryption key” Legend: HMAC, IV, ciphertext

25. 25 Example: decrypt

26. Zend\Crypt\PublicKey • Implements public key algorithms • We support: –

    RSA (Zend\Crypt\PublicKey\Rsa) – Diffie-Hellman (Zend\Crypt\PublicKey\DiffieHellman), for key exchange • We use the OpenSSL extension

27. 27 Example: generate the keys You can also generate the

    public and private key using OpenSSL from the command line (Unix style syntax): $ ssh-keygen -t rsa

28. Example: encrypt/decrypt

29. 29 Limited size using RSA • With a key of

    2048 bit we can encrypt string with a maximum size of 1960 bit (245 characters) • In most use cases the RSA encryption is used only to encrypt a symmetric key • Hybrid cryptosystem: – the ciphertext is encrypted using a symmetric cipher (e.g. Zend\Crypt\BlockCipher) – the encrypted key is attached to the ciphertext, in order to be decrypted using the private key of the receiver

30. Example: digital signature

31. How to store a password?

32. How to store a password • How do you safely

    store a password? • Old school (insecure): – MD5/SHA1(password) – MD5/SHA1(password . salt) where salt is a random string • New school (secure): – bcrypt – scrypt

33. 33 Why MD5/SHA1 ±salt is not secure? • Dictionary/brute force

    attacks more efficient • GPU-accelerated password hash: – Whitepixel project whitepixel.zorinaq.com 4 Dual HD 5970, ~ $2800 Algorithm Speed 8 chars 9 chars 10 chars md5($pass) 33 billion p/s 1 ½ hour 4 ½ days 294 days

34. bcrypt • bcrypt uses Blowfish cipher + iterations to generate

    secure hash values • bcrypt is secure against brute force attacks because is slow, very slow (that means attacks need huge amount of time to be completed) • The algorithm needs a salt value and a work factor parameter (cost), which allows you to determine how expensive the bcrypt function will be

35. 35 Zend\Crypt\Password\Bcrypt • We used the crypt() function of PHP

    to implement the bcrypt algorithm • The cost is an integer value from 4 to 31 • The default value for Zend\Crypt\Password\Bcrypt is 14 (that is equivalent to 1 second of computation using an Intel Core i5 CPU at 3.3 Ghz). • The cost value depends on the CPU speed, check on your system! We suggest to consume at least 0.5 second.

36. Example: bcrypt • The output of bcrypt ($hash) is a

    string of 60 bytes

37. 37 How to verify a password • To check if

    a password is valid against an hash value we can use the method: – Bcrypt::verify($password, $hash) where $password is the value to check and $hash is the hash value generated by bcrypt • This method returns true if the password is valid and false otherwise

38. Thanks! Vote this talk at https://joind.in/9071