SlideShare a Scribd company logo

Hacking with PHP

Mark Niebergall, profile picture
Mark Niebergall

The document discusses hacking with PHP, focusing on increasing project security and understanding various cyber threats. It covers risk assessment, types of attacks such as ransomware and XSS, and effective countermeasures to enhance security. Additionally, it encourages creative coding and group discussions around real-world attack experiences and best practices.

Software
1 of 20
Downloaded 10 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Hacking with PHP Mark Niebergall LonghornPHP 2019 https://github.com/mbniebergall/hacking-with-php
Mark Niebergall • PHP since 2005 • Masters degree in MIS • Senior Software Engineer • Drug screening project • Utah PHP Co-Organizer • CSSLP, SSCP Certified and SME • Father, long distance running, fishing, skiing
Objective • Understand attacks • Increase project security • Implement effective countermeasures
https://www.pexels.com/photo/architectural-design-architecture-blue-sky-bungalow-462358/
https://static01.nyt.com/images/2016/08/05/us/05onfire1_xp/05onfire1_xp-articleLarge-v2.jpg?quality=75&auto=webp&disable=upscale
Hacking with PHP • Risk to Resources • Threat Modeling • Types of Attacks • Countermeasures
Risk to Resources
Risk to Resources • Data • Functionality • Hardware • Source code
Threat Modeling
Threat Modeling • https://cybermap.kaspersky.com/
Threat Modeling • Identify threats - Script kiddies - Organized groups - Nation states - Curious users
Threat Modeling • Risk assessment
Types of Attacks
Types of Attacks • Ransomware • Malware • Covert data theft • Data decryption (credentials, personal, credit card, etc.) • Denial of Service (DoS)/Distributed DoS (DDoS) • Injection • Session hijacking • Cross-site scripting (XSS) • Spear Phishing • Name others?
Countermeasures
Countermeasures • Prevent attacks from being successful - Attacks are going to happen, can only reduce likelihood of success
https://www.kurdsoft.net/Photo/Editor/BLogImg/osi-model-7-layers-network-connectivity.png
Coding Time! • Be creative • Group input • Different attack types • How to implement countermeasures
Group Discussion • Attacks seen in the wild • Countermeasures used • PHP best practices • OSI model layers
Questions? • Feedback

More Related Content

PDF
MonkeySpider at Sicherheit 2008
Ali Ikinci
 
PPTX
Building Better WordPress Sites
Brian LaFrance
 
PDF
Talesh Seeparsan - The Hound of the Malwarevilles
Meet Magento Italy
 
PDF
E2 Labs: ADVANCED PROGRAM ON: THE SECURITY OF A WEBSITE
e2-labs
 
PDF
BinaryPig - Scalable Malware Analytics in Hadoop
Jason Trost
 
PDF
Welcome to Cybrom Technology, Indrapuri Bhopal.pdf
E&ICT IIT Guwahati X Cybrom Technology Indrapuri
 
PDF
Run Fast, Try Not to Break S**t
Michael Schmidt
 
PPTX
[若渴計畫] Black Hat 2017之過去閱讀相關整理
Aj MaChInE
 
MonkeySpider at Sicherheit 2008
Ali Ikinci
 
Building Better WordPress Sites
Brian LaFrance
 
Talesh Seeparsan - The Hound of the Malwarevilles
Meet Magento Italy
 
E2 Labs: ADVANCED PROGRAM ON: THE SECURITY OF A WEBSITE
e2-labs
 
BinaryPig - Scalable Malware Analytics in Hadoop
Jason Trost
 
Welcome to Cybrom Technology, Indrapuri Bhopal.pdf
E&ICT IIT Guwahati X Cybrom Technology Indrapuri
 
Run Fast, Try Not to Break S**t
Michael Schmidt
 
[若渴計畫] Black Hat 2017之過去閱讀相關整理
Aj MaChInE
 

Similar to Hacking with PHP (20)

PDF
MyResume.pdf
ahmadmahmoud60
 
DOCX
Php developer
Ertugrul Akbas
 
PPTX
Software developers as blue team
Omar Leonardo Quimbaya
 
PPTX
Javascript Security - Three main methods of defending your MEAN stack
Ran Bar-Zik
 
DOC
Resume-2016
Nihal Jatav
 
PDF
Best Practices for Ensuring SAP ABAP Code Quality and Security
Virtual Forge
 
PDF
Resume
Ezechi Aguzie
 
PDF
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
DevOps.com
 
PDF
Web tech weblamp_infosession_2012-13
Konrad Roeder
 
PDF
Mark Tortoricci - Talent42 2015
Talent42
 
PPTX
Amazing Hiring tech sourcing course Boolean Search + Xray The Lokenbergs
Gordon Lokenberg
 
PDF
P Hundamental Security Coding Secure With Php Lamp
phptechtalk
 
PDF
Threat Hunting Professional Online Training Course
ShivamSharma909
 
PPTX
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
CODE BLUE
 
PDF
My updated CV.pdf
Islam Magdy
 
PPTX
A question of trust - understanding Open Source risks
Tim Mackey
 
PDF
2018 p.ranjan.raja msc-13_year_ex_php_webdeveloper
php2ranjan
 
PPTX
Web-App Remote Code Execution Via Scripting Engines
c0c0n - International Cyber Security and Policing Conference
 
PPTX
High time to add machine learning to your information security stack
Minhaz A V
 
DOC
mitra_resume-2
Sangamitra Reddy Katamreddy
 
MyResume.pdf
ahmadmahmoud60
 
Php developer
Ertugrul Akbas
 
Software developers as blue team
Omar Leonardo Quimbaya
 
Javascript Security - Three main methods of defending your MEAN stack
Ran Bar-Zik
 
Resume-2016
Nihal Jatav
 
Best Practices for Ensuring SAP ABAP Code Quality and Security
Virtual Forge
 
Resume
Ezechi Aguzie
 
There’s an OpenBullet Attack Config for Your Site – What Should You Do?
DevOps.com
 
Web tech weblamp_infosession_2012-13
Konrad Roeder
 
Mark Tortoricci - Talent42 2015
Talent42
 
Amazing Hiring tech sourcing course Boolean Search + Xray The Lokenbergs
Gordon Lokenberg
 
P Hundamental Security Coding Secure With Php Lamp
phptechtalk
 
Threat Hunting Professional Online Training Course
ShivamSharma909
 
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani Goland
CODE BLUE
 
My updated CV.pdf
Islam Magdy
 
A question of trust - understanding Open Source risks
Tim Mackey
 
2018 p.ranjan.raja msc-13_year_ex_php_webdeveloper
php2ranjan
 
Web-App Remote Code Execution Via Scripting Engines
c0c0n - International Cyber Security and Policing Conference
 
High time to add machine learning to your information security stack
Minhaz A V
 
mitra_resume-2
Sangamitra Reddy Katamreddy
 

More from Mark Niebergall (20)

PDF
Filesystem Management with Flysystem - php[tek] 2023
Mark Niebergall
 
PDF
Leveling Up With Unit Testing - php[tek] 2023
Mark Niebergall
 
PDF
Filesystem Management with Flysystem at PHP UK 2023
Mark Niebergall
 
PDF
Leveling Up With Unit Testing - LonghornPHP 2022
Mark Niebergall
 
PDF
Developing SOLID Code
Mark Niebergall
 
PDF
Unit Testing from Setup to Deployment
Mark Niebergall
 
PDF
Stacking Up Middleware
Mark Niebergall
 
PDF
BDD API Tests with Gherkin and Behat
Mark Niebergall
 
PDF
BDD API Tests with Gherkin and Behat
Mark Niebergall
 
PDF
Relational Database Design Bootcamp
Mark Niebergall
 
PDF
Starting Out With PHP
Mark Niebergall
 
PDF
Automatic PHP 7 Compatibility Checking Using php7cc (and PHPCompatibility)
Mark Niebergall
 
PDF
Debugging PHP with Xdebug - PHPUK 2018
Mark Niebergall
 
PDF
Advanced PHP Simplified - Sunshine PHP 2018
Mark Niebergall
 
PDF
Defensive Coding Crash Course Tutorial
Mark Niebergall
 
PDF
Inheritance: Vertical or Horizontal
Mark Niebergall
 
PDF
Cybersecurity State of the Union
Mark Niebergall
 
PDF
Cryptography With PHP - ZendCon 2017 Workshop
Mark Niebergall
 
PDF
Defensive Coding Crash Course - ZendCon 2017
Mark Niebergall
 
PDF
Leveraging Composer in Existing Projects
Mark Niebergall
 
Filesystem Management with Flysystem - php[tek] 2023
Mark Niebergall
 
Leveling Up With Unit Testing - php[tek] 2023
Mark Niebergall
 
Filesystem Management with Flysystem at PHP UK 2023
Mark Niebergall
 
Leveling Up With Unit Testing - LonghornPHP 2022
Mark Niebergall
 
Developing SOLID Code
Mark Niebergall
 
Unit Testing from Setup to Deployment
Mark Niebergall
 
Stacking Up Middleware
Mark Niebergall
 
BDD API Tests with Gherkin and Behat
Mark Niebergall
 
BDD API Tests with Gherkin and Behat
Mark Niebergall
 
Relational Database Design Bootcamp
Mark Niebergall
 
Starting Out With PHP
Mark Niebergall
 
Automatic PHP 7 Compatibility Checking Using php7cc (and PHPCompatibility)
Mark Niebergall
 
Debugging PHP with Xdebug - PHPUK 2018
Mark Niebergall
 
Advanced PHP Simplified - Sunshine PHP 2018
Mark Niebergall
 
Defensive Coding Crash Course Tutorial
Mark Niebergall
 
Inheritance: Vertical or Horizontal
Mark Niebergall
 
Cybersecurity State of the Union
Mark Niebergall
 
Cryptography With PHP - ZendCon 2017 Workshop
Mark Niebergall
 
Defensive Coding Crash Course - ZendCon 2017
Mark Niebergall
 
Leveraging Composer in Existing Projects
Mark Niebergall
 

Recently uploaded (20)

PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
PDF
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
PDF
System and Network Administration Chapter 2
jaramharo
 
PPTX
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PPTX
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
PDF
AI in Product Development-omnex systems
omnex systems
 
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PPTX
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PDF
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
PDF
System and Network Administraation Chapter 3
jaramharo
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PPTX
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
Raksha Bandhan Grocery Pricing Trends in India 2025.pdf
Actowiz Solustions
 
Odoo Companies in India – Driving Business Transformation.pdf
azhuhardeen1968
 
System and Network Administration Chapter 2
jaramharo
 
ManageIQ - Sprint 268 Review - Slide Deck
ManageIQ
 
How to Choose the Right IT Partner for Your Business in Malaysia
Asian Business Services & Technologies
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
VVF-Customer-Presentation2025-Ver1.9.pptx
blackmambaettijean
 
AI in Product Development-omnex systems
omnex systems
 
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
TechBuilder
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
OnePlan Solutions
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
CHAPTER 2 - PM Management and IT Context
KevinPutra14
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Flood Susceptibility Mapping Using Image-Based 2D-CNN Deep Learnin. Overview ...
lawrenceomai2
 
System and Network Administraation Chapter 3
jaramharo
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
ISO 45001 Occupational Health and Safety Management System
EHA Soft Solutions
 

Hacking with PHP