Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Segurança com PHP: Indo Além do Código
Search
Diego Hernandes
November 23, 2016
Programming
2
170
Segurança com PHP: Indo Além do Código
Palestra do @hernandev.com na bhack.com.br / sala do PHPMG
Diego Hernandes
November 23, 2016
Tweet
Share
More Decks by Diego Hernandes
See All by Diego Hernandes
Em Busca do Estado da Arte
hernandev
0
190
Criptografia: Como Funciona o HTTPS
hernandev
0
160
Laravel 5.3 e Aplicações Real Time
hernandev
3
420
Other Decks in Programming
See All in Programming
encoding/json/v2のUnmarshalはこう変わった:内部実装で見る設計改善
kurakura0916
0
310
AHC061解説
shun_pi
0
320
猫の手も借りたい!ので AIエージェント猫を作って社内に放した話 Claude Code × Container Lambda の Slack Bot "DevNeko"
naramomi7
0
240
RubyとGoでゼロから作る証券システム: 高信頼性が求められるシステムのコードの外側にある設計と運用のリアル
free_world21
0
210
PostgreSQL を使った快適な go test 環境を求めて
otakakot
0
410
コーディングルールの鮮度を保ちたい / keep-fresh-go-internal-conventions
handlename
0
160
手戻りゼロ? Spec Driven Developmentとは@KAG AI week
tmhirai
1
160
2026/02/04 AIキャラクター人格の実装論 口 調の模倣から、コンテキスト制御による 『思想』と『行動』の創発へ
sr2mg4
0
680
朝日新聞のデジタル版を支えるGoバックエンド ー価値ある情報をいち早く確実にお届けするために
junkiishida
1
370
Codex の「自走力」を高める
yorifuji
0
280
Railsの気持ちを考えながらコントローラとビューを整頓する/tidying-rails-controllers-and-views-as-rails-think
moro
4
370
15年目のiOSアプリを1から作り直す技術
teakun
1
600
Featured
See All Featured
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
uxyall
0
600
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
620
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
54k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1.2k
The AI Revolution Will Not Be Monopolized: How open-source beats economies of scale, even for LLMs
inesmontani
PRO
3
3.1k
HDC tutorial
michielstock
1
500
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
980
Music & Morning Musume
bryan
47
7.1k
Digital Ethics as a Driver of Design Innovation
axbom
PRO
1
210
The Limits of Empathy - UXLibs8
cassininazir
1
240
Paper Plane
katiecoart
PRO
0
47k
Stop Working from a Prison Cell
hatefulcrawdad
274
21k
Transcript
Segurança com PHP Indo além do Código
$ whoami Diego Hernandes (@hernandev) – CTO @ Kino Contabilidade
– CO-Founder @ CODECASTS
Lets Deploy!
$ ./security_check_list.sh • Exception Handling • Input Handling • Routing
• 3rd Party Audit • DB Related Vulnerabilities • Injections • Forgeries • ... https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet
$ ./01_go_passwordless.sh • SSH Key Auth • Certificate Based VPN
• Access Gateways
$ ./02_provision_vpn.sh • Expose Only What needs to be exposed
$ ./03_add_little_obscurity.sh • Expose Only What needs to be exposed
$ ./04_lower_privileges.sh • Not everyone needs to be root! Disclaimer:
Valid in all Layers
$ ./05_secure_transmission.sh • Secure HTTPS (I mean TLS, not SSL)
• Drop FTP support at all cost
$ ./06_add_protection_layer.sh • Cloudflare • Incapsula
$ ./07_double_test_acl.sh All security is not enough when your application
has flaws In other words: NEVER Keep any Backdoor
$ ./08_shields_up.sh On almost any Server Hosting, “Private Networking” only
Means INTERNAL Networks. You’re still not safe.
$ ./09_add_ci_and_code_review.sh Drop Team privileges by implementing a CI/CD No
obscure code should go live without at least 1 other person review! Trust No One
$ ./10_keep_it_up_to_date.sh OLD != STABLE OLD != SECURE
$ ./00_update_security_policy.sh Create, Keep, Improve, Review, Colaborate, on a Security
Policy
hernandev
kurakura0916
shun_pi
naramomi7
free_world21
otakakot
handlename
tmhirai
sr2mg4
junkiishida
yorifuji
moro
teakun
uxyall
kimpetersen
destraynor
irinanazarova
inesmontani
michielstock
tamaranovitovic
bryan
axbom
cassininazir
katiecoart
hatefulcrawdad
