Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Secure Configuration Checker
Search
Sponsored
·
Your Podcast. Everywhere. Effortlessly.
Share. Educate. Inspire. Entertain. You do you. We'll handle the rest.
→
Philipp Krenn
September 08, 2014
Programming
440
1
Share
PHP Secure Configuration Checker
Short intro to Sektioneins' PCC
Philipp Krenn
September 08, 2014
More Decks by Philipp Krenn
See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
2.4k
360° Monitoring of Your Microservices
xeraa
7
3.6k
Scale Your Metrics with Elasticsearch
xeraa
4
170
YAML Considered Harmful
xeraa
0
2.1k
Scale Your Elasticsearch Cluster
xeraa
1
350
Hands-On ModSecurity and Logging
xeraa
2
220
Centralized Logging Patterns
xeraa
1
1.2k
Dashboards for Your Management with Kibana Canvas
xeraa
1
510
Make Your Data FABulous
xeraa
3
1.1k
Other Decks in Programming
See All in Programming
リセットCSSを1行消したらアクセシビリティが向上した話
pvcresin
4
520
SkillsをS3 Filesに置く時のあれこれ
watany
3
1.6k
Back to the roots of date
jinroq
0
870
関係性から理解する"同一性"の型用語たち
pvcresin
1
170
Programming with a DJ Controller — not vibe coding
m_seki
3
860
AIを導入する前にやるべきこと
negima
2
360
プラグインで拡張される Context をtype-safe にする難しさと設計判断
kazupon
0
170
新規プロダクトを高速で生み出すハーネスエンジニアリング
seanchas116
2
150
密結合なバックエンドから TypeScript のコードを生成する
kemuridama
0
180
サークル参加から学ぶ、小さな事業の回し方
yuzneri
0
190
Cloudflare で始める Data Platform
ta93abe
0
170
AI Agent と正しく分析するための環境作り
yoshyum
2
520
Featured
See All Featured
Navigating Weather and Climate Data
rabernat
0
190
ReactJS: Keep Simple. Everything can be a component!
pedronauck
666
130k
The #1 spot is gone: here's how to win anyway
tamaranovitovic
2
1k
Why You Should Never Use an ORM
jnunemaker
PRO
61
9.8k
Abbi's Birthday
coloredviolet
2
7.6k
Learning to Love Humans: Emotional Interface Design
aarron
275
41k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
52k
CoffeeScript is Beautiful & I Never Want to Write Plain JavaScript Again
sstephenson
162
16k
Code Review Best Practice
trishagee
74
20k
Collaborative Software Design: How to facilitate domain modelling decisions
baasie
1
220
Facilitating Awesome Meetings
lara
57
6.8k
First, design no harm
axbom
PRO
2
1.2k
Transcript
PHP Secure Configuration Checker Philipp Krenn, @xeraa
https://github.com/ sektioneins/pcc SektionEins (Suhoshin) PHP 5.4+ New BSD License
Security Checks Critical: Fix this NOW Example: Register globals
Security Checks High: You should really look at this Example:
Allow URL fopen
Security Checks Medium: This might be a problem Example: Display
errors on
Security Checks Low: Boring stuff Example: Execution time > 300s
Security Checks Maybe: Not sure, check manually Example: Memory limit
> 128MB
Security Checks Comment: Just mentioning it Example: Upload max filesize
is the default (8MB)
Modes CLI Web
Web Security 127.0.0.1 mtime < 2d
How good / bad are the Ubuntu 14.04 defaults? nginx
+ PHP-FPM
None
Give It a Try $ git clone https://github.com/xeraa/ppc-test.git $ cd
ppc-test/ $ vagrant up http://127.0.0.1:8080/phpconfigcheck-allow.php
Conclusion: Simple but gets the job done
Questions?
xeraa
pvcresin
watany
jinroq
m_seki
negima
kazupon
seanchas116
kemuridama
yuzneri
ta93abe
yoshyum
rabernat
pedronauck
tamaranovitovic
jnunemaker
coloredviolet
aarron
chrisshort
sstephenson
trishagee
baasie
lara
axbom
