Upgrade to Pro — share decks privately, control downloads, hide ads and more …

PHP Security Bootcamp

PHP Security Bootcamp

The web is becoming a more and more dangerous place every day. You, as a PHP application developer, need to be armed with the tools and knowledge to make your applications as secure as possible. Come get hands-on training in applying secure design principles, testing code for vulnerabilities and fixing the problems we find together. We'll be using a vulnerable application to illustrate some of the most common vulnerabilities like cross-site scripting, SQL injection and other notables from the OWASP Top 10 list. You'll walk away with a grasp of good secure coding practices and a platform for future experimentation.

At Lone Star PHP 2015

Chris Cornutt

April 18, 2015
Tweet

More Decks by Chris Cornutt

Other Decks in Technology

Transcript

  1. $44 +BWBTDSJQU )5.- )5.-"UUSJCVUF 2VFSZWBMVF Context style: foo-<?=$input?> var name

    = “<?=$input?>”; <div><?=$input?></div> <span style=“<?=$input?>”>foo</span> $url = “http://foo.com?data=“.$input
  2. Prevention #1 <?php $name = htmlspecialchars( $_GET[‘name’], ENT_COMPAT, ‘UTF-8’ );

    echo “Howdy, my name is “.$name; ?> /PUF5IJTJTPOMZGPSB)5.-DPOUFYU
  3. Prevention #2 {{ name|e(‘html’) }} {{ name|e(‘html_attr’) }} {{ name|e(‘js’)

    }} {{ name|e(‘css’) }} /PUF5IJTFYBNQMFSFRVJSFT5XJH
  4. Example $sql = ‘select id from users where username =

    “‘.$_POST[‘username’].’” and password = “‘.$_POST[‘password’].’”’; password=‘ or 1=1; # select id from users where username = “user1” and password = “” or 1=1; #
  5. Prevention <?php $stmt = $dbh->prepare(‘select id from users’ .’ where

    username = :user’ .’ and password = :pass’); $stmt->execute(array( ‘user’ => $_POST[‘username’], ‘pass’ => $_POST[‘password’] )); $results = $stmt->fetchAll(PDO::FETCH_ASSOC); ?> /PUF5IJTFYBNQMFSFRVJSFT1%0TVQQPSU
  6. Example <form action=“/user/register” method=“POST”> <input type=“text” name=“username”/> <input type=“password” name=“password”/>

    <input type=“submit” value=“Register”/> <input type=“hidden” value=“098f6bcd4621d373cade4e832627b4f6” name=“csrf-token”/> </form>