Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Secure Configuration Checker
Search
Philipp Krenn
September 08, 2014
Programming
1
430
PHP Secure Configuration Checker
Short intro to Sektioneins' PCC
Philipp Krenn
September 08, 2014
Tweet
Share
More Decks by Philipp Krenn
See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
2.2k
360° Monitoring of Your Microservices
xeraa
7
3.4k
Scale Your Metrics with Elasticsearch
xeraa
4
140
YAML Considered Harmful
xeraa
0
2.1k
Scale Your Elasticsearch Cluster
xeraa
1
310
Hands-On ModSecurity and Logging
xeraa
2
190
Centralized Logging Patterns
xeraa
1
1.1k
Dashboards for Your Management with Kibana Canvas
xeraa
1
470
Make Your Data FABulous
xeraa
3
890
Other Decks in Programming
See All in Programming
What Spring Developers Should Know About Jakarta EE
ivargrimstad
0
180
Effect の双対、Coeffect
yukikurage
5
1.4k
iOSアプリ開発で 関数型プログラミングを実現する The Composable Architectureの紹介
yimajo
2
210
明示と暗黙 ー PHPとGoの インターフェイスの違いを知る
shimabox
2
260
Is Xcode slowly dying out in 2025?
uetyo
1
190
Bytecode Manipulation 으로 생산성 높이기
bigstark
2
370
GoのWebAssembly活用パターン紹介
syumai
3
10k
型付きアクターモデルがもたらす分散シミュレーションの未来
piyo7
0
800
PostgreSQLのRow Level SecurityをPHPのORMで扱う Eloquent vs Doctrine #phpcon #track2
77web
2
270
Create a website using Spatial Web
akkeylab
0
300
20250628_非エンジニアがバイブコーディングしてみた
ponponmikankan
0
310
Webの外へ飛び出せ NativePHPが切り拓くPHPの未来
takuyakatsusa
2
300
Featured
See All Featured
Agile that works and the tools we love
rasmusluckow
329
21k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.4k
YesSQL, Process and Tooling at Scale
rocio
173
14k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.3k
Balancing Empowerment & Direction
lara
1
350
How to train your dragon (web standard)
notwaldorf
92
6.1k
Principles of Awesome APIs and How to Build Them.
keavy
126
17k
Adopting Sorbet at Scale
ufuk
77
9.4k
Typedesign – Prime Four
hannesfritz
42
2.7k
The Art of Programming - Codeland 2020
erikaheidi
54
13k
Building a Scalable Design System with Sketch
lauravandoore
462
33k
Done Done
chrislema
184
16k
Transcript
PHP Secure Configuration Checker Philipp Krenn, @xeraa
https://github.com/ sektioneins/pcc SektionEins (Suhoshin) PHP 5.4+ New BSD License
Security Checks Critical: Fix this NOW Example: Register globals
Security Checks High: You should really look at this Example:
Allow URL fopen
Security Checks Medium: This might be a problem Example: Display
errors on
Security Checks Low: Boring stuff Example: Execution time > 300s
Security Checks Maybe: Not sure, check manually Example: Memory limit
> 128MB
Security Checks Comment: Just mentioning it Example: Upload max filesize
is the default (8MB)
Modes CLI Web
Web Security 127.0.0.1 mtime < 2d
How good / bad are the Ubuntu 14.04 defaults? nginx
+ PHP-FPM
None
Give It a Try $ git clone https://github.com/xeraa/ppc-test.git $ cd
ppc-test/ $ vagrant up http://127.0.0.1:8080/phpconfigcheck-allow.php
Conclusion: Simple but gets the job done
Questions?
xeraa
ivargrimstad
yukikurage
yimajo
shimabox
uetyo
bigstark
syumai
piyo7
77web
akkeylab
ponponmikankan
takuyakatsusa
rasmusluckow
marktimemedia
rocio
thoeni
lara
notwaldorf
keavy
ufuk
hannesfritz
erikaheidi
lauravandoore
chrislema
