Building secure applications with Zend Framework 2

Building secure applications with Zend Framework 2

Security is a very important aspect of web applications and is not only limited to "filter the input and escape the output". In this talk we will present the security features of Zend Framework 2 that can help PHP developers to build secure web applications. We will talk about the Authentication and Authorization component, the Escaper component and the Cryptographic component that can be used to safely store user's password and protect sensitive data using strong cryptographic algorithms like AES, Bcrypt, Scrypt, RSA, etc.
This talk was presented at ZendCon 2013 in Santa Clara (California).


Enrico Zimuel

October 08, 2013


  1. Building secure applications with ZF2 Enrico Zimuel Zend Framework Team

    Zend Technologies Inc.
  2. 2 About me • Enrico Zimuel (@ezimuel) • Software Engineer

    since 1996 • PHP Engineer at Zend Technologies in the Zend Framework and Apigility Team • International speaker, author of books and technical articles • Researcher programmer at Informatics Institute of University of Amsterdam • Co-founder of PUG Torino (Italy)
  3. OWASP Top Ten Attacks 2013 1) Injection 2) Broken Authentication

    and Session Management 3) Cross-Site Scripting (XSS) 4) Insecure direct object references 5) Security Misconfiguration 6) Sensitive Data Exposure 7) Missing function level access control 8) Cross-Site Request Forgery (CSRF) 9) Using components with known vulnerability 10) Unvalidated redirects and forwards Source:
  4. 4 Security “mantra” “Filter Input, Escape Output”

  5. ZF2 security in a nutshell • Organization of the code

    – 1 public folder with redirect (.htaccess) and a single front controller (index.php) – configuration files outside the public folder, using simple PHP arrays: *.global.php (not sensitive data), and *.local.php (sensitive data, not in versioning using .gitignore) • Filter input – Validation of user's input (Zend\Validator) – Filtering of user's input (Zend\Form, InputFilter) – CAPTCHA
  6. ZF2 security in a nutshell (2) • Escape output –

    Zend\Escaper for HTML, CSS and JS • Authentication and Permissions – Zend\Authentication (LDAP, HTTP, etc) – Access Control List (ACL), Role-based access control (RBAC) • Protect sensitive data (cryptography) – AES + HMAC as default encryption and authentication algorithm – bcrypt for password storing
  7. Security components in ZF2 • Zend\Authentication • Zend\Captcha • Zend\Crypt

    • Zend\Escaper • Zend\Filter • Zend\InputFilter • Zend\Permissions • Zend\Math • Zend\Validator
  8. Zend\Authentication

  9. 9 Authentication • Zend\Authentication provides API for authentication and includes

    concrete authentication adapters for common use case scenarios • Adapters: – Database Table – Digest – HTTP – LDAP – Your adapter
  10. Example

  11. Zend\Permissions

  12. 12 Zend\Permissions\Acl • The component provides a lightweight and flexible

    access control list (ACL) implementation for privileges management • Terminology: – a resource is an object to which access is controlled – a role is an object that may request access to a resource
  13. Example

  14. Zend\Escaper

  15. 15 Escaper • Escape the output, multiple formats: – escapeHtml()

    – escapeHtmlAttr() – escapeJs() – escapeUrl() – escapeCss()
  16. Zend\Crypt

  17. Cryptography is hard • Cryptography is hard, and implement it

    is even more hard! • PHP offers some crypto primitives but you need to know how to use it (this is not straightforward) • This can be a barrier that discouraged PHP developers
  18. 18 Cryptography using ZF2 • Zend\Crypt help PHP developers to

    use strong cryptography in their projects • In PHP we have built-in functions and extensions for cryptography scopes: – crypt() – Mcrypt – OpenSSL – Hash (by default in PHP 5.1.2) – Mhash (emulated by Hash from PHP 5.3)
  19. Zend\Crypt • Zend\Crypt components: – Zend\Crypt\Password – Zend\Crypt\Key\Derivation – Zend\Crypt\Symmetic

    – Zend\Crypt\PublicKey – Zend\Crypt\Hash – Zend\Crypt\Hmac – Zend\Crypt\BlockCipher
  20. How to protect sensitive data with ZF2

  21. 21 Encrypt and Authenticate • Zend\Crypt\BlockCipher can be used to

    encrypt/decrypt sensitive data (symmetric encryption) • Provides encryption + authentication (HMAC) • Simplified API: – setKey($key) – encrypt($data) – decrypt($data) • It uses the Mcrypt adapter
  22. Default encryption algorithms • Default values used by BlockCipher: –

    AES algorithm (key of 256 bits) – CBC mode + HMAC (SHA-256) – PKCS7 padding mode (RFC 5652) – PBKDF2 to generate encryption key + authentication key for HMAC – Random IV for each encryption
  23. 23 Example: AES encryption The encrypted text is encoded in

    Base64, you can switch to binary output using setBinaryOutput(true)
  24. Example: encryption output 064b05b885342dc91e7915e492715acf0f89 6620dbf9d1e00dd0798b15e72e8cZg+hO3 4C3f3eb8TeJM9xWQRVex1y5zeLrBsNv+d YeVy3SBJa+pXZbUQYNZw0xS9s Zend\Crypt\BlockCipher::encrypt “This is

    the message to encrypt” “this is the encryption key” Legend: HMAC, IV, ciphertext
  25. 25 Example: decrypt

  26. Zend\Crypt\PublicKey • Implements public key algorithms • We support: –

    RSA (Zend\Crypt\PublicKey\Rsa) – Diffie-Hellman (Zend\Crypt\PublicKey\DiffieHellman), for key exchange • We use the OpenSSL extension
  27. 27 Example: generate the keys You can also generate the

    public and private key using OpenSSL from the command line (Unix style syntax): $ ssh-keygen -t rsa
  28. Example: encrypt/decrypt

  29. 29 Limited size using RSA • With a key of

    2048 bit we can encrypt string with a maximum size of 1960 bit (245 characters) • In most use cases the RSA encryption is used only to encrypt a symmetric key • Hybrid cryptosystem: – the ciphertext is encrypted using a symmetric cipher (e.g. Zend\Crypt\BlockCipher) – the encrypted key is attached to the ciphertext, in order to be decrypted using the private key of the receiver
  30. Example: digital signature

  31. How to store a password?

  32. How to store a password • How do you safely

    store a password? • Old school (insecure): – MD5/SHA1(password) – MD5/SHA1(password . salt) where salt is a random string • New school (secure): – bcrypt – scrypt
  33. 33 Why MD5/SHA1 ±salt is not secure? • Dictionary/brute force

    attacks more efficient • GPU-accelerated password hash: – Whitepixel project 4 Dual HD 5970, ~ $2800 Algorithm Speed 8 chars 9 chars 10 chars md5($pass) 33 billion p/s 1 ½ hour 4 ½ days 294 days
  34. bcrypt • bcrypt uses Blowfish cipher + iterations to generate

    secure hash values • bcrypt is secure against brute force attacks because is slow, very slow (that means attacks need huge amount of time to be completed) • The algorithm needs a salt value and a work factor parameter (cost), which allows you to determine how expensive the bcrypt function will be
  35. 35 Zend\Crypt\Password\Bcrypt • We used the crypt() function of PHP

    to implement the bcrypt algorithm • The cost is an integer value from 4 to 31 • The default value for Zend\Crypt\Password\Bcrypt is 14 (that is equivalent to 1 second of computation using an Intel Core i5 CPU at 3.3 Ghz). • The cost value depends on the CPU speed, check on your system! We suggest to consume at least 0.5 second.
  36. Example: bcrypt • The output of bcrypt ($hash) is a

    string of 60 bytes
  37. 37 How to verify a password • To check if

    a password is valid against an hash value we can use the method: – Bcrypt::verify($password, $hash) where $password is the value to check and $hash is the hash value generated by bcrypt • This method returns true if the password is valid and false otherwise
  38. Thanks! Vote this talk at