SlideShare una empresa de Scribd logo

Security.ppt

Descargar como PPT, PDF
W
webhostingguy
1 de 37
PHP Security
Two Golden Rules ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Two Golden Rules PHP Script Filter Escape Cookie Forms Referer, etc. xhtml MYSQL
Filtering ,[object Object],[object Object],[object Object]
Filter example $clean = array (); if ( ctype_alnum ($_POST[ 'username' ])) { $clean[ 'username' ] = $_POST[ 'username' ]; }
Filter example $clean = array (); if ( ctype_alnum ($_POST[ 'username' ])) { $clean[ 'username' ] = $_POST[ 'username' ]; } $clean = array (); Initialise an array to store filtered data.
Filter example $clean = array (); if ( ctype_alnum ($_POST[ 'username' ])) { $clean[ 'username' ] = $_POST[ 'username' ]; } if ( ctype_alnum ($_POST[ 'username' ])) Inspect username to make sure that it is alphanumeric.
Filter example $clean = array (); if ( ctype_alnum ($_POST[ 'username' ])) { $clean[ 'username' ] = $_POST[ 'username' ]; } $clean[ 'username' ] = $_POST[ 'username' ]; If it is, store it in the array.
Escaping Output ,[object Object],[object Object],[object Object]
Escape example $xhtml = array (); $xhtml[ 'username' ] = htmlentities ($clean[ 'username' ], ENT_QUOTES , 'UTF-8' ); echo &quot;<p>Welcome back, {$xhtml[ 'username' ]} .</p>&quot; ;
Escape example $xhtml = array (); $xhtml[ 'username' ] = htmlentities ($clean[ 'username' ], ENT_QUOTES , 'UTF-8' ); echo &quot;<p>Welcome back, {$xhtml[ 'username' ]} .</p>&quot; ; $xhtml = array (); Initialize an array for storing escaped data.
Escape example $xhtml = array (); $xhtml[ 'username' ] = htmlentities ($clean[ 'username' ], ENT_QUOTES , 'UTF-8' ); echo &quot;<p>Welcome back, {$xhtml[ 'username' ]} .</p>&quot; ; $xhtml[ 'username' ] = htmlentities ($clean[ 'username' ], ENT_QUOTES , 'UTF-8' ); Escape the filtered username, and store it in the array.
Escape example $xhtml = array (); $xhtml[ 'username' ] = htmlentities ($clean[ 'username' ], ENT_QUOTES , 'UTF-8' ); echo &quot;<p>Welcome back, {$xhtml[ 'username' ]} .</p>&quot; ; echo &quot;<p>Welcome back, {$xhtml[ 'username' ]} .</p>&quot; ; Send the filtered and escaped username to the client.
That’s it! ,[object Object],[object Object],[object Object]
Register Globals: Eh? ,[object Object],[object Object],[object Object],[object Object],[object Object]
Register Globals: Example ,[object Object],[object Object],[object Object],[object Object]
Register Globals: Solution ,[object Object],[object Object]
Spoofed Forms: Eh? ,[object Object],[object Object]
Spoofed Forms: Example ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Spoofed Forms: Solution ,[object Object],[object Object]
Session Fixation: Eh? ,[object Object],[object Object]
Session Fixation: Eh? ,[object Object],… < a href=“http://example.com/index.php ?PHPSESSID=1234 ” …
Session Fixation: Eh? ,[object Object],[object Object],[object Object]
Session Fixation: Solution ,[object Object],[object Object]
Session Fixation: Solution ,[object Object],[object Object]
SQL Injection: Eh? ,[object Object]
SQL Injection: Example ,[object Object],[object Object],[object Object]
SQL Injection: Example ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injection: Solution ,[object Object],[object Object],[object Object]
Accessing Credentials ,[object Object],[object Object]
Accessing Credentials ,[object Object],[object Object],[object Object],[object Object],best worst
Cross-Site Scripting (XSS) ,[object Object],[object Object],[object Object]
XXS: The Solution ,[object Object],[object Object],[object Object],[object Object]
The ‘magic’ of PHP ,[object Object],[object Object],[object Object]
The ‘magic’ of PHP: banished! ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Phew.. But don’t panic! ,[object Object],[object Object]
Review ,[object Object],[object Object],[object Object],[object Object],[object Object]

Recomendados

Php Security3895
Php Security3895Php Security3895
Php Security3895Aung Khant
 
Introduction to PHP Lecture 1
Introduction to PHP Lecture 1Introduction to PHP Lecture 1
Introduction to PHP Lecture 1Ajay Khatri
 
PHP Security
PHP SecurityPHP Security
PHP Securitymanugoel2003
 
Open Source Package PHP & MySQL
Open Source Package PHP & MySQLOpen Source Package PHP & MySQL
Open Source Package PHP & MySQLkalaisai
 
Learn php with PSK
Learn php with PSKLearn php with PSK
Learn php with PSKPrabhjot Singh Kainth
 
Jquery presentation
Jquery presentationJquery presentation
Jquery presentationguest5d87aa6
 
PHP
PHP PHP
PHP webhostingguy
 
Building Data Mapper PHP5
Building Data Mapper PHP5Building Data Mapper PHP5
Building Data Mapper PHP5Vance Lucas
 

Recomendados

Php Security3895
Php Security3895Php Security3895
Php Security3895Aung Khant
 
Introduction to PHP Lecture 1
Introduction to PHP Lecture 1Introduction to PHP Lecture 1
Introduction to PHP Lecture 1Ajay Khatri
 
PHP Security
PHP SecurityPHP Security
PHP Securitymanugoel2003
 
Open Source Package PHP & MySQL
Open Source Package PHP & MySQLOpen Source Package PHP & MySQL
Open Source Package PHP & MySQLkalaisai
 
Learn php with PSK
Learn php with PSKLearn php with PSK
Learn php with PSKPrabhjot Singh Kainth
 
Jquery presentation
Jquery presentationJquery presentation
Jquery presentationguest5d87aa6
 
PHP
PHP PHP
PHP webhostingguy
 
Building Data Mapper PHP5
Building Data Mapper PHP5Building Data Mapper PHP5
Building Data Mapper PHP5Vance Lucas
 
What's new, what's hot in PHP 5.3
What's new, what's hot in PHP 5.3What's new, what's hot in PHP 5.3
What's new, what's hot in PHP 5.3Jeremy Coates
 
Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Stephan Schmidt
 
XML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARXML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARStephan Schmidt
 
PHP and MySQL
PHP and MySQLPHP and MySQL
PHP and MySQLwebhostingguy
 
Intro to Php Security
Intro to Php SecurityIntro to Php Security
Intro to Php SecurityDave Ross
 
Php Tutorials for Beginners
Php Tutorials for BeginnersPhp Tutorials for Beginners
Php Tutorials for BeginnersVineet Kumar Saini
 
Web Security - Hands-on
Web Security - Hands-onWeb Security - Hands-on
Web Security - Hands-onAndrea Valenza
 
Php mysql ppt
Php mysql pptPhp mysql ppt
Php mysql pptKarmatechnologies Pvt. Ltd.
 
Class 2 - Introduction to PHP
Class 2 - Introduction to PHPClass 2 - Introduction to PHP
Class 2 - Introduction to PHPAhmed Swilam
 
Data Types In PHP
Data Types In PHPData Types In PHP
Data Types In PHPMark Niebergall
 
User authentication module using php
User authentication module using phpUser authentication module using php
User authentication module using phpRishabh Srivastava
 
Jquery 4
Jquery 4Jquery 4
Jquery 4Manish Kumar Singh
 
Solr's Search Relevancy (Understand Solr's query debug)
Solr's Search Relevancy (Understand Solr's query debug)Solr's Search Relevancy (Understand Solr's query debug)
Solr's Search Relevancy (Understand Solr's query debug)Wongnai
 
FYBSC IT Web Programming Unit III Javascript
FYBSC IT Web Programming Unit III JavascriptFYBSC IT Web Programming Unit III Javascript
FYBSC IT Web Programming Unit III JavascriptArti Parab Academics
 
Phphacku iitd
Phphacku iitdPhphacku iitd
Phphacku iitdSorabh Jain
 
Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Stephan Schmidt
 
Jsp And Jdbc
Jsp And JdbcJsp And Jdbc
Jsp And JdbcRoy Antony Arnold G
 
Php MySql For Beginners
Php MySql For BeginnersPhp MySql For Beginners
Php MySql For BeginnersPriti Solanki
 
Tier 1 - Mac Virtual Machines and Virtual PC. Automation and ...
Tier 1 - Mac Virtual Machines and Virtual PC. Automation and ...Tier 1 - Mac Virtual Machines and Virtual PC. Automation and ...
Tier 1 - Mac Virtual Machines and Virtual PC. Automation and ...webhostingguy
 
download presentation
download presentationdownload presentation
download presentationwebhostingguy
 
Space Review.ppt
Space Review.pptSpace Review.ppt
Space Review.pptwebhostingguy
 
Seasons
SeasonsSeasons
Seasonswebhostingguy
 

Más contenido relacionado

La actualidad más candente

What's new, what's hot in PHP 5.3
What's new, what's hot in PHP 5.3What's new, what's hot in PHP 5.3
What's new, what's hot in PHP 5.3Jeremy Coates
 
Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Stephan Schmidt
 
XML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARXML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARStephan Schmidt
 
Intro to Php Security
Intro to Php SecurityIntro to Php Security
Intro to Php SecurityDave Ross
 
Web Security - Hands-on
Web Security - Hands-onWeb Security - Hands-on
Web Security - Hands-onAndrea Valenza
 
Class 2 - Introduction to PHP
Class 2 - Introduction to PHPClass 2 - Introduction to PHP
Class 2 - Introduction to PHPAhmed Swilam
 
User authentication module using php
User authentication module using phpUser authentication module using php
User authentication module using phpRishabh Srivastava
 
Solr's Search Relevancy (Understand Solr's query debug)
Solr's Search Relevancy (Understand Solr's query debug)Solr's Search Relevancy (Understand Solr's query debug)
Solr's Search Relevancy (Understand Solr's query debug)Wongnai
 
FYBSC IT Web Programming Unit III Javascript
FYBSC IT Web Programming Unit III JavascriptFYBSC IT Web Programming Unit III Javascript
FYBSC IT Web Programming Unit III JavascriptArti Parab Academics
 
Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Stephan Schmidt
 
Php MySql For Beginners
Php MySql For BeginnersPhp MySql For Beginners
Php MySql For BeginnersPriti Solanki
 

La actualidad más candente (18)

What's new, what's hot in PHP 5.3
What's new, what's hot in PHP 5.3What's new, what's hot in PHP 5.3
What's new, what's hot in PHP 5.3
 
Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5Go OO! - Real-life Design Patterns in PHP 5
Go OO! - Real-life Design Patterns in PHP 5
 
XML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEARXML and Web Services with PHP5 and PEAR
XML and Web Services with PHP5 and PEAR
 
PHP and MySQL
PHP and MySQLPHP and MySQL
PHP and MySQL
 
Intro to Php Security
Intro to Php SecurityIntro to Php Security
Intro to Php Security
 
Php Tutorials for Beginners
Php Tutorials for BeginnersPhp Tutorials for Beginners
Php Tutorials for Beginners
 
Web Security - Hands-on
Web Security - Hands-onWeb Security - Hands-on
Web Security - Hands-on
 
Php mysql ppt
Php mysql pptPhp mysql ppt
Php mysql ppt
 
Class 2 - Introduction to PHP
Class 2 - Introduction to PHPClass 2 - Introduction to PHP
Class 2 - Introduction to PHP
 
Data Types In PHP
Data Types In PHPData Types In PHP
Data Types In PHP
 
User authentication module using php
User authentication module using phpUser authentication module using php
User authentication module using php
 
Jquery 4
Jquery 4Jquery 4
Jquery 4
 
Solr's Search Relevancy (Understand Solr's query debug)
Solr's Search Relevancy (Understand Solr's query debug)Solr's Search Relevancy (Understand Solr's query debug)
Solr's Search Relevancy (Understand Solr's query debug)
 
FYBSC IT Web Programming Unit III Javascript
FYBSC IT Web Programming Unit III JavascriptFYBSC IT Web Programming Unit III Javascript
FYBSC IT Web Programming Unit III Javascript
 
Phphacku iitd
Phphacku iitdPhphacku iitd
Phphacku iitd
 
Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4Inroduction to XSLT with PHP4
Inroduction to XSLT with PHP4
 
Jsp And Jdbc
Jsp And JdbcJsp And Jdbc
Jsp And Jdbc
 
Php MySql For Beginners
Php MySql For BeginnersPhp MySql For Beginners
Php MySql For Beginners
 

Destacado

Tier 1 - Mac Virtual Machines and Virtual PC. Automation and ...
Tier 1 - Mac Virtual Machines and Virtual PC. Automation and ...Tier 1 - Mac Virtual Machines and Virtual PC. Automation and ...
Tier 1 - Mac Virtual Machines and Virtual PC. Automation and ...webhostingguy
 
download presentation
download presentationdownload presentation
download presentationwebhostingguy
 
Managing Clients' Mission Critical Applications
Managing Clients' Mission Critical ApplicationsManaging Clients' Mission Critical Applications
Managing Clients' Mission Critical Applicationswebhostingguy
 

Destacado (7)

Tier 1 - Mac Virtual Machines and Virtual PC. Automation and ...
Tier 1 - Mac Virtual Machines and Virtual PC. Automation and ...Tier 1 - Mac Virtual Machines and Virtual PC. Automation and ...
Tier 1 - Mac Virtual Machines and Virtual PC. Automation and ...
 
download presentation
download presentationdownload presentation
download presentation
 
Space Review.ppt
Space Review.pptSpace Review.ppt
Space Review.ppt
 
Seasons
SeasonsSeasons
Seasons
 
ZendCon 08 php 5.3
ZendCon 08 php 5.3ZendCon 08 php 5.3
ZendCon 08 php 5.3
 
Presentation
PresentationPresentation
Presentation
 
Managing Clients' Mission Critical Applications
Managing Clients' Mission Critical ApplicationsManaging Clients' Mission Critical Applications
Managing Clients' Mission Critical Applications
 

Similar a Security.ppt

Concern of Web Application Security
Concern of Web Application SecurityConcern of Web Application Security
Concern of Web Application SecurityMahmud Ahsan
 
2009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 1012009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 101brian_dailey
 
Website Security
Website SecurityWebsite Security
Website SecurityCarlos Z
 
Website Security
Website SecurityWebsite Security
Website SecurityMODxpo
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSiddhesh Bhobe
 
Php My Sql Security 2007
Php My Sql Security 2007Php My Sql Security 2007
Php My Sql Security 2007Aung Khant
 
Joomla security nuggets
Joomla security nuggetsJoomla security nuggets
Joomla security nuggetsguestbd1cdca
 
General Principles of Web Security
General Principles of Web SecurityGeneral Principles of Web Security
General Principles of Web Securityjemond
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009mirahman
 
Php Security By Mugdha And Anish
Php Security By Mugdha And AnishPhp Security By Mugdha And Anish
Php Security By Mugdha And AnishOSSCube
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsAleksandr Yampolskiy
 
Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9isadorta
 
P H P Part I I, By Kian
P H P Part I I, By KianP H P Part I I, By Kian
P H P Part I I, By Kianphelios
 

Similar a Security.ppt (20)

Concern of Web Application Security
Concern of Web Application SecurityConcern of Web Application Security
Concern of Web Application Security
 
Php security3895
Php security3895Php security3895
Php security3895
 
2009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 1012009 Barcamp Nashville Web Security 101
2009 Barcamp Nashville Web Security 101
 
Website Security
Website SecurityWebsite Security
Website Security
 
Website Security
Website SecurityWebsite Security
Website Security
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHP
 
secure php
secure phpsecure php
secure php
 
Sql Injection Attacks Siddhesh
Sql Injection Attacks SiddheshSql Injection Attacks Siddhesh
Sql Injection Attacks Siddhesh
 
Php My Sql Security 2007
Php My Sql Security 2007Php My Sql Security 2007
Php My Sql Security 2007
 
Joomla security nuggets
Joomla security nuggetsJoomla security nuggets
Joomla security nuggets
 
General Principles of Web Security
General Principles of Web SecurityGeneral Principles of Web Security
General Principles of Web Security
 
Web Security
Web SecurityWeb Security
Web Security
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
 
PHP Security
PHP SecurityPHP Security
PHP Security
 
Php Security By Mugdha And Anish
Php Security By Mugdha And AnishPhp Security By Mugdha And Anish
Php Security By Mugdha And Anish
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
 
Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9Open Source Package Php Mysql 1228203701094763 9
Open Source Package Php Mysql 1228203701094763 9
 
SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
 
P H P Part I I, By Kian
P H P Part I I, By KianP H P Part I I, By Kian
P H P Part I I, By Kian
 

Más de webhostingguy

Running and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test FrameworkRunning and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test Frameworkwebhostingguy
 
MySQL and memcached Guide
MySQL and memcached GuideMySQL and memcached Guide
MySQL and memcached Guidewebhostingguy
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3webhostingguy
 
Load-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web serversLoad-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web serverswebhostingguy
 
SQL Server 2008 Consolidation
SQL Server 2008 ConsolidationSQL Server 2008 Consolidation
SQL Server 2008 Consolidationwebhostingguy
 
Master Service Agreement
Master Service AgreementMaster Service Agreement
Master Service Agreementwebhostingguy
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...webhostingguy
 
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...webhostingguy
 
Managing Diverse IT Infrastructure
Managing Diverse IT InfrastructureManaging Diverse IT Infrastructure
Managing Diverse IT Infrastructurewebhostingguy
 
Web design for business.ppt
Web design for business.pptWeb design for business.ppt
Web design for business.pptwebhostingguy
 
IT Power Management Strategy
IT Power Management Strategy IT Power Management Strategy
IT Power Management Strategy webhostingguy
 
Excel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for MerchandisersExcel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for Merchandiserswebhostingguy
 
Parallels Hosting Products
Parallels Hosting ProductsParallels Hosting Products
Parallels Hosting Productswebhostingguy
 
Microsoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 MbMicrosoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 Mbwebhostingguy
 

Más de webhostingguy (20)

File Upload
File UploadFile Upload
File Upload
 
Running and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test FrameworkRunning and Developing Tests with the Apache::Test Framework
Running and Developing Tests with the Apache::Test Framework
 
MySQL and memcached Guide
MySQL and memcached GuideMySQL and memcached Guide
MySQL and memcached Guide
 
Novell® iChain® 2.3
Novell® iChain® 2.3Novell® iChain® 2.3
Novell® iChain® 2.3
 
Load-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web serversLoad-balancing web servers Load-balancing web servers
Load-balancing web servers Load-balancing web servers
 
SQL Server 2008 Consolidation
SQL Server 2008 ConsolidationSQL Server 2008 Consolidation
SQL Server 2008 Consolidation
 
What is mod_perl?
What is mod_perl?What is mod_perl?
What is mod_perl?
 
What is mod_perl?
What is mod_perl?What is mod_perl?
What is mod_perl?
 
Master Service Agreement
Master Service AgreementMaster Service Agreement
Master Service Agreement
 
Notes8
Notes8Notes8
Notes8
 
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...PHP and MySQL PHP Written as a set of CGI binaries in C in ...
PHP and MySQL PHP Written as a set of CGI binaries in C in ...
 
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...Dell Reference Architecture Guide Deploying Microsoft® SQL ...
Dell Reference Architecture Guide Deploying Microsoft® SQL ...
 
Managing Diverse IT Infrastructure
Managing Diverse IT InfrastructureManaging Diverse IT Infrastructure
Managing Diverse IT Infrastructure
 
Web design for business.ppt
Web design for business.pptWeb design for business.ppt
Web design for business.ppt
 
IT Power Management Strategy
IT Power Management Strategy IT Power Management Strategy
IT Power Management Strategy
 
Excel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for MerchandisersExcel and SQL Quick Tricks for Merchandisers
Excel and SQL Quick Tricks for Merchandisers
 
OLUG_xen.ppt
OLUG_xen.pptOLUG_xen.ppt
OLUG_xen.ppt
 
Parallels Hosting Products
Parallels Hosting ProductsParallels Hosting Products
Parallels Hosting Products
 
Microsoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 MbMicrosoft PowerPoint presentation 2.175 Mb
Microsoft PowerPoint presentation 2.175 Mb
 
Reseller's Guide
Reseller's GuideReseller's Guide
Reseller's Guide
 

Security.ppt

  • 2.
  • 3. Two Golden Rules PHP Script Filter Escape Cookie Forms Referer, etc. xhtml MYSQL
  • 4.
  • 5. Filter example $clean = array (); if ( ctype_alnum ($_POST[ 'username' ])) { $clean[ 'username' ] = $_POST[ 'username' ]; }
  • 6. Filter example $clean = array (); if ( ctype_alnum ($_POST[ 'username' ])) { $clean[ 'username' ] = $_POST[ 'username' ]; } $clean = array (); Initialise an array to store filtered data.
  • 7. Filter example $clean = array (); if ( ctype_alnum ($_POST[ 'username' ])) { $clean[ 'username' ] = $_POST[ 'username' ]; } if ( ctype_alnum ($_POST[ 'username' ])) Inspect username to make sure that it is alphanumeric.
  • 8. Filter example $clean = array (); if ( ctype_alnum ($_POST[ 'username' ])) { $clean[ 'username' ] = $_POST[ 'username' ]; } $clean[ 'username' ] = $_POST[ 'username' ]; If it is, store it in the array.
  • 9.
  • 10. Escape example $xhtml = array (); $xhtml[ 'username' ] = htmlentities ($clean[ 'username' ], ENT_QUOTES , 'UTF-8' ); echo &quot;<p>Welcome back, {$xhtml[ 'username' ]} .</p>&quot; ;
  • 11. Escape example $xhtml = array (); $xhtml[ 'username' ] = htmlentities ($clean[ 'username' ], ENT_QUOTES , 'UTF-8' ); echo &quot;<p>Welcome back, {$xhtml[ 'username' ]} .</p>&quot; ; $xhtml = array (); Initialize an array for storing escaped data.
  • 12. Escape example $xhtml = array (); $xhtml[ 'username' ] = htmlentities ($clean[ 'username' ], ENT_QUOTES , 'UTF-8' ); echo &quot;<p>Welcome back, {$xhtml[ 'username' ]} .</p>&quot; ; $xhtml[ 'username' ] = htmlentities ($clean[ 'username' ], ENT_QUOTES , 'UTF-8' ); Escape the filtered username, and store it in the array.
  • 13. Escape example $xhtml = array (); $xhtml[ 'username' ] = htmlentities ($clean[ 'username' ], ENT_QUOTES , 'UTF-8' ); echo &quot;<p>Welcome back, {$xhtml[ 'username' ]} .</p>&quot; ; echo &quot;<p>Welcome back, {$xhtml[ 'username' ]} .</p>&quot; ; Send the filtered and escaped username to the client.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
  • 20.
  • 21.
  • 22.
  • 23.
  • 24.
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31.
  • 32.
  • 33.
  • 34.
  • 35.
  • 36.
  • 37.