Command Center

#!/bin/GREPing a '[programmer][sysadmin]' with Killer Skillz

Rss 2.0

Wednesday, December 23, 2009

PHP Security Guide

Category: 2dos, PHP, Security — SkyHi @ Wednesday, December 23, 2009
Table of Contents
1. Overview
1.1 What Is Security?
1.2 Basic Steps
1.3 Register Globals
1.4 Data Filtering
1.4.1 The Dispatch Method
1.4.2 The Include Method
1.4.3 Filtering Examples
1.4.4 Naming Conventions
1.4.5 Timing
1.5 Error Reporting
2. Form Processing
2.1 Spoofed Form Submissions
2.2 Spoofed HTTP Requests
2.3 Cross-Site Scripting
2.4 Cross-Site Request Forgeries
3. Databases and SQL
3.1 Exposed Access Credentials
3.2 SQL Injection
4. Sessions
4.1 Session Fixation
4.2 Session Hijacking
5. Shared Hosts
5.1 Exposed Session Data
5.2 Browsing the Filesystem
6. About
6.1 About This Guide
6.2 About the PHP Security Consortium
6.3 More Information

Reference: http://phpsec.org/projects/guide/

Newer Post Older Post Home

Labels

  • 2dos (11)
  • Active Directory (2)
  • Adobe (1)
  • AIDE (1)
  • Amanda (4)
  • Amavisd-new ClamAv Spamassassin (12)
  • Amazon EC2 (2)
  • Android (6)
  • Anti-virus (1)
  • Apache (87)
  • APC (2)
  • awk (3)
  • Awstats (6)
  • Backup (35)
  • Bacula (9)
  • bash (37)
  • Bind DNS (51)
  • Blogger (9)
  • Bookmarks (1)
  • Bulkmail (3)
  • Caching (3)
  • Cacti (2)
  • CakePHP (1)
  • Centos (100)
  • Centos 6 (12)
  • Centos minimal services (10)
  • CentOS/RedHat (12)
  • Cheatsheets (16)
  • Cisco (19)
  • clone migrate (9)
  • Clonezilla (2)
  • Cloud (1)
  • Comodo Firewall (3)
  • Compare_files (1)
  • Compile LAMP (2)
  • cPanel (15)
  • crontab (2)
  • CSS (6)
  • Curl (2)
  • Cygwin (3)
  • DEB_APT (4)
  • Debian (17)
  • Dell Server (1)
  • DHCP (4)
  • Django (1)
  • DOS attack (10)
  • Dovecot (7)
  • DRBD (28)
  • Drupal (3)
  • ebook (1)
  • encoding (1)
  • exploits (2)
  • fail2ban (7)
  • ffmpeg (9)
  • find (12)
  • find_and_replace (2)
  • Firefox (1)
  • flowplayer (1)
  • FreeBSD (7)
  • FreeNAS (3)
  • Git (2)
  • GLPI (1)
  • GlusterFS (3)
  • GNU screen (16)
  • Google Chrome (1)
  • grsecurity (3)
  • Hack (36)
  • Hard Drive (5)
  • Hardware (22)
  • Heartbeat (19)
  • High Availability (35)
  • Hosting (3)
  • howto (1)
  • HP Proliant (2)
  • htaccess (4)
  • HTML (2)
  • iApple (2)
  • ImageMagick (1)
  • iPhone (1)
  • IPMI (1)
  • ipplan (1)
  • IPsec (2)
  • iptables (24)
  • ipv6 (11)
  • iscsi (3)
  • ISPConfig (2)
  • Javascript (2)
  • JBoss (1)
  • Joomla (1)
  • Kernel (11)
  • KVM (1)
  • Life (2)
  • Linux (88)
  • Linux_admin_tool (4)
  • Linux-HA (33)
  • Load Balancer (4)
  • logrotate (1)
  • LogWatch (9)
  • LVM (6)
  • Mac OS (31)
  • malware (2)
  • mediawiki (2)
  • Memcached (7)
  • Misc (2)
  • Mobile (1)
  • mod_evasive (5)
  • mod_rewrite (22)
  • mod_security (12)
  • mrtg (2)
  • Music (1)
  • MySQL (84)
  • Nagios Icinga (6)
  • NAT (1)
  • Netapp (1)
  • netcat (1)
  • Networking (27)
  • NFS (2)
  • Nginx (15)
  • Nmap (2)
  • NoSQL (2)
  • NTP (1)
  • OCSinventory (1)
  • OpenVPN (9)
  • OpenVZ (5)
  • Oracle (2)
  • outlook (1)
  • Parsing Data (6)
  • PCI Compliance (2)
  • Performance Tune (39)
  • Perl (22)
  • Permission (10)
  • pfSense (6)
  • PHP (123)
  • phpBB (1)
  • phpMyAdmin (3)
  • Postfix (86)
  • PostfixAdmin (1)
  • PostgreSQL (1)
  • Printer (1)
  • Problem Set (1)
  • Proftpd (15)
  • Programming Talk (12)
  • proverbs (1)
  • Proxy (1)
  • Puppet (2)
  • putty (1)
  • Python (5)
  • RAID (19)
  • Regular Expression (3)
  • Reverse Proxy (2)
  • RHEL (3)
  • RHEV (2)
  • rootkits (2)
  • rsync (11)
  • Rsyslog (1)
  • Samba (22)
  • SAN (2)
  • scripts (47)
  • Security (73)
  • SELinux (4)
  • Sendmail (82)
  • SEO (17)
  • Smart_Phone (1)
  • smartd (2)
  • SMTP Auth (3)
  • Solaris (2)
  • Spam (5)
  • SQL Injection (6)
  • Squirrelmail Autoresponder (10)
  • ssh (15)
  • SSL (2)
  • strace (1)
  • Subversion (9)
  • sudo (6)
  • Suhosin (7)
  • suPHP (30)
  • sysadmin (1)
  • tmux (7)
  • Tomcat (1)
  • Tools (5)
  • TrueCrypt (5)
  • Ubuntu (104)
  • Unicode (2)
  • Varnish (1)
  • Vim (23)
  • Virtulization (1)
  • VMware ESX Vsphere (27)
  • VMware Workstation (4)
  • vnc (5)
  • VOIP (3)
  • VPN (2)
  • vsftpd (10)
  • w00t (6)
  • Webdev (5)
  • wget (13)
  • Windows (40)
  • Windows 7 (35)
  • Windows 8 (1)
  • Windows excel (3)
  • Windows Exchange 2003 (1)
  • Windows Exchange 2007 (5)
  • Windows Hyper-V (1)
  • Windows HyperV (1)
  • Windows IE (2)
  • Windows IIS (9)
  • Windows Office (1)
  • Windows Outlook (56)
  • Windows Security (1)
  • Windows Server (13)
  • Windows Server 2003 (11)
  • Windows Server 2008 (18)
  • Windows Server 2012 (1)
  • Windows SMTP (1)
  • Windows Terminal Server (1)
  • Windows XP (3)
  • Wireless (8)
  • Wordpress (18)
  • xdebug (3)
  • Xen (2)
  • XSS (5)
  • Yum RPM (37)
  • ZFS (2)

Blog Archive

  • ►  2014 (3)
    • ►  06/22 - 06/29 (1)
    • ►  04/06 - 04/13 (1)
    • ►  03/23 - 03/30 (1)
  • ►  2013 (33)
    • ►  12/15 - 12/22 (2)
    • ►  09/08 - 09/15 (1)
    • ►  08/25 - 09/01 (3)
    • ►  08/18 - 08/25 (2)
    • ►  07/21 - 07/28 (1)
    • ►  07/14 - 07/21 (1)
    • ►  06/16 - 06/23 (1)
    • ►  06/09 - 06/16 (1)
    • ►  05/19 - 05/26 (1)
    • ►  04/28 - 05/05 (1)
    • ►  04/21 - 04/28 (1)
    • ►  04/14 - 04/21 (2)
    • ►  03/24 - 03/31 (1)
    • ►  03/17 - 03/24 (1)
    • ►  03/10 - 03/17 (1)
    • ►  02/24 - 03/03 (3)
    • ►  02/17 - 02/24 (1)
    • ►  02/03 - 02/10 (1)
    • ►  01/27 - 02/03 (1)
    • ►  01/13 - 01/20 (2)
    • ►  01/06 - 01/13 (5)
  • ►  2012 (181)
    • ►  12/30 - 01/06 (3)
    • ►  12/16 - 12/23 (7)
    • ►  12/09 - 12/16 (2)
    • ►  12/02 - 12/09 (1)
    • ►  11/25 - 12/02 (3)
    • ►  11/18 - 11/25 (2)
    • ►  10/21 - 10/28 (2)
    • ►  10/14 - 10/21 (2)
    • ►  10/07 - 10/14 (2)
    • ►  09/09 - 09/16 (1)
    • ►  09/02 - 09/09 (1)
    • ►  08/26 - 09/02 (4)
    • ►  08/19 - 08/26 (6)
    • ►  08/12 - 08/19 (26)
    • ►  08/05 - 08/12 (7)
    • ►  07/29 - 08/05 (3)
    • ►  07/22 - 07/29 (6)
    • ►  07/15 - 07/22 (2)
    • ►  07/08 - 07/15 (5)
    • ►  07/01 - 07/08 (1)
    • ►  06/24 - 07/01 (2)
    • ►  06/17 - 06/24 (9)
    • ►  06/10 - 06/17 (2)
    • ►  06/03 - 06/10 (7)
    • ►  05/27 - 06/03 (8)
    • ►  05/13 - 05/20 (1)
    • ►  05/06 - 05/13 (1)
    • ►  04/22 - 04/29 (2)
    • ►  04/15 - 04/22 (4)
    • ►  04/08 - 04/15 (3)
    • ►  03/18 - 03/25 (2)
    • ►  03/11 - 03/18 (7)
    • ►  03/04 - 03/11 (6)
    • ►  02/26 - 03/04 (3)
    • ►  02/19 - 02/26 (3)
    • ►  02/12 - 02/19 (2)
    • ►  02/05 - 02/12 (3)
    • ►  01/29 - 02/05 (3)
    • ►  01/22 - 01/29 (7)
    • ►  01/15 - 01/22 (6)
    • ►  01/08 - 01/15 (8)
    • ►  01/01 - 01/08 (6)
  • ►  2011 (284)
    • ►  12/25 - 01/01 (5)
    • ►  12/18 - 12/25 (7)
    • ►  12/11 - 12/18 (9)
    • ►  12/04 - 12/11 (13)
    • ►  11/27 - 12/04 (8)
    • ►  11/20 - 11/27 (3)
    • ►  11/13 - 11/20 (4)
    • ►  11/06 - 11/13 (8)
    • ►  10/30 - 11/06 (5)
    • ►  10/23 - 10/30 (1)
    • ►  10/16 - 10/23 (11)
    • ►  10/09 - 10/16 (2)
    • ►  10/02 - 10/09 (3)
    • ►  09/25 - 10/02 (8)
    • ►  09/18 - 09/25 (9)
    • ►  09/11 - 09/18 (5)
    • ►  09/04 - 09/11 (4)
    • ►  08/28 - 09/04 (9)
    • ►  08/21 - 08/28 (3)
    • ►  08/14 - 08/21 (1)
    • ►  08/07 - 08/14 (3)
    • ►  07/31 - 08/07 (2)
    • ►  07/24 - 07/31 (6)
    • ►  07/17 - 07/24 (2)
    • ►  07/10 - 07/17 (6)
    • ►  07/03 - 07/10 (10)
    • ►  06/26 - 07/03 (6)
    • ►  06/19 - 06/26 (8)
    • ►  06/12 - 06/19 (5)
    • ►  06/05 - 06/12 (6)
    • ►  05/29 - 06/05 (4)
    • ►  05/22 - 05/29 (3)
    • ►  05/15 - 05/22 (8)
    • ►  05/08 - 05/15 (6)
    • ►  05/01 - 05/08 (8)
    • ►  04/24 - 05/01 (1)
    • ►  04/17 - 04/24 (2)
    • ►  04/10 - 04/17 (3)
    • ►  04/03 - 04/10 (3)
    • ►  03/27 - 04/03 (6)
    • ►  03/20 - 03/27 (3)
    • ►  03/13 - 03/20 (8)
    • ►  03/06 - 03/13 (7)
    • ►  02/27 - 03/06 (5)
    • ►  02/20 - 02/27 (4)
    • ►  02/13 - 02/20 (6)
    • ►  02/06 - 02/13 (4)
    • ►  01/30 - 02/06 (1)
    • ►  01/23 - 01/30 (5)
    • ►  01/16 - 01/23 (11)
    • ►  01/09 - 01/16 (6)
    • ►  01/02 - 01/09 (8)
  • ►  2010 (750)
    • ►  12/26 - 01/02 (8)
    • ►  12/19 - 12/26 (7)
    • ►  12/12 - 12/19 (3)
    • ►  12/05 - 12/12 (8)
    • ►  11/28 - 12/05 (11)
    • ►  11/21 - 11/28 (8)
    • ►  11/14 - 11/21 (1)
    • ►  11/07 - 11/14 (27)
    • ►  10/31 - 11/07 (6)
    • ►  10/24 - 10/31 (6)
    • ►  10/17 - 10/24 (7)
    • ►  10/10 - 10/17 (4)
    • ►  10/03 - 10/10 (6)
    • ►  09/26 - 10/03 (4)
    • ►  09/19 - 09/26 (4)
    • ►  09/12 - 09/19 (13)
    • ►  09/05 - 09/12 (13)
    • ►  08/29 - 09/05 (7)
    • ►  08/22 - 08/29 (17)
    • ►  08/15 - 08/22 (5)
    • ►  08/08 - 08/15 (11)
    • ►  08/01 - 08/08 (3)
    • ►  07/25 - 08/01 (5)
    • ►  07/18 - 07/25 (8)
    • ►  07/11 - 07/18 (13)
    • ►  07/04 - 07/11 (9)
    • ►  06/27 - 07/04 (15)
    • ►  06/20 - 06/27 (13)
    • ►  06/13 - 06/20 (40)
    • ►  06/06 - 06/13 (23)
    • ►  05/30 - 06/06 (33)
    • ►  05/23 - 05/30 (37)
    • ►  05/16 - 05/23 (21)
    • ►  05/09 - 05/16 (10)
    • ►  05/02 - 05/09 (8)
    • ►  04/25 - 05/02 (19)
    • ►  04/18 - 04/25 (13)
    • ►  04/11 - 04/18 (19)
    • ►  04/04 - 04/11 (10)
    • ►  03/28 - 04/04 (16)
    • ►  03/21 - 03/28 (11)
    • ►  03/14 - 03/21 (4)
    • ►  03/07 - 03/14 (8)
    • ►  02/28 - 03/07 (7)
    • ►  02/21 - 02/28 (12)
    • ►  02/14 - 02/21 (50)
    • ►  02/07 - 02/14 (26)
    • ►  01/31 - 02/07 (33)
    • ►  01/24 - 01/31 (5)
    • ►  01/17 - 01/24 (69)
    • ►  01/10 - 01/17 (20)
    • ►  01/03 - 01/10 (14)
  • ▼  2009 (429)
    • ►  12/27 - 01/03 (25)
    • ▼  12/20 - 12/27 (9)
      • Restart or Shutdown Windows (XP, 2000 and Vista) f...
      • PHP Security Guide
      • Apache directoryindex per virtualhost
      • dns @ sign means
      • DNS Records Explained with Examples
      • How to: Troubleshoot UNIX / Linux BIND DNS server ...
      • Microsoft words 2007 macros security problem
      • Troubleshooting Memory Usage
      • /dev/sda3 has gone 188 days without being checked,...
    • ►  12/13 - 12/20 (19)
    • ►  12/06 - 12/13 (43)
    • ►  11/29 - 12/06 (18)
    • ►  11/22 - 11/29 (38)
    • ►  11/15 - 11/22 (3)
    • ►  11/08 - 11/15 (3)
    • ►  11/01 - 11/08 (19)
    • ►  10/25 - 11/01 (1)
    • ►  10/18 - 10/25 (1)
    • ►  10/11 - 10/18 (3)
    • ►  10/04 - 10/11 (1)
    • ►  09/27 - 10/04 (17)
    • ►  09/20 - 09/27 (10)
    • ►  09/13 - 09/20 (13)
    • ►  09/06 - 09/13 (14)
    • ►  08/30 - 09/06 (11)
    • ►  08/23 - 08/30 (61)
    • ►  08/16 - 08/23 (93)
    • ►  08/09 - 08/16 (13)
    • ►  08/02 - 08/09 (14)

My Blog List

  • The Geek Stuff
    15 mysqlbinlog Command Examples for MySQL Binary Log Files - In MySQL or MariaDB, anytime you make a change to the database, that particular event is logged. For example, when you create a new table, or update data o...
    4 days ago
  • Frequently Asked Questions About Linux / UNIX
    How to change or configure OpenBSD package install mirror - openbsd commandI am trying to install nginx server on OpenBSD but keep getting an error that read as follows when I run the pkg_add command: https://mirror...
    5 days ago
  • Ubuntu Geek
    Install Freeradius on ubuntu 17.04 Server and manage using daloradius (Freeradius web management application) - Sponsored Link RADIUS, which stands for “Remote Authentication Dial In User Service”, is a network protocol -- a system that defines rules and conventions ...
    2 weeks ago
  • There is no place like 127.0.0.1
    Running php-fpm in Docker based on CentOS 7 - Running php-fpm in Docker based on CentOS 7 *Dockerfile:* FROM centos:centos7 RUN curl 'https://setup.ius.io/' -o setup-ius.sh \ && bash setup-ius.sh \ ...
    3 weeks ago
  • WindowsNetworking.com
    Resolving Sysprep problems with App-X packages (Part 1) - This is the first of two articles explaining how to fix systems that won't Sysprep if Windows Native/App-X applications have been removed and Windows patches.
    3 months ago
  • WindowSecurity.com
    V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...
    3 months ago
  • Linuxaria » Linuxaria – Everything about GNU/Linux and Open source
    Paas and continuos integration - Today I want to repost a great article first posted on sysadvent blog. I think it’s a great post that show how to integrate different software to achieve a...
    9 months ago
  • Unixmen
    XWiki Installation in Linux - XWiki Xwiki is an open-source enterprise-ready wiki written in Java, runs on a servlet container like Tomcat, Jboss etc. which uses the relational database...
    1 year ago
  • Linux 101 Hacks
    10 UNIX / Linuz Size Command Examples for ObjectFiles - Linux size is part of GNU binutils. This utility is very helpful for programmers to analyze the data from the executable files (or object files). By defaul...
    2 years ago
  • Aaron Walrath - Another IT Guy's Meanderings
    Updating VMware Tools on Red Hat Enterprise/Scientific/CentOS Linux 6 for VMware ESXi 5 - In a previous post I discussed installing the open source VMware tools for Red Hat Enterprise/Scientific/CentOS Linux 6 from a yum package repository provi...
    5 years ago
 

top