Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Secure Configuration Checker
Search
Philipp Krenn
September 08, 2014
Programming
440
1
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
PHP Secure Configuration Checker
Short intro to Sektioneins' PCC
Philipp Krenn
September 08, 2014
More Decks by Philipp Krenn
See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
2.4k
360° Monitoring of Your Microservices
xeraa
7
3.6k
Scale Your Metrics with Elasticsearch
xeraa
4
180
YAML Considered Harmful
xeraa
0
2.1k
Scale Your Elasticsearch Cluster
xeraa
1
370
Hands-On ModSecurity and Logging
xeraa
2
220
Centralized Logging Patterns
xeraa
1
1.2k
Dashboards for Your Management with Kibana Canvas
xeraa
1
510
Make Your Data FABulous
xeraa
3
1.1k
Other Decks in Programming
See All in Programming
過去最大のMCPアップデート! 2026-07-28 RC版の謎に迫る
licux
6
350
Skillsは効率化、Agentsは"自分の拡張"——Builder時代のエージェント編成(CC Night 2026)
wemra
1
140
jQueryをバージョンアップする前に使いたいjQuery Migrate
matsuo_atsushi
0
520
Dataformのリポジトリを立ち上げるときにまずやること / dataform-day0-2026
snhryt
0
170
依存関係から依存物へ―Dependencyという言葉の歴史をひも解く
j_lee
0
120
さぁV100、メモリをお食べ・・・
nilpe
0
140
Inside Stream API
skrb
1
730
Hunting Vulnerabilities in Symfony with LLMs
vinceamstoutz
0
550
エンジニアと一緒にテストコードの設計と実装を改善した話
mototakatsu
0
190
Oxlintのカスタムルールの現況
syumai
6
1.1k
決定論的オーケストレーションの設計と実装 / Design and Implementation of Deterministic Orchestration
nrslib
4
1.4k
Lemonade + Foundry Toolkit でお手軽アプリ開発
seosoft
1
340
Featured
See All Featured
How GitHub (no longer) Works
holman
316
150k
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
The browser strikes back
jonoalderson
0
1.3k
Marketing to machines
jonoalderson
1
5.5k
Making Projects Easy
brettharned
120
6.7k
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
240
Easily Structure & Communicate Ideas using Wireframe
afnizarnur
194
17k
WCS-LA-2024
lcolladotor
0
640
Lessons Learnt from Crawling 1000+ Websites
charlesmeaden
PRO
1
1.3k
Scaling GitHub
holman
464
140k
Designing for Performance
lara
611
70k
Transcript
PHP Secure Configuration Checker Philipp Krenn, @xeraa
https://github.com/ sektioneins/pcc SektionEins (Suhoshin) PHP 5.4+ New BSD License
Security Checks Critical: Fix this NOW Example: Register globals
Security Checks High: You should really look at this Example:
Allow URL fopen
Security Checks Medium: This might be a problem Example: Display
errors on
Security Checks Low: Boring stuff Example: Execution time > 300s
Security Checks Maybe: Not sure, check manually Example: Memory limit
> 128MB
Security Checks Comment: Just mentioning it Example: Upload max filesize
is the default (8MB)
Modes CLI Web
Web Security 127.0.0.1 mtime < 2d
How good / bad are the Ubuntu 14.04 defaults? nginx
+ PHP-FPM
None
Give It a Try $ git clone https://github.com/xeraa/ppc-test.git $ cd
ppc-test/ $ vagrant up http://127.0.0.1:8080/phpconfigcheck-allow.php
Conclusion: Simple but gets the job done
Questions?
xeraa
licux
wemra
matsuo_atsushi
snhryt
j_lee
nilpe
skrb
vinceamstoutz
mototakatsu
syumai
nrslib
seosoft
holman
aarron
jonoalderson
brettharned
denniskardys
gurzu
afnizarnur
lcolladotor
charlesmeaden
lara
