Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Secure Configuration Checker
Search
Philipp Krenn
September 08, 2014
Programming
1
440
PHP Secure Configuration Checker
Short intro to Sektioneins' PCC
Philipp Krenn
September 08, 2014
Tweet
Share
More Decks by Philipp Krenn
See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
2.2k
360° Monitoring of Your Microservices
xeraa
7
3.5k
Scale Your Metrics with Elasticsearch
xeraa
4
150
YAML Considered Harmful
xeraa
0
2.1k
Scale Your Elasticsearch Cluster
xeraa
1
320
Hands-On ModSecurity and Logging
xeraa
2
190
Centralized Logging Patterns
xeraa
1
1.1k
Dashboards for Your Management with Kibana Canvas
xeraa
1
480
Make Your Data FABulous
xeraa
3
920
Other Decks in Programming
See All in Programming
Pythonに漸進的に型をつける
nealle
1
120
monorepo の Go テストをはやくした〜い!~最小の依存解決への道のり~ / faster-testing-of-monorepos
convto
2
550
Leading Effective Engineering Teams in the AI Era
addyosmani
7
610
Migration to Signals, Resource API, and NgRx Signal Store
manfredsteyer
PRO
0
120
CSC305 Lecture 10
javiergs
PRO
0
250
コード生成なしでモック処理を実現!ovechkin-dm/mockioで学ぶメタプログラミング
qualiarts
0
270
組込みだけじゃない!TinyGo で始める無料クラウド開発入門
otakakot
2
370
The Past, Present, and Future of Enterprise Java
ivargrimstad
0
470
Vueのバリデーション、結局どれを選べばいい? ― 自作バリデーションの限界と、脱却までの道のり ― / Which Vue Validation Library Should We Really Use? The Limits of Self-Made Validation and How I Finally Moved On
neginasu
2
1.6k
Things You Thought You Didn’t Need To Care About That Have a Big Impact On Your Job
hollycummins
0
250
ソフトウェア設計の実践的な考え方
masuda220
PRO
4
650
Range on Rails ―「多重範囲型」という新たな選択肢が、複雑ロジックを劇的にシンプルにしたワケ
rizap_tech
0
7.7k
Featured
See All Featured
Designing for Performance
lara
610
69k
Navigating Team Friction
lara
190
15k
ReactJS: Keep Simple. Everything can be a component!
pedronauck
667
130k
Build The Right Thing And Hit Your Dates
maggiecrowley
38
2.9k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
9
1k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
4 Signs Your Business is Dying
shpigford
185
22k
RailsConf 2023
tenderlove
30
1.3k
Put a Button on it: Removing Barriers to Going Fast.
kastner
60
4k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
16
1.7k
It's Worth the Effort
3n
187
28k
Faster Mobile Websites
deanohume
310
31k
Transcript
PHP Secure Configuration Checker Philipp Krenn, @xeraa
https://github.com/ sektioneins/pcc SektionEins (Suhoshin) PHP 5.4+ New BSD License
Security Checks Critical: Fix this NOW Example: Register globals
Security Checks High: You should really look at this Example:
Allow URL fopen
Security Checks Medium: This might be a problem Example: Display
errors on
Security Checks Low: Boring stuff Example: Execution time > 300s
Security Checks Maybe: Not sure, check manually Example: Memory limit
> 128MB
Security Checks Comment: Just mentioning it Example: Upload max filesize
is the default (8MB)
Modes CLI Web
Web Security 127.0.0.1 mtime < 2d
How good / bad are the Ubuntu 14.04 defaults? nginx
+ PHP-FPM
None
Give It a Try $ git clone https://github.com/xeraa/ppc-test.git $ cd
ppc-test/ $ vagrant up http://127.0.0.1:8080/phpconfigcheck-allow.php
Conclusion: Simple but gets the job done
Questions?
xeraa
nealle
convto
addyosmani
manfredsteyer
javiergs
qualiarts
otakakot
ivargrimstad
neginasu
hollycummins
masuda220
rizap_tech
lara
pedronauck
maggiecrowley
irinanazarova
shpigford
tenderlove
kastner
reverentgeek
3n
deanohume
