Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Secure Configuration Checker
Search
Philipp Krenn
September 08, 2014
Programming
1
440
PHP Secure Configuration Checker
Short intro to Sektioneins' PCC
Philipp Krenn
September 08, 2014
Tweet
Share
More Decks by Philipp Krenn
See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
2.4k
360° Monitoring of Your Microservices
xeraa
7
3.5k
Scale Your Metrics with Elasticsearch
xeraa
4
160
YAML Considered Harmful
xeraa
0
2.1k
Scale Your Elasticsearch Cluster
xeraa
1
330
Hands-On ModSecurity and Logging
xeraa
2
210
Centralized Logging Patterns
xeraa
1
1.2k
Dashboards for Your Management with Kibana Canvas
xeraa
1
490
Make Your Data FABulous
xeraa
3
1k
Other Decks in Programming
See All in Programming
Unicodeどうしてる? PHPから見たUnicode対応と他言語での対応についてのお伺い
youkidearitai
PRO
1
2.5k
Amazon Bedrockを活用したRAGの品質管理パイプライン構築
tosuri13
4
260
「ブロックテーマでは再現できない」は本当か?
inc2734
0
900
例外処理とどう使い分ける?Result型を使ったエラー設計 #burikaigi
kajitack
16
6k
【卒業研究】会話ログ分析によるユーザーごとの関心に応じた話題提案手法
momok47
0
190
開発者から情シスまで - 多様なユーザー層に届けるAPI提供戦略 / Postman API Night Okinawa 2026 Winter
tasshi
0
200
AI前提で考えるiOSアプリのモダナイズ設計
yuukiw00w
0
220
Patterns of Patterns
denyspoltorak
0
1.4k
AIによる高速開発をどう制御するか? ガードレール設置で開発速度と品質を両立させたチームの事例
tonkotsuboy_com
7
2.1k
生成AIを使ったコードレビューで定性的に品質カバー
chiilog
1
260
疑似コードによるプロンプト記述、どのくらい正確に実行される?
kokuyouwind
0
380
16年目のピクシブ百科事典を支える最新の技術基盤 / The Modern Tech Stack Powering Pixiv Encyclopedia in its 16th Year
ahuglajbclajep
5
1k
Featured
See All Featured
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
Primal Persuasion: How to Engage the Brain for Learning That Lasts
tmiket
0
250
SEO in 2025: How to Prepare for the Future of Search
ipullrank
3
3.3k
A brief & incomplete history of UX Design for the World Wide Web: 1989–2019
jct
1
300
Are puppies a ranking factor?
jonoalderson
1
2.7k
Build The Right Thing And Hit Your Dates
maggiecrowley
38
3k
Neural Spatial Audio Processing for Sound Field Analysis and Control
skoyamalab
0
160
Highjacked: Video Game Concept Design
rkendrick25
PRO
1
280
Writing Fast Ruby
sferik
630
62k
Claude Code どこまでも/ Claude Code Everywhere
nwiizo
61
52k
Building Flexible Design Systems
yeseniaperezcruz
330
40k
Reflections from 52 weeks, 52 projects
jeffersonlam
356
21k
Transcript
PHP Secure Configuration Checker Philipp Krenn, @xeraa
https://github.com/ sektioneins/pcc SektionEins (Suhoshin) PHP 5.4+ New BSD License
Security Checks Critical: Fix this NOW Example: Register globals
Security Checks High: You should really look at this Example:
Allow URL fopen
Security Checks Medium: This might be a problem Example: Display
errors on
Security Checks Low: Boring stuff Example: Execution time > 300s
Security Checks Maybe: Not sure, check manually Example: Memory limit
> 128MB
Security Checks Comment: Just mentioning it Example: Upload max filesize
is the default (8MB)
Modes CLI Web
Web Security 127.0.0.1 mtime < 2d
How good / bad are the Ubuntu 14.04 defaults? nginx
+ PHP-FPM
None
Give It a Try $ git clone https://github.com/xeraa/ppc-test.git $ cd
ppc-test/ $ vagrant up http://127.0.0.1:8080/phpconfigcheck-allow.php
Conclusion: Simple but gets the job done
Questions?
xeraa
youkidearitai
tosuri13
inc2734
kajitack
momok47
tasshi
yuukiw00w
denyspoltorak
tonkotsuboy_com
chiilog
kokuyouwind
ahuglajbclajep
garrettdimon
tmiket
ipullrank
jct
jonoalderson
maggiecrowley
skoyamalab
rkendrick25
sferik
nwiizo
yeseniaperezcruz
jeffersonlam
