Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Secure Configuration Checker
Search
Philipp Krenn
September 08, 2014
Programming
1
440
PHP Secure Configuration Checker
Short intro to Sektioneins' PCC
Philipp Krenn
September 08, 2014
Tweet
Share
More Decks by Philipp Krenn
See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
2.2k
360° Monitoring of Your Microservices
xeraa
7
3.5k
Scale Your Metrics with Elasticsearch
xeraa
4
150
YAML Considered Harmful
xeraa
0
2.1k
Scale Your Elasticsearch Cluster
xeraa
1
320
Hands-On ModSecurity and Logging
xeraa
2
190
Centralized Logging Patterns
xeraa
1
1.1k
Dashboards for Your Management with Kibana Canvas
xeraa
1
480
Make Your Data FABulous
xeraa
3
910
Other Decks in Programming
See All in Programming
兎に角、コードレビュー
mitohato14
0
160
TROCCO×dbtで実現する人にもAIにもやさしいデータ基盤
nealle
0
390
デザインシステムが必須の時代に
yosuke_furukawa
PRO
2
130
More Approvers for Greater OSS and Japan Community
tkikuc
1
100
もうちょっといいRubyプロファイラを作りたい (2025)
osyoyu
0
220
HTMLの品質ってなんだっけ? “HTMLクライテリア”の設計と実践
unachang113
0
210
CloudflareのChat Agent Starter Kitで簡単!AIチャットボット構築
syumai
1
280
AI時代のドメイン駆動設計-DDD実践におけるAI活用のあり方 / ddd-in-ai-era
minodriven
25
9.6k
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
280
STUNMESH-go: Wireguard NAT穿隧工具的源起與介紹
tjjh89017
0
390
パスタの技術
yusukebe
1
550
Laravel Boost 超入門
fire_arlo
2
170
Featured
See All Featured
Embracing the Ebb and Flow
colly
87
4.8k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
51
5.6k
Mobile First: as difficult as doing things right
swwweet
224
9.9k
KATA
mclloyd
32
14k
Making the Leap to Tech Lead
cromwellryan
134
9.5k
Speed Design
sergeychernyshev
32
1.1k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
358
30k
Building Flexible Design Systems
yeseniaperezcruz
328
39k
The Straight Up "How To Draw Better" Workshop
denniskardys
236
140k
Fantastic passwords and where to find them - at NoRuKo
philnash
52
3.4k
How to Ace a Technical Interview
jacobian
279
23k
GraphQLとの向き合い方2022年版
quramy
49
14k
Transcript
PHP Secure Configuration Checker Philipp Krenn, @xeraa
https://github.com/ sektioneins/pcc SektionEins (Suhoshin) PHP 5.4+ New BSD License
Security Checks Critical: Fix this NOW Example: Register globals
Security Checks High: You should really look at this Example:
Allow URL fopen
Security Checks Medium: This might be a problem Example: Display
errors on
Security Checks Low: Boring stuff Example: Execution time > 300s
Security Checks Maybe: Not sure, check manually Example: Memory limit
> 128MB
Security Checks Comment: Just mentioning it Example: Upload max filesize
is the default (8MB)
Modes CLI Web
Web Security 127.0.0.1 mtime < 2d
How good / bad are the Ubuntu 14.04 defaults? nginx
+ PHP-FPM
None
Give It a Try $ git clone https://github.com/xeraa/ppc-test.git $ cd
ppc-test/ $ vagrant up http://127.0.0.1:8080/phpconfigcheck-allow.php
Conclusion: Simple but gets the job done
Questions?
xeraa
mitohato14
nealle
yosuke_furukawa
tkikuc
osyoyu
unachang113
syumai
minodriven
ivargrimstad
tjjh89017
yusukebe
fire_arlo
colly
reverentgeek
swwweet
mclloyd
cromwellryan
sergeychernyshev
bermonpainter
yeseniaperezcruz
denniskardys
philnash
jacobian
quramy
