View
215
Download
0
Category
Preview:
DESCRIPTION
Basic Steps Consider illegitimate uses of your application. Educate yourself. If nothing else: FILTER ALL INPUT DATA ESCAPE ALL OUTPUT DATA
Citation preview
Security Khaled Al-Sham’aa
What Is Security?
• Security is a measurement, not a characteristic.
• Security must be balanced with expense.
• Security must be balanced with usability.
• Security must be part of the design.
Basic Steps
• Consider illegitimate uses of your application.
• Educate yourself.
• If nothing else:
FILTER ALL INPUT DATAESCAPE ALL OUTPUT DATA
Register Globals (1)
Register Globals (2)
Filtering (1)
Filtering (2)
Filtering (3)
Form Processing (1)
Form Processing (2)
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS) 1
Cross-Site Scripting (XSS) 2
Cross-Site Scripting (XSS) 3
• htmlentities()• strip_tags()• utf8_decode()
Session Hijacking
SQL Injection (example 1)
<form method="post" action="http://www.example.com/login.php">
<input name="user" type="text"><input name="pwd" type="password">
</form>
SQL Injection (example 1) con.
• SELECT `id` FROM `logins` WHERE `username` = '$user' AND `password` = '$pwd'
• $user = “Khaled”;• $pwd = “anything' OR 'x'='x”;
• SELECT `id` FROM `logins` WHERE `username` = 'Khaled' AND `password` = 'anything' OR 'x'='x'
SQL Injection (example 2)
• $query = “UPDATE usertable SET pwd='$pwd' WHERE uid='$uid' ”;
• $pwd = “abc”;• $uid = “anything' or uid='admin'; -- ”;
• $query = “UPDATE usertable SET pwd='abc' WHERE uid= 'anything' or uid='admin'; -- ' ”;
Avoiding SQL Injection
• mysql_real_escape_string()
• for PHP version < 4.3.0 use addslashes()
• Prepared Statements
Questions
Recommended