Upgrade to PRO for Only $50/Year—Limited-Time Offer! 🔥
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Secure Configuration Checker
Search
Philipp Krenn
September 08, 2014
Programming
1
440
PHP Secure Configuration Checker
Short intro to Sektioneins' PCC
Philipp Krenn
September 08, 2014
Tweet
Share
More Decks by Philipp Krenn
See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
2.3k
360° Monitoring of Your Microservices
xeraa
7
3.5k
Scale Your Metrics with Elasticsearch
xeraa
4
150
YAML Considered Harmful
xeraa
0
2.1k
Scale Your Elasticsearch Cluster
xeraa
1
320
Hands-On ModSecurity and Logging
xeraa
2
200
Centralized Logging Patterns
xeraa
1
1.1k
Dashboards for Your Management with Kibana Canvas
xeraa
1
490
Make Your Data FABulous
xeraa
3
1k
Other Decks in Programming
See All in Programming
Microservices Platforms: When Team Topologies Meets Microservices Patterns
cer
PRO
1
1k
sbt 2
xuwei_k
0
280
堅牢なフロントエンドテスト基盤を構築するために行った取り組み
shogo4131
8
2.3k
「コードは上から下へ読むのが一番」と思った時に、思い出してほしい話
panda728
PRO
38
25k
AIコーディングエージェント(Gemini)
kondai24
0
210
Tinkerbellから学ぶ、Podで DHCPをリッスンする手法
tomokon
0
130
UIデザインに役立つ 2025年の最新CSS / The Latest CSS for UI Design 2025
clockmaker
18
7.4k
実はマルチモーダルだった。ブラウザの組み込みAI🧠でWebの未来を感じてみよう #jsfes #gemini
n0bisuke2
0
210
モデル駆動設計をやってみよう ワークショップ開催報告(Modeling Forum2025) / model driven design workshop report
haru860
0
260
認証・認可の基本を学ぼう後編
kouyuume
0
190
宅宅自以為的浪漫:跟 AI 一起為自己辦的研討會寫一個售票系統
eddie
0
500
エディターってAIで操作できるんだぜ
kis9a
0
720
Featured
See All Featured
Understanding Cognitive Biases in Performance Measurement
bluesmoon
32
2.7k
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
70k
4 Signs Your Business is Dying
shpigford
186
22k
Improving Core Web Vitals using Speculation Rules API
sergeychernyshev
21
1.3k
RailsConf 2023
tenderlove
30
1.3k
Optimizing for Happiness
mojombo
379
70k
The Invisible Side of Design
smashingmag
302
51k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
49
3.2k
Code Reviewing Like a Champion
maltzj
527
40k
Designing for Performance
lara
610
69k
Reflections from 52 weeks, 52 projects
jeffersonlam
355
21k
How to train your dragon (web standard)
notwaldorf
97
6.4k
Transcript
PHP Secure Configuration Checker Philipp Krenn, @xeraa
https://github.com/ sektioneins/pcc SektionEins (Suhoshin) PHP 5.4+ New BSD License
Security Checks Critical: Fix this NOW Example: Register globals
Security Checks High: You should really look at this Example:
Allow URL fopen
Security Checks Medium: This might be a problem Example: Display
errors on
Security Checks Low: Boring stuff Example: Execution time > 300s
Security Checks Maybe: Not sure, check manually Example: Memory limit
> 128MB
Security Checks Comment: Just mentioning it Example: Upload max filesize
is the default (8MB)
Modes CLI Web
Web Security 127.0.0.1 mtime < 2d
How good / bad are the Ubuntu 14.04 defaults? nginx
+ PHP-FPM
None
Give It a Try $ git clone https://github.com/xeraa/ppc-test.git $ cd
ppc-test/ $ vagrant up http://127.0.0.1:8080/phpconfigcheck-allow.php
Conclusion: Simple but gets the job done
Questions?
xeraa
cer
xuwei_k
shogo4131
panda728
kondai24
tomokon
clockmaker
n0bisuke2
haru860
kouyuume
eddie
kis9a
bluesmoon
soudai
shpigford
sergeychernyshev
tenderlove
mojombo
smashingmag
tammyeverts
maltzj
lara
jeffersonlam
notwaldorf
