1. Trang chủ
  2. » Tài Chính - Ngân Hàng

php security audit how to

26 50 0

Đang tải... (xem toàn văn)

Tài liệu hạn chế xem trước, để xem đầy đủ mời bạn chọn Tải xuống

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 26
Dung lượng 358,38 KB

Các công cụ chuyển đổi và chỉnh sửa cho tài liệu này

Nội dung

Chris ShiflettBrain Bulb chris@brainbulb.com Zend/PHP Conference & Expo San Francisco, CA 18 - 21 Oct 2005 PHP Security Audit HOWTO... What Is a PHP Security Audit?An audit is an examin

Trang 1

Chris Shiflett

Brain Bulb chris@brainbulb.com

Zend/PHP Conference & Expo

San Francisco, CA

18 - 21 Oct 2005

PHP Security Audit

HOWTO

Trang 2

What Is a PHP Security Audit?Setting the Bar

Analyzing the Design

Analyzing the Configuration

Searching the Source

More Information

Questions and Answers

Talk Outline

Trang 3

What Is a PHP Security Audit?

An audit is an examination.

Nothing should be off-limits

A PHP security audit is primarily

an examination of the source.

Other points of interest are the

design and configuration.

Trang 4

Setting the Bar

How much security do you need?Start with a minimum level

At the very least, a PHP

application should filter input

and escape output.

Trang 5

What Is Input?

Some input is obvious - form data ($_GET

and $_POST), cookies ($_COOKIE), etc.

Some input is hard to identify - $_SERVER

Sometimes it depends on your perspective -

$_SESSION, data from databases, etc.

The key is to identify the origin of data Data

that originates anywhere else is input

Trang 6

What Is Filtering?

Filtering is an inspection process.

Prove data to be valid.

Consider everything else tainted

Ensure you can easily and reliably distinguish between filtered and tainted data.

I use a strict naming convention

Trang 9

The key is to identify the destination of data

Data destined for anywhere else is output

Trang 10

In most cases, there is a function you can use.

If you must write your own, be exhaustive.

Trang 12

<?php

$mysql  = array();

$mysql ['username'] = mysql_real_escape_string ( $clean ['username']);

$sql  = "SELECT *         FROM   profile         WHERE  username = '{$mysql['username']}'";

$result  =  mysql_query ( $sql );

?>

Show Me the Code!

Trang 15

Analyzing the Configuration

Things to avoid:

register_globals

allow_url_fopen

magic_quotes_gpc display_errors

Trang 16

Searching the Source

Identify input and trace it forward

Identify output and trace

it backward

Ensure input is filtered and output is escaped

Trang 23

GotchasTrust of HTTP Headers:

Trang 25

Questions and Answers

Trang 26

Thanks for Listening!

Chris Shiflett

chris@brainbulb.com

Ngày đăng: 28/03/2018, 11:44

TÀI LIỆU CÙNG NGƯỜI DÙNG

TÀI LIỆU LIÊN QUAN