Command Center

#!/bin/GREPing a '[programmer][sysadmin]' with Killer Skillz

Rss 2.0

Wednesday, December 23, 2009

PHP Security Guide

Category: 2dos, PHP, Security — SkyHi @ Wednesday, December 23, 2009
Table of Contents
1. Overview
1.1 What Is Security?
1.2 Basic Steps
1.3 Register Globals
1.4 Data Filtering
1.4.1 The Dispatch Method
1.4.2 The Include Method
1.4.3 Filtering Examples
1.4.4 Naming Conventions
1.4.5 Timing
1.5 Error Reporting
2. Form Processing
2.1 Spoofed Form Submissions
2.2 Spoofed HTTP Requests
2.3 Cross-Site Scripting
2.4 Cross-Site Request Forgeries
3. Databases and SQL
3.1 Exposed Access Credentials
3.2 SQL Injection
4. Sessions
4.1 Session Fixation
4.2 Session Hijacking
5. Shared Hosts
5.1 Exposed Session Data
5.2 Browsing the Filesystem
6. About
6.1 About This Guide
6.2 About the PHP Security Consortium
6.3 More Information

Reference: http://phpsec.org/projects/guide/

Newer Post Older Post Home

Labels

  • 2dos (11)
  • Active Directory (2)
  • Adobe (1)
  • AIDE (1)
  • Amanda (4)
  • Amavisd-new ClamAv Spamassassin (12)
  • Amazon EC2 (2)
  • Android (6)
  • Anti-virus (1)
  • Apache (87)
  • APC (2)
  • awk (3)
  • Awstats (6)
  • Backup (35)
  • Bacula (9)
  • bash (37)
  • Bind DNS (51)
  • Blogger (9)
  • Bookmarks (1)
  • Bulkmail (3)
  • Caching (3)
  • Cacti (2)
  • CakePHP (1)
  • Centos (100)
  • Centos 6 (12)
  • Centos minimal services (10)
  • CentOS/RedHat (12)
  • Cheatsheets (16)
  • Cisco (19)
  • clone migrate (9)
  • Clonezilla (2)
  • Cloud (1)
  • Comodo Firewall (3)
  • Compare_files (1)
  • Compile LAMP (2)
  • cPanel (15)
  • crontab (2)
  • CSS (6)
  • Curl (2)
  • Cygwin (3)
  • DEB_APT (4)
  • Debian (17)
  • Dell Server (1)
  • DHCP (4)
  • Django (1)
  • DOS attack (10)
  • Dovecot (7)
  • DRBD (28)
  • Drupal (3)
  • ebook (1)
  • encoding (1)
  • exploits (2)
  • fail2ban (7)
  • ffmpeg (9)
  • find (12)
  • find_and_replace (2)
  • Firefox (1)
  • flowplayer (1)
  • FreeBSD (7)
  • FreeNAS (3)
  • Git (2)
  • GLPI (1)
  • GlusterFS (3)
  • GNU screen (16)
  • Google Chrome (1)
  • grsecurity (3)
  • Hack (36)
  • Hard Drive (5)
  • Hardware (22)
  • Heartbeat (19)
  • High Availability (35)
  • Hosting (3)
  • howto (1)
  • HP Proliant (2)
  • htaccess (4)
  • HTML (2)
  • iApple (2)
  • ImageMagick (1)
  • iPhone (1)
  • IPMI (1)
  • ipplan (1)
  • IPsec (2)
  • iptables (24)
  • ipv6 (11)
  • iscsi (3)
  • ISPConfig (2)
  • Javascript (2)
  • JBoss (1)
  • Joomla (1)
  • Kernel (11)
  • KVM (1)
  • Life (2)
  • Linux (88)
  • Linux_admin_tool (4)
  • Linux-HA (33)
  • Load Balancer (4)
  • logrotate (1)
  • LogWatch (9)
  • LVM (6)
  • Mac OS (31)
  • malware (2)
  • mediawiki (2)
  • Memcached (7)
  • Misc (2)
  • Mobile (1)
  • mod_evasive (5)
  • mod_rewrite (22)
  • mod_security (12)
  • mrtg (2)
  • Music (1)
  • MySQL (84)
  • Nagios Icinga (6)
  • NAT (1)
  • Netapp (1)
  • netcat (1)
  • Networking (27)
  • NFS (2)
  • Nginx (15)
  • Nmap (2)
  • NoSQL (2)
  • NTP (1)
  • OCSinventory (1)
  • OpenVPN (9)
  • OpenVZ (5)
  • Oracle (2)
  • outlook (1)
  • Parsing Data (6)
  • PCI Compliance (2)
  • Performance Tune (39)
  • Perl (22)
  • Permission (10)
  • pfSense (6)
  • PHP (123)
  • phpBB (1)
  • phpMyAdmin (3)
  • Postfix (86)
  • PostfixAdmin (1)
  • PostgreSQL (1)
  • Printer (1)
  • Problem Set (1)
  • Proftpd (15)
  • Programming Talk (12)
  • proverbs (1)
  • Proxy (1)
  • Puppet (2)
  • putty (1)
  • Python (5)
  • RAID (19)
  • Regular Expression (3)
  • Reverse Proxy (2)
  • RHEL (3)
  • RHEV (2)
  • rootkits (2)
  • rsync (11)
  • Rsyslog (1)
  • Samba (22)
  • SAN (2)
  • scripts (47)
  • Security (73)
  • SELinux (4)
  • Sendmail (82)
  • SEO (17)
  • Smart_Phone (1)
  • smartd (2)
  • SMTP Auth (3)
  • Solaris (2)
  • Spam (5)
  • SQL Injection (6)
  • Squirrelmail Autoresponder (10)
  • ssh (15)
  • SSL (2)
  • strace (1)
  • Subversion (9)
  • sudo (6)
  • Suhosin (7)
  • suPHP (30)
  • sysadmin (1)
  • tmux (7)
  • Tomcat (1)
  • Tools (5)
  • TrueCrypt (5)
  • Ubuntu (104)
  • Unicode (2)
  • Varnish (1)
  • Vim (23)
  • Virtulization (1)
  • VMware ESX Vsphere (27)
  • VMware Workstation (4)
  • vnc (5)
  • VOIP (3)
  • VPN (2)
  • vsftpd (10)
  • w00t (6)
  • Webdev (5)
  • wget (13)
  • Windows (40)
  • Windows 7 (35)
  • Windows 8 (1)
  • Windows excel (3)
  • Windows Exchange 2003 (1)
  • Windows Exchange 2007 (5)
  • Windows Hyper-V (1)
  • Windows HyperV (1)
  • Windows IE (2)
  • Windows IIS (9)
  • Windows Office (1)
  • Windows Outlook (56)
  • Windows Security (1)
  • Windows Server (13)
  • Windows Server 2003 (11)
  • Windows Server 2008 (18)
  • Windows Server 2012 (1)
  • Windows SMTP (1)
  • Windows Terminal Server (1)
  • Windows XP (3)
  • Wireless (8)
  • Wordpress (18)
  • xdebug (3)
  • Xen (2)
  • XSS (5)
  • Yum RPM (37)
  • ZFS (2)

Blog Archive

  • ►  2014 (3)
    • ►  06/22 - 06/29 (1)
    • ►  04/06 - 04/13 (1)
    • ►  03/23 - 03/30 (1)
  • ►  2013 (33)
    • ►  12/15 - 12/22 (2)
    • ►  09/08 - 09/15 (1)
    • ►  08/25 - 09/01 (3)
    • ►  08/18 - 08/25 (2)
    • ►  07/21 - 07/28 (1)
    • ►  07/14 - 07/21 (1)
    • ►  06/16 - 06/23 (1)
    • ►  06/09 - 06/16 (1)
    • ►  05/19 - 05/26 (1)
    • ►  04/28 - 05/05 (1)
    • ►  04/21 - 04/28 (1)
    • ►  04/14 - 04/21 (2)
    • ►  03/24 - 03/31 (1)
    • ►  03/17 - 03/24 (1)
    • ►  03/10 - 03/17 (1)
    • ►  02/24 - 03/03 (3)
    • ►  02/17 - 02/24 (1)
    • ►  02/03 - 02/10 (1)
    • ►  01/27 - 02/03 (1)
    • ►  01/13 - 01/20 (2)
    • ►  01/06 - 01/13 (5)
  • ►  2012 (181)
    • ►  12/30 - 01/06 (3)
    • ►  12/16 - 12/23 (7)
    • ►  12/09 - 12/16 (2)
    • ►  12/02 - 12/09 (1)
    • ►  11/25 - 12/02 (3)
    • ►  11/18 - 11/25 (2)
    • ►  10/21 - 10/28 (2)
    • ►  10/14 - 10/21 (2)
    • ►  10/07 - 10/14 (2)
    • ►  09/09 - 09/16 (1)
    • ►  09/02 - 09/09 (1)
    • ►  08/26 - 09/02 (4)
    • ►  08/19 - 08/26 (6)
    • ►  08/12 - 08/19 (26)
    • ►  08/05 - 08/12 (7)
    • ►  07/29 - 08/05 (3)
    • ►  07/22 - 07/29 (6)
    • ►  07/15 - 07/22 (2)
    • ►  07/08 - 07/15 (5)
    • ►  07/01 - 07/08 (1)
    • ►  06/24 - 07/01 (2)
    • ►  06/17 - 06/24 (9)
    • ►  06/10 - 06/17 (2)
    • ►  06/03 - 06/10 (7)
    • ►  05/27 - 06/03 (8)
    • ►  05/13 - 05/20 (1)
    • ►  05/06 - 05/13 (1)
    • ►  04/22 - 04/29 (2)
    • ►  04/15 - 04/22 (4)
    • ►  04/08 - 04/15 (3)
    • ►  03/18 - 03/25 (2)
    • ►  03/11 - 03/18 (7)
    • ►  03/04 - 03/11 (6)
    • ►  02/26 - 03/04 (3)
    • ►  02/19 - 02/26 (3)
    • ►  02/12 - 02/19 (2)
    • ►  02/05 - 02/12 (3)
    • ►  01/29 - 02/05 (3)
    • ►  01/22 - 01/29 (7)
    • ►  01/15 - 01/22 (6)
    • ►  01/08 - 01/15 (8)
    • ►  01/01 - 01/08 (6)
  • ►  2011 (284)
    • ►  12/25 - 01/01 (5)
    • ►  12/18 - 12/25 (7)
    • ►  12/11 - 12/18 (9)
    • ►  12/04 - 12/11 (13)
    • ►  11/27 - 12/04 (8)
    • ►  11/20 - 11/27 (3)
    • ►  11/13 - 11/20 (4)
    • ►  11/06 - 11/13 (8)
    • ►  10/30 - 11/06 (5)
    • ►  10/23 - 10/30 (1)
    • ►  10/16 - 10/23 (11)
    • ►  10/09 - 10/16 (2)
    • ►  10/02 - 10/09 (3)
    • ►  09/25 - 10/02 (8)
    • ►  09/18 - 09/25 (9)
    • ►  09/11 - 09/18 (5)
    • ►  09/04 - 09/11 (4)
    • ►  08/28 - 09/04 (9)
    • ►  08/21 - 08/28 (3)
    • ►  08/14 - 08/21 (1)
    • ►  08/07 - 08/14 (3)
    • ►  07/31 - 08/07 (2)
    • ►  07/24 - 07/31 (6)
    • ►  07/17 - 07/24 (2)
    • ►  07/10 - 07/17 (6)
    • ►  07/03 - 07/10 (10)
    • ►  06/26 - 07/03 (6)
    • ►  06/19 - 06/26 (8)
    • ►  06/12 - 06/19 (5)
    • ►  06/05 - 06/12 (6)
    • ►  05/29 - 06/05 (4)
    • ►  05/22 - 05/29 (3)
    • ►  05/15 - 05/22 (8)
    • ►  05/08 - 05/15 (6)
    • ►  05/01 - 05/08 (8)
    • ►  04/24 - 05/01 (1)
    • ►  04/17 - 04/24 (2)
    • ►  04/10 - 04/17 (3)
    • ►  04/03 - 04/10 (3)
    • ►  03/27 - 04/03 (6)
    • ►  03/20 - 03/27 (3)
    • ►  03/13 - 03/20 (8)
    • ►  03/06 - 03/13 (7)
    • ►  02/27 - 03/06 (5)
    • ►  02/20 - 02/27 (4)
    • ►  02/13 - 02/20 (6)
    • ►  02/06 - 02/13 (4)
    • ►  01/30 - 02/06 (1)
    • ►  01/23 - 01/30 (5)
    • ►  01/16 - 01/23 (11)
    • ►  01/09 - 01/16 (6)
    • ►  01/02 - 01/09 (8)
  • ►  2010 (750)
    • ►  12/26 - 01/02 (8)
    • ►  12/19 - 12/26 (7)
    • ►  12/12 - 12/19 (3)
    • ►  12/05 - 12/12 (8)
    • ►  11/28 - 12/05 (11)
    • ►  11/21 - 11/28 (8)
    • ►  11/14 - 11/21 (1)
    • ►  11/07 - 11/14 (27)
    • ►  10/31 - 11/07 (6)
    • ►  10/24 - 10/31 (6)
    • ►  10/17 - 10/24 (7)
    • ►  10/10 - 10/17 (4)
    • ►  10/03 - 10/10 (6)
    • ►  09/26 - 10/03 (4)
    • ►  09/19 - 09/26 (4)
    • ►  09/12 - 09/19 (13)
    • ►  09/05 - 09/12 (13)
    • ►  08/29 - 09/05 (7)
    • ►  08/22 - 08/29 (17)
    • ►  08/15 - 08/22 (5)
    • ►  08/08 - 08/15 (11)
    • ►  08/01 - 08/08 (3)
    • ►  07/25 - 08/01 (5)
    • ►  07/18 - 07/25 (8)
    • ►  07/11 - 07/18 (13)
    • ►  07/04 - 07/11 (9)
    • ►  06/27 - 07/04 (15)
    • ►  06/20 - 06/27 (13)
    • ►  06/13 - 06/20 (40)
    • ►  06/06 - 06/13 (23)
    • ►  05/30 - 06/06 (33)
    • ►  05/23 - 05/30 (37)
    • ►  05/16 - 05/23 (21)
    • ►  05/09 - 05/16 (10)
    • ►  05/02 - 05/09 (8)
    • ►  04/25 - 05/02 (19)
    • ►  04/18 - 04/25 (13)
    • ►  04/11 - 04/18 (19)
    • ►  04/04 - 04/11 (10)
    • ►  03/28 - 04/04 (16)
    • ►  03/21 - 03/28 (11)
    • ►  03/14 - 03/21 (4)
    • ►  03/07 - 03/14 (8)
    • ►  02/28 - 03/07 (7)
    • ►  02/21 - 02/28 (12)
    • ►  02/14 - 02/21 (50)
    • ►  02/07 - 02/14 (26)
    • ►  01/31 - 02/07 (33)
    • ►  01/24 - 01/31 (5)
    • ►  01/17 - 01/24 (69)
    • ►  01/10 - 01/17 (20)
    • ►  01/03 - 01/10 (14)
  • ▼  2009 (429)
    • ►  12/27 - 01/03 (25)
    • ▼  12/20 - 12/27 (9)
      • Restart or Shutdown Windows (XP, 2000 and Vista) f...
      • PHP Security Guide
      • Apache directoryindex per virtualhost
      • dns @ sign means
      • DNS Records Explained with Examples
      • How to: Troubleshoot UNIX / Linux BIND DNS server ...
      • Microsoft words 2007 macros security problem
      • Troubleshooting Memory Usage
      • /dev/sda3 has gone 188 days without being checked,...
    • ►  12/13 - 12/20 (19)
    • ►  12/06 - 12/13 (43)
    • ►  11/29 - 12/06 (18)
    • ►  11/22 - 11/29 (38)
    • ►  11/15 - 11/22 (3)
    • ►  11/08 - 11/15 (3)
    • ►  11/01 - 11/08 (19)
    • ►  10/25 - 11/01 (1)
    • ►  10/18 - 10/25 (1)
    • ►  10/11 - 10/18 (3)
    • ►  10/04 - 10/11 (1)
    • ►  09/27 - 10/04 (17)
    • ►  09/20 - 09/27 (10)
    • ►  09/13 - 09/20 (13)
    • ►  09/06 - 09/13 (14)
    • ►  08/30 - 09/06 (11)
    • ►  08/23 - 08/30 (61)
    • ►  08/16 - 08/23 (93)
    • ►  08/09 - 08/16 (13)
    • ►  08/02 - 08/09 (14)

My Blog List

  • There is no place like 127.0.0.1
    Set up MySQL Master Slave Replication on Docker Containers - Set up MySQL Master Slave Replication on Docker Containers https://github.com/junhsieh/docker-compose/tree/master/mysql-replication
    1 day ago
  • Frequently Asked Questions About Linux / UNIX
    How to write/create a Ubuntu .iso to a bootable USB device on Linux using dd command - I downloaded a Ubuntu .iso file named artful-desktop-amd64.iso on a Debian Linux system. How do I write or burn a Ubuntu .iso to a USB device for installa...
    4 days ago
  • The Geek Stuff
    How to Install Configure LDAP Client for 389 Directory Server - 389 Directory Server is a super fast open source enterprise LDAP Server. In this tutorial, we’ll explain how to install and configure the LDAP client on Li...
    1 week ago
  • Ubuntu Geek
    Linux Networking Cookbook ($17 Value) FREE For a Limited Time - Move beyond the basics of how a Linux machine works and gain a better understanding of Linux networks and their configuration. This is a hands-on solution ...
    3 weeks ago
  • WindowsNetworking.com
    Resolving Sysprep problems with App-X packages (Part 1) - This is the first of two articles explaining how to fix systems that won't Sysprep if Windows Native/App-X applications have been removed and Windows patches.
    5 months ago
  • WindowSecurity.com
    V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...
    5 months ago
  • Linuxaria » Linuxaria – Everything about GNU/Linux and Open source
    Paas and continuos integration - Today I want to repost a great article first posted on sysadvent blog. I think it’s a great post that show how to integrate different software to achieve a...
    11 months ago
  • Unixmen
    XWiki Installation in Linux - XWiki Xwiki is an open-source enterprise-ready wiki written in Java, runs on a servlet container like Tomcat, Jboss etc. which uses the relational database...
    1 year ago
  • Linux 101 Hacks
    10 UNIX / Linuz Size Command Examples for ObjectFiles - Linux size is part of GNU binutils. This utility is very helpful for programmers to analyze the data from the executable files (or object files). By defaul...
    2 years ago
  • Aaron Walrath - Another IT Guy's Meanderings
    Updating VMware Tools on Red Hat Enterprise/Scientific/CentOS Linux 6 for VMware ESXi 5 - In a previous post I discussed installing the open source VMware tools for Red Hat Enterprise/Scientific/CentOS Linux 6 from a yum package repository provi...
    6 years ago
 

top