Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Segurança com PHP: Indo Além do Código
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Diego Hernandes
November 23, 2016
Programming
180
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Segurança com PHP: Indo Além do Código
Palestra do @hernandev.com na bhack.com.br / sala do PHPMG
Diego Hernandes
November 23, 2016
More Decks by Diego Hernandes
See All by Diego Hernandes
Em Busca do Estado da Arte
hernandev
0
190
Criptografia: Como Funciona o HTTPS
hernandev
0
170
Laravel 5.3 e Aplicações Real Time
hernandev
3
430
Other Decks in Programming
See All in Programming
鹿野さんに聞く!『TypeScriptコードレシピ集』で磨く実践力
tonkotsuboy_com
4
850
これからAgentCoreを触る方へトレンドはGatewayです
har1101
2
180
Vite+ Unified Toolchain for the Web
naokihaba
0
360
生成AI時代にこそ効くGo | Why Go Works in the Age of Generative AI
mom0tomo
8
3.3k
任せる範囲はこう広がった / How the Scope of AI Delegation Has Expanded
nrslib
0
150
Performance Engineering for Everyone
elenatanasoiu
0
230
The ROI of Quarkus for Spring Boot Applications
hollycummins
0
140
Lessons from Spec-Driven Development
simas
PRO
0
220
なぜ型を書くのか? TSKaigi2026で改めて考える #tskaigi_smarthr
kajitack
0
170
Snowflake Summitでの新機能 CoCo / CoWork / snowflake-summit-2026-overall-what-new-coco
tatsuhiro
1
190
Skillsは効率化、Agentsは"自分の拡張"——Builder時代のエージェント編成(CC Night 2026)
wemra
1
170
技術記事、 専門家としてのプログラマ、 言語化
mizchi
13
6.6k
Featured
See All Featured
The Impact of AI in SEO - AI Overviews June 2024 Edition
aleyda
5
1.1k
Designing for Performance
lara
611
70k
Mozcon NYC 2025: Stop Losing SEO Traffic
samtorres
1
260
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
3.5k
世界の人気アプリ100個を分析して見えたペイウォール設計の心得
akihiro_kokubo
PRO
72
40k
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
170
Navigating Algorithm Shifts & AI Overviews - #SMXNext
aleyda
1
1.3k
How To Speak Unicorn (iThemes Webinar)
marktimemedia
1
490
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
1
250
The AI Search Optimization Roadmap by Aleyda Solis
aleyda
1
5.9k
svc-hook: hooking system calls on ARM64 by binary rewriting
retrage
2
310
Large-scale JavaScript Application Architecture
addyosmani
515
110k
Transcript
Segurança com PHP Indo além do Código
$ whoami Diego Hernandes (@hernandev) – CTO @ Kino Contabilidade
– CO-Founder @ CODECASTS
Lets Deploy!
$ ./security_check_list.sh • Exception Handling • Input Handling • Routing
• 3rd Party Audit • DB Related Vulnerabilities • Injections • Forgeries • ... https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet
$ ./01_go_passwordless.sh • SSH Key Auth • Certificate Based VPN
• Access Gateways
$ ./02_provision_vpn.sh • Expose Only What needs to be exposed
$ ./03_add_little_obscurity.sh • Expose Only What needs to be exposed
$ ./04_lower_privileges.sh • Not everyone needs to be root! Disclaimer:
Valid in all Layers
$ ./05_secure_transmission.sh • Secure HTTPS (I mean TLS, not SSL)
• Drop FTP support at all cost
$ ./06_add_protection_layer.sh • Cloudflare • Incapsula
$ ./07_double_test_acl.sh All security is not enough when your application
has flaws In other words: NEVER Keep any Backdoor
$ ./08_shields_up.sh On almost any Server Hosting, “Private Networking” only
Means INTERNAL Networks. You’re still not safe.
$ ./09_add_ci_and_code_review.sh Drop Team privileges by implementing a CI/CD No
obscure code should go live without at least 1 other person review! Trust No One
$ ./10_keep_it_up_to_date.sh OLD != STABLE OLD != SECURE
$ ./00_update_security_policy.sh Create, Keep, Improve, Review, Colaborate, on a Security
Policy