Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
PHP Secure Configuration Checker
Search
Philipp Krenn
September 08, 2014
Programming
1
390
PHP Secure Configuration Checker
Short intro to Sektioneins' PCC
Philipp Krenn
September 08, 2014
Tweet
Share
More Decks by Philipp Krenn
See All by Philipp Krenn
Full-Text Search Explained
xeraa
11
1.9k
360° Monitoring of Your Microservices
xeraa
7
3.1k
Scale Your Metrics with Elasticsearch
xeraa
4
120
YAML Considered Harmful
xeraa
0
1.9k
Scale Your Elasticsearch Cluster
xeraa
1
260
Hands-On ModSecurity and Logging
xeraa
2
120
Centralized Logging Patterns
xeraa
1
910
Dashboards for Your Management with Kibana Canvas
xeraa
1
440
Make Your Data FABulous
xeraa
3
740
Other Decks in Programming
See All in Programming
PHPerKaigi 2024〜10年以上動いているレガシーなバッチシステムを Kubernetes(Amazon EKS) に移行する取り組み〜
tshinowpub
1
220
Understanding Ast By Looking
inouehi
0
120
Introduction for Open Source Swift Workshop
giginet
PRO
0
290
WebComponentsで フレームワークを1ページに共存させる
webuilder240
0
150
実践!RDRAを活用した既存システムの仕様変更 / Specification Changes in Existing Systems Utilizing RDRA
imamotohikaru
0
2.7k
App Router への移行は「改善」となり得るのか?/ Can migration to App Router be an improvement
takefumiyoshii
1
140
WasmOS: Wasmを実行する自作Microkernel
riru
0
370
OpenTelemetry のサービスという概念について
azukiazusa1
1
410
せっかくモデル図描くのなら、嬉しいことが多い方がいいよね!
kuboaki
1
1.8k
Laravel標準バリデーションでできること
hmb_ok
2
360
[スクリプト] Swiftの型推論を学ぼう
omochi
0
120
受託開発でGitLab CI を活用していく
xiombatsg
1
130
Featured
See All Featured
[Rails World 2023 - Day 1 Closing Keynote] - The Magic of Rails
eileencodes
1
1.2k
How STYLIGHT went responsive
nonsquared
92
4.7k
Building Applications with DynamoDB
mza
88
5.6k
How To Stay Up To Date on Web Technology
chriscoyier
781
250k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
240
1.2M
Java REST API Framework Comparison - PWX 2021
mraible
PRO
18
6.8k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
225
51k
Building Flexible Design Systems
yeseniaperezcruz
317
37k
Bash Introduction
62gerente
604
210k
Bootstrapping a Software Product
garrettdimon
PRO
302
110k
GitHub's CSS Performance
jonrohan
1023
450k
[RailsConf 2023] Rails as a piece of cake
palkan
21
3.8k
Transcript
PHP Secure Configuration Checker Philipp Krenn, @xeraa
https://github.com/ sektioneins/pcc SektionEins (Suhoshin) PHP 5.4+ New BSD License
Security Checks Critical: Fix this NOW Example: Register globals
Security Checks High: You should really look at this Example:
Allow URL fopen
Security Checks Medium: This might be a problem Example: Display
errors on
Security Checks Low: Boring stuff Example: Execution time > 300s
Security Checks Maybe: Not sure, check manually Example: Memory limit
> 128MB
Security Checks Comment: Just mentioning it Example: Upload max filesize
is the default (8MB)
Modes CLI Web
Web Security 127.0.0.1 mtime < 2d
How good / bad are the Ubuntu 14.04 defaults? nginx
+ PHP-FPM
None
Give It a Try $ git clone https://github.com/xeraa/ppc-test.git $ cd
ppc-test/ $ vagrant up http://127.0.0.1:8080/phpconfigcheck-allow.php
Conclusion: Simple but gets the job done
Questions?