Command Center

#!/bin/GREPing a '[programmer][sysadmin]' with Killer Skillz

Rss 2.0

Wednesday, December 23, 2009

PHP Security Guide

Category: 2dos, PHP, Security — SkyHi @ Wednesday, December 23, 2009
Table of Contents
1. Overview
1.1 What Is Security?
1.2 Basic Steps
1.3 Register Globals
1.4 Data Filtering
1.4.1 The Dispatch Method
1.4.2 The Include Method
1.4.3 Filtering Examples
1.4.4 Naming Conventions
1.4.5 Timing
1.5 Error Reporting
2. Form Processing
2.1 Spoofed Form Submissions
2.2 Spoofed HTTP Requests
2.3 Cross-Site Scripting
2.4 Cross-Site Request Forgeries
3. Databases and SQL
3.1 Exposed Access Credentials
3.2 SQL Injection
4. Sessions
4.1 Session Fixation
4.2 Session Hijacking
5. Shared Hosts
5.1 Exposed Session Data
5.2 Browsing the Filesystem
6. About
6.1 About This Guide
6.2 About the PHP Security Consortium
6.3 More Information

Reference: http://phpsec.org/projects/guide/

Newer Post Older Post Home

Labels

  • 2dos (11)
  • Active Directory (2)
  • Adobe (1)
  • AIDE (1)
  • Amanda (4)
  • Amavisd-new ClamAv Spamassassin (12)
  • Amazon EC2 (2)
  • Android (6)
  • Anti-virus (1)
  • Apache (87)
  • APC (2)
  • awk (3)
  • Awstats (6)
  • Backup (35)
  • Bacula (9)
  • bash (37)
  • Bind DNS (51)
  • Blogger (9)
  • Bookmarks (1)
  • Bulkmail (3)
  • Caching (3)
  • Cacti (2)
  • CakePHP (1)
  • Centos (100)
  • Centos 6 (12)
  • Centos minimal services (10)
  • CentOS/RedHat (12)
  • Cheatsheets (16)
  • Cisco (19)
  • clone migrate (9)
  • Clonezilla (2)
  • Cloud (1)
  • Comodo Firewall (3)
  • Compare_files (1)
  • Compile LAMP (2)
  • cPanel (15)
  • crontab (2)
  • CSS (6)
  • Curl (2)
  • Cygwin (3)
  • DEB_APT (4)
  • Debian (17)
  • Dell Server (1)
  • DHCP (4)
  • Django (1)
  • DOS attack (10)
  • Dovecot (7)
  • DRBD (28)
  • Drupal (3)
  • ebook (1)
  • encoding (1)
  • exploits (2)
  • fail2ban (7)
  • ffmpeg (9)
  • find (12)
  • find_and_replace (2)
  • Firefox (1)
  • flowplayer (1)
  • FreeBSD (7)
  • FreeNAS (3)
  • Git (2)
  • GLPI (1)
  • GlusterFS (3)
  • GNU screen (16)
  • Google Chrome (1)
  • grsecurity (3)
  • Hack (36)
  • Hard Drive (5)
  • Hardware (22)
  • Heartbeat (19)
  • High Availability (35)
  • Hosting (3)
  • howto (1)
  • HP Proliant (2)
  • htaccess (4)
  • HTML (2)
  • iApple (2)
  • ImageMagick (1)
  • iPhone (1)
  • IPMI (1)
  • ipplan (1)
  • IPsec (2)
  • iptables (24)
  • ipv6 (11)
  • iscsi (3)
  • ISPConfig (2)
  • Javascript (2)
  • JBoss (1)
  • Joomla (1)
  • Kernel (11)
  • KVM (1)
  • Life (2)
  • Linux (88)
  • Linux_admin_tool (4)
  • Linux-HA (33)
  • Load Balancer (4)
  • logrotate (1)
  • LogWatch (9)
  • LVM (6)
  • Mac OS (31)
  • malware (2)
  • mediawiki (2)
  • Memcached (7)
  • Misc (2)
  • Mobile (1)
  • mod_evasive (5)
  • mod_rewrite (22)
  • mod_security (12)
  • mrtg (2)
  • Music (1)
  • MySQL (84)
  • Nagios Icinga (6)
  • NAT (1)
  • Netapp (1)
  • netcat (1)
  • Networking (27)
  • NFS (2)
  • Nginx (15)
  • Nmap (2)
  • NoSQL (2)
  • NTP (1)
  • OCSinventory (1)
  • OpenVPN (9)
  • OpenVZ (5)
  • Oracle (2)
  • outlook (1)
  • Parsing Data (6)
  • PCI Compliance (2)
  • Performance Tune (39)
  • Perl (22)
  • Permission (10)
  • pfSense (6)
  • PHP (123)
  • phpBB (1)
  • phpMyAdmin (3)
  • Postfix (86)
  • PostfixAdmin (1)
  • PostgreSQL (1)
  • Printer (1)
  • Problem Set (1)
  • Proftpd (15)
  • Programming Talk (12)
  • proverbs (1)
  • Proxy (1)
  • Puppet (2)
  • putty (1)
  • Python (5)
  • RAID (19)
  • Regular Expression (3)
  • Reverse Proxy (2)
  • RHEL (3)
  • RHEV (2)
  • rootkits (2)
  • rsync (11)
  • Rsyslog (1)
  • Samba (22)
  • SAN (2)
  • scripts (47)
  • Security (73)
  • SELinux (4)
  • Sendmail (82)
  • SEO (17)
  • Smart_Phone (1)
  • smartd (2)
  • SMTP Auth (3)
  • Solaris (2)
  • Spam (5)
  • SQL Injection (6)
  • Squirrelmail Autoresponder (10)
  • ssh (15)
  • SSL (2)
  • strace (1)
  • Subversion (9)
  • sudo (6)
  • Suhosin (7)
  • suPHP (30)
  • sysadmin (1)
  • tmux (7)
  • Tomcat (1)
  • Tools (5)
  • TrueCrypt (5)
  • Ubuntu (104)
  • Unicode (2)
  • Varnish (1)
  • Vim (23)
  • Virtulization (1)
  • VMware ESX Vsphere (27)
  • VMware Workstation (4)
  • vnc (5)
  • VOIP (3)
  • VPN (2)
  • vsftpd (10)
  • w00t (6)
  • Webdev (5)
  • wget (13)
  • Windows (40)
  • Windows 7 (35)
  • Windows 8 (1)
  • Windows excel (3)
  • Windows Exchange 2003 (1)
  • Windows Exchange 2007 (5)
  • Windows Hyper-V (1)
  • Windows HyperV (1)
  • Windows IE (2)
  • Windows IIS (9)
  • Windows Office (1)
  • Windows Outlook (56)
  • Windows Security (1)
  • Windows Server (13)
  • Windows Server 2003 (11)
  • Windows Server 2008 (18)
  • Windows Server 2012 (1)
  • Windows SMTP (1)
  • Windows Terminal Server (1)
  • Windows XP (3)
  • Wireless (8)
  • Wordpress (18)
  • xdebug (3)
  • Xen (2)
  • XSS (5)
  • Yum RPM (37)
  • ZFS (2)

Blog Archive

  • ►  2014 (3)
    • ►  06/22 - 06/29 (1)
    • ►  04/06 - 04/13 (1)
    • ►  03/23 - 03/30 (1)
  • ►  2013 (33)
    • ►  12/15 - 12/22 (2)
    • ►  09/08 - 09/15 (1)
    • ►  08/25 - 09/01 (3)
    • ►  08/18 - 08/25 (2)
    • ►  07/21 - 07/28 (1)
    • ►  07/14 - 07/21 (1)
    • ►  06/16 - 06/23 (1)
    • ►  06/09 - 06/16 (1)
    • ►  05/19 - 05/26 (1)
    • ►  04/28 - 05/05 (1)
    • ►  04/21 - 04/28 (1)
    • ►  04/14 - 04/21 (2)
    • ►  03/24 - 03/31 (1)
    • ►  03/17 - 03/24 (1)
    • ►  03/10 - 03/17 (1)
    • ►  02/24 - 03/03 (3)
    • ►  02/17 - 02/24 (1)
    • ►  02/03 - 02/10 (1)
    • ►  01/27 - 02/03 (1)
    • ►  01/13 - 01/20 (2)
    • ►  01/06 - 01/13 (5)
  • ►  2012 (181)
    • ►  12/30 - 01/06 (3)
    • ►  12/16 - 12/23 (7)
    • ►  12/09 - 12/16 (2)
    • ►  12/02 - 12/09 (1)
    • ►  11/25 - 12/02 (3)
    • ►  11/18 - 11/25 (2)
    • ►  10/21 - 10/28 (2)
    • ►  10/14 - 10/21 (2)
    • ►  10/07 - 10/14 (2)
    • ►  09/09 - 09/16 (1)
    • ►  09/02 - 09/09 (1)
    • ►  08/26 - 09/02 (4)
    • ►  08/19 - 08/26 (6)
    • ►  08/12 - 08/19 (26)
    • ►  08/05 - 08/12 (7)
    • ►  07/29 - 08/05 (3)
    • ►  07/22 - 07/29 (6)
    • ►  07/15 - 07/22 (2)
    • ►  07/08 - 07/15 (5)
    • ►  07/01 - 07/08 (1)
    • ►  06/24 - 07/01 (2)
    • ►  06/17 - 06/24 (9)
    • ►  06/10 - 06/17 (2)
    • ►  06/03 - 06/10 (7)
    • ►  05/27 - 06/03 (8)
    • ►  05/13 - 05/20 (1)
    • ►  05/06 - 05/13 (1)
    • ►  04/22 - 04/29 (2)
    • ►  04/15 - 04/22 (4)
    • ►  04/08 - 04/15 (3)
    • ►  03/18 - 03/25 (2)
    • ►  03/11 - 03/18 (7)
    • ►  03/04 - 03/11 (6)
    • ►  02/26 - 03/04 (3)
    • ►  02/19 - 02/26 (3)
    • ►  02/12 - 02/19 (2)
    • ►  02/05 - 02/12 (3)
    • ►  01/29 - 02/05 (3)
    • ►  01/22 - 01/29 (7)
    • ►  01/15 - 01/22 (6)
    • ►  01/08 - 01/15 (8)
    • ►  01/01 - 01/08 (6)
  • ►  2011 (284)
    • ►  12/25 - 01/01 (5)
    • ►  12/18 - 12/25 (7)
    • ►  12/11 - 12/18 (9)
    • ►  12/04 - 12/11 (13)
    • ►  11/27 - 12/04 (8)
    • ►  11/20 - 11/27 (3)
    • ►  11/13 - 11/20 (4)
    • ►  11/06 - 11/13 (8)
    • ►  10/30 - 11/06 (5)
    • ►  10/23 - 10/30 (1)
    • ►  10/16 - 10/23 (11)
    • ►  10/09 - 10/16 (2)
    • ►  10/02 - 10/09 (3)
    • ►  09/25 - 10/02 (8)
    • ►  09/18 - 09/25 (9)
    • ►  09/11 - 09/18 (5)
    • ►  09/04 - 09/11 (4)
    • ►  08/28 - 09/04 (9)
    • ►  08/21 - 08/28 (3)
    • ►  08/14 - 08/21 (1)
    • ►  08/07 - 08/14 (3)
    • ►  07/31 - 08/07 (2)
    • ►  07/24 - 07/31 (6)
    • ►  07/17 - 07/24 (2)
    • ►  07/10 - 07/17 (6)
    • ►  07/03 - 07/10 (10)
    • ►  06/26 - 07/03 (6)
    • ►  06/19 - 06/26 (8)
    • ►  06/12 - 06/19 (5)
    • ►  06/05 - 06/12 (6)
    • ►  05/29 - 06/05 (4)
    • ►  05/22 - 05/29 (3)
    • ►  05/15 - 05/22 (8)
    • ►  05/08 - 05/15 (6)
    • ►  05/01 - 05/08 (8)
    • ►  04/24 - 05/01 (1)
    • ►  04/17 - 04/24 (2)
    • ►  04/10 - 04/17 (3)
    • ►  04/03 - 04/10 (3)
    • ►  03/27 - 04/03 (6)
    • ►  03/20 - 03/27 (3)
    • ►  03/13 - 03/20 (8)
    • ►  03/06 - 03/13 (7)
    • ►  02/27 - 03/06 (5)
    • ►  02/20 - 02/27 (4)
    • ►  02/13 - 02/20 (6)
    • ►  02/06 - 02/13 (4)
    • ►  01/30 - 02/06 (1)
    • ►  01/23 - 01/30 (5)
    • ►  01/16 - 01/23 (11)
    • ►  01/09 - 01/16 (6)
    • ►  01/02 - 01/09 (8)
  • ►  2010 (750)
    • ►  12/26 - 01/02 (8)
    • ►  12/19 - 12/26 (7)
    • ►  12/12 - 12/19 (3)
    • ►  12/05 - 12/12 (8)
    • ►  11/28 - 12/05 (11)
    • ►  11/21 - 11/28 (8)
    • ►  11/14 - 11/21 (1)
    • ►  11/07 - 11/14 (27)
    • ►  10/31 - 11/07 (6)
    • ►  10/24 - 10/31 (6)
    • ►  10/17 - 10/24 (7)
    • ►  10/10 - 10/17 (4)
    • ►  10/03 - 10/10 (6)
    • ►  09/26 - 10/03 (4)
    • ►  09/19 - 09/26 (4)
    • ►  09/12 - 09/19 (13)
    • ►  09/05 - 09/12 (13)
    • ►  08/29 - 09/05 (7)
    • ►  08/22 - 08/29 (17)
    • ►  08/15 - 08/22 (5)
    • ►  08/08 - 08/15 (11)
    • ►  08/01 - 08/08 (3)
    • ►  07/25 - 08/01 (5)
    • ►  07/18 - 07/25 (8)
    • ►  07/11 - 07/18 (13)
    • ►  07/04 - 07/11 (9)
    • ►  06/27 - 07/04 (15)
    • ►  06/20 - 06/27 (13)
    • ►  06/13 - 06/20 (40)
    • ►  06/06 - 06/13 (23)
    • ►  05/30 - 06/06 (33)
    • ►  05/23 - 05/30 (37)
    • ►  05/16 - 05/23 (21)
    • ►  05/09 - 05/16 (10)
    • ►  05/02 - 05/09 (8)
    • ►  04/25 - 05/02 (19)
    • ►  04/18 - 04/25 (13)
    • ►  04/11 - 04/18 (19)
    • ►  04/04 - 04/11 (10)
    • ►  03/28 - 04/04 (16)
    • ►  03/21 - 03/28 (11)
    • ►  03/14 - 03/21 (4)
    • ►  03/07 - 03/14 (8)
    • ►  02/28 - 03/07 (7)
    • ►  02/21 - 02/28 (12)
    • ►  02/14 - 02/21 (50)
    • ►  02/07 - 02/14 (26)
    • ►  01/31 - 02/07 (33)
    • ►  01/24 - 01/31 (5)
    • ►  01/17 - 01/24 (69)
    • ►  01/10 - 01/17 (20)
    • ►  01/03 - 01/10 (14)
  • ▼  2009 (429)
    • ►  12/27 - 01/03 (25)
    • ▼  12/20 - 12/27 (9)
      • Restart or Shutdown Windows (XP, 2000 and Vista) f...
      • PHP Security Guide
      • Apache directoryindex per virtualhost
      • dns @ sign means
      • DNS Records Explained with Examples
      • How to: Troubleshoot UNIX / Linux BIND DNS server ...
      • Microsoft words 2007 macros security problem
      • Troubleshooting Memory Usage
      • /dev/sda3 has gone 188 days without being checked,...
    • ►  12/13 - 12/20 (19)
    • ►  12/06 - 12/13 (43)
    • ►  11/29 - 12/06 (18)
    • ►  11/22 - 11/29 (38)
    • ►  11/15 - 11/22 (3)
    • ►  11/08 - 11/15 (3)
    • ►  11/01 - 11/08 (19)
    • ►  10/25 - 11/01 (1)
    • ►  10/18 - 10/25 (1)
    • ►  10/11 - 10/18 (3)
    • ►  10/04 - 10/11 (1)
    • ►  09/27 - 10/04 (17)
    • ►  09/20 - 09/27 (10)
    • ►  09/13 - 09/20 (13)
    • ►  09/06 - 09/13 (14)
    • ►  08/30 - 09/06 (11)
    • ►  08/23 - 08/30 (61)
    • ►  08/16 - 08/23 (93)
    • ►  08/09 - 08/16 (13)
    • ►  08/02 - 08/09 (14)

My Blog List

  • Frequently Asked Questions About Linux / UNIX
    How to redirect Nginx non-www to www domain over SSL - I am getting an error that reads, "Your connection is not secure" when trying to redirect https://theos.in/ to https://www.theos.in/ domain using HTTP 30...
    2 days ago
  • Linuxaria » Linuxaria – Everything about GNU/Linux and Open source
    What You Don’t Know About Linux Open Source Could Be Costing to More Than You Think - Guest post by Marc Fisher If you would like to test out Linux before completely switching it as your everyday driver, there are a number of means by which ...
    6 days ago
  • Ubuntu Geek
    Install Munin on Ubuntu 17.10 Server - Sponsored Link Munin the monitoring tool surveys all your computers and remembers what it saw. It presents all the information in graphs through a web inte...
    2 weeks ago
  • There is no place like 127.0.0.1
    Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. - Kali Linux is a Debian-derived Linux distribution designed for digital forensics and penetration testing. *Reference:* https://en.wikipedia.org/wiki/Kali...
    1 month ago
  • The Geek Stuff
    Happy New Year 2018 – From Geek, Dolls and Penguins - Happy New Year to all Geeks from Me, My Daughters (Diya and Neha), and our Penguins. We wish you and your family a happy, healthy, and joyful New Year. At ...
    3 months ago
  • WindowsNetworking.com
    Resolving Sysprep problems with App-X packages (Part 1) - This is the first of two articles explaining how to fix systems that won't Sysprep if Windows Native/App-X applications have been removed and Windows patches.
    11 months ago
  • WindowSecurity.com
    V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...
    11 months ago
  • Unixmen
    XWiki Installation in Linux - XWiki Xwiki is an open-source enterprise-ready wiki written in Java, runs on a servlet container like Tomcat, Jboss etc. which uses the relational database...
    1 year ago
  • Linux 101 Hacks
    10 UNIX / Linuz Size Command Examples for ObjectFiles - Linux size is part of GNU binutils. This utility is very helpful for programmers to analyze the data from the executable files (or object files). By defaul...
    3 years ago
  • Aaron Walrath - Another IT Guy's Meanderings
    Updating VMware Tools on Red Hat Enterprise/Scientific/CentOS Linux 6 for VMware ESXi 5 - In a previous post I discussed installing the open source VMware tools for Red Hat Enterprise/Scientific/CentOS Linux 6 from a yum package repository provi...
    6 years ago
 

top