Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Secure Configuration Checker
Search
Philipp Krenn
September 08, 2014
Programming
1
440
PHP Secure Configuration Checker
Short intro to Sektioneins' PCC
Philipp Krenn
September 08, 2014
Tweet
Share
More Decks by Philipp Krenn
See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
2.4k
360° Monitoring of Your Microservices
xeraa
7
3.6k
Scale Your Metrics with Elasticsearch
xeraa
4
170
YAML Considered Harmful
xeraa
0
2.1k
Scale Your Elasticsearch Cluster
xeraa
1
340
Hands-On ModSecurity and Logging
xeraa
2
220
Centralized Logging Patterns
xeraa
1
1.2k
Dashboards for Your Management with Kibana Canvas
xeraa
1
500
Make Your Data FABulous
xeraa
3
1.1k
Other Decks in Programming
See All in Programming
モックわからないマン卒業記 ~振る舞いを起点に見直した、フロントエンドテストにおけるモックの使いどころ~
tasukuwatanabe
3
420
AI 開発合宿を通して得た学び
niftycorp
PRO
0
170
メッセージングを利用して時間的結合を分離しよう #phperkaigi
kajitack
3
320
ポーリング処理廃止によるイベント駆動アーキテクチャへの移行
seitarof
3
1.3k
仕様漏れ実装漏れをなくすトレーサビリティAI基盤のご紹介
orgachem
PRO
7
3.1k
Agentic AI: Evolution oder Revolution
mobilelarson
PRO
0
190
How to stabilize UI tests using XCTest
akkeylab
0
140
最初からAWS CDKで技術検証してもいいんじゃない?
akihisaikeda
4
170
コーディングルールの鮮度を保ちたい / keep-fresh-go-internal-conventions
handlename
0
230
PHP でエミュレータを自作して Ubuntu を動かそう
m3m0r7
PRO
2
140
Rで始めるML・LLM活用入門
wakamatsu_takumu
0
200
条件判定に名前、つけてますか? #phperkaigi #c
77web
2
790
Featured
See All Featured
Test your architecture with Archunit
thirion
1
2.2k
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
1k
Navigating Team Friction
lara
192
16k
How to build an LLM SEO readiness audit: a practical framework
nmsamuel
1
690
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Building Applications with DynamoDB
mza
96
7k
Keith and Marios Guide to Fast Websites
keithpitt
413
23k
Building the Perfect Custom Keyboard
takai
2
720
We Have a Design System, Now What?
morganepeng
55
8k
Tell your own story through comics
letsgokoyo
1
870
The Invisible Side of Design
smashingmag
302
51k
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.2k
Transcript
PHP Secure Configuration Checker Philipp Krenn, @xeraa
https://github.com/ sektioneins/pcc SektionEins (Suhoshin) PHP 5.4+ New BSD License
Security Checks Critical: Fix this NOW Example: Register globals
Security Checks High: You should really look at this Example:
Allow URL fopen
Security Checks Medium: This might be a problem Example: Display
errors on
Security Checks Low: Boring stuff Example: Execution time > 300s
Security Checks Maybe: Not sure, check manually Example: Memory limit
> 128MB
Security Checks Comment: Just mentioning it Example: Upload max filesize
is the default (8MB)
Modes CLI Web
Web Security 127.0.0.1 mtime < 2d
How good / bad are the Ubuntu 14.04 defaults? nginx
+ PHP-FPM
None
Give It a Try $ git clone https://github.com/xeraa/ppc-test.git $ cd
ppc-test/ $ vagrant up http://127.0.0.1:8080/phpconfigcheck-allow.php
Conclusion: Simple but gets the job done
Questions?
xeraa
tasukuwatanabe
niftycorp
kajitack
seitarof
orgachem
mobilelarson
akkeylab
akihisaikeda
handlename
m3m0r7
wakamatsu_takumu
77web
thirion
joshbly
lara
nmsamuel
caitiem20
mza
keithpitt
takai
morganepeng
letsgokoyo
smashingmag
geoffreycrofte
