Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Segurança com PHP: Indo Além do Código
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Diego Hernandes
November 23, 2016
Programming
180
2
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Segurança com PHP: Indo Além do Código
Palestra do @hernandev.com na bhack.com.br / sala do PHPMG
Diego Hernandes
November 23, 2016
More Decks by Diego Hernandes
See All by Diego Hernandes
Em Busca do Estado da Arte
hernandev
0
190
Criptografia: Como Funciona o HTTPS
hernandev
0
170
Laravel 5.3 e Aplicações Real Time
hernandev
3
430
Other Decks in Programming
See All in Programming
例外の正しい扱い方 そのエラー try-catchして大丈夫?
jinwatanabe
0
290
Language Server 使ってる? 〜VSCode と Zed の場合〜 / Are you using a Language Server? ~For VS Code and Zed~
handlename
0
810
OSもどきOS
arkw
0
590
エージェンティックRAGにAWSで入門しよう!
har1101
9
1.8k
IBM Bobを活用したレガシーアプリの最新化
oniak3ibm
PRO
1
220
ECSアプリログをFireLensでコスト削減しようとしたけど諦めた話 in Fargate×Node.js
akihisaikeda
2
4.2k
気圧・高度・GPSを記録&可視化するアプリ「Koudo」を作った話
hjmkth
1
320
Mujeres en SEO Summit 2026 - Greatest Disaster Hits en Web Performance
guaca
0
200
AIで効率化できた業務・日常
ochtum
0
150
AI 輔助遺留系統現代化的經驗分享
jame2408
1
1k
Contextとはなにか
chiroruxx
1
380
決定論的オーケストレーションの設計と実装 / Design and Implementation of Deterministic Orchestration
nrslib
4
1.5k
Featured
See All Featured
New Earth Scene 8
popppiees
3
2.4k
Responsive Adventures: Dirty Tricks From The Dark Corners of Front-End
smashingmag
254
22k
Writing Fast Ruby
sferik
630
63k
Large-scale JavaScript Application Architecture
addyosmani
515
110k
Test your architecture with Archunit
thirion
1
2.3k
How to Build an AI Search Optimization Roadmap - Criteria and Steps to Take #SEOIRL
aleyda
1
2.1k
Why Our Code Smells
bkeepers
PRO
340
58k
Technical Leadership for Architectural Decision Making
baasie
3
420
brightonSEO & MeasureFest 2025 - Christian Goodrich - Winning strategies for Black Friday CRO & PPC
cargoodrich
3
740
Ruling the World: When Life Gets Gamed
codingconduct
0
260
DBのスキルで生き残る技術 - AI時代におけるテーブル設計の勘所
soudai
PRO
66
55k
Building Flexible Design Systems
yeseniaperezcruz
330
40k
Transcript
Segurança com PHP Indo além do Código
$ whoami Diego Hernandes (@hernandev) – CTO @ Kino Contabilidade
– CO-Founder @ CODECASTS
Lets Deploy!
$ ./security_check_list.sh • Exception Handling • Input Handling • Routing
• 3rd Party Audit • DB Related Vulnerabilities • Injections • Forgeries • ... https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet
$ ./01_go_passwordless.sh • SSH Key Auth • Certificate Based VPN
• Access Gateways
$ ./02_provision_vpn.sh • Expose Only What needs to be exposed
$ ./03_add_little_obscurity.sh • Expose Only What needs to be exposed
$ ./04_lower_privileges.sh • Not everyone needs to be root! Disclaimer:
Valid in all Layers
$ ./05_secure_transmission.sh • Secure HTTPS (I mean TLS, not SSL)
• Drop FTP support at all cost
$ ./06_add_protection_layer.sh • Cloudflare • Incapsula
$ ./07_double_test_acl.sh All security is not enough when your application
has flaws In other words: NEVER Keep any Backdoor
$ ./08_shields_up.sh On almost any Server Hosting, “Private Networking” only
Means INTERNAL Networks. You’re still not safe.
$ ./09_add_ci_and_code_review.sh Drop Team privileges by implementing a CI/CD No
obscure code should go live without at least 1 other person review! Trust No One
$ ./10_keep_it_up_to_date.sh OLD != STABLE OLD != SECURE
$ ./00_update_security_policy.sh Create, Keep, Improve, Review, Colaborate, on a Security
Policy