Command Center
#!/bin/GREPing a '[programmer][sysadmin]' with Killer Skillz
Search
Wednesday, December 23, 2009
PHP Security Guide
Category:
2dos
,
PHP
,
Security
—
SkyHi @ Wednesday, December 23, 2009
Table of Contents
1. Overview
1.1 What Is Security?
1.2 Basic Steps
1.3 Register Globals
1.4 Data Filtering
1.4.1 The Dispatch Method
1.4.2 The Include Method
1.4.3 Filtering Examples
1.4.4 Naming Conventions
1.4.5 Timing
1.5 Error Reporting
2. Form Processing
2.1 Spoofed Form Submissions
2.2 Spoofed HTTP Requests
2.3 Cross-Site Scripting
2.4 Cross-Site Request Forgeries
3. Databases and SQL
3.1 Exposed Access Credentials
3.2 SQL Injection
4. Sessions
4.1 Session Fixation
4.2 Session Hijacking
5. Shared Hosts
5.1 Exposed Session Data
5.2 Browsing the Filesystem
6. About
6.1 About This Guide
6.2 About the PHP Security Consortium
6.3 More Information
Reference:
http://phpsec.org/projects/guide/
Newer Post
Older Post
Home
Labels
2dos
(11)
Active Directory
(2)
Adobe
(1)
AIDE
(1)
Amanda
(4)
Amavisd-new ClamAv Spamassassin
(12)
Amazon EC2
(2)
Android
(6)
Anti-virus
(1)
Apache
(87)
APC
(2)
awk
(3)
Awstats
(6)
Backup
(35)
Bacula
(9)
bash
(37)
Bind DNS
(51)
Blogger
(9)
Bookmarks
(1)
Bulkmail
(3)
Caching
(3)
Cacti
(2)
CakePHP
(1)
Centos
(100)
Centos 6
(12)
Centos minimal services
(10)
CentOS/RedHat
(12)
Cheatsheets
(16)
Cisco
(19)
clone migrate
(9)
Clonezilla
(2)
Cloud
(1)
Comodo Firewall
(3)
Compare_files
(1)
Compile LAMP
(2)
cPanel
(15)
crontab
(2)
CSS
(6)
Curl
(2)
Cygwin
(3)
DEB_APT
(4)
Debian
(17)
Dell Server
(1)
DHCP
(4)
Django
(1)
DOS attack
(10)
Dovecot
(7)
DRBD
(28)
Drupal
(3)
ebook
(1)
encoding
(1)
exploits
(2)
fail2ban
(7)
ffmpeg
(9)
find
(12)
find_and_replace
(2)
Firefox
(1)
flowplayer
(1)
FreeBSD
(7)
FreeNAS
(3)
Git
(2)
GLPI
(1)
GlusterFS
(3)
GNU screen
(16)
Google Chrome
(1)
grsecurity
(3)
Hack
(36)
Hard Drive
(5)
Hardware
(22)
Heartbeat
(19)
High Availability
(35)
Hosting
(3)
howto
(1)
HP Proliant
(2)
htaccess
(4)
HTML
(2)
iApple
(2)
ImageMagick
(1)
iPhone
(1)
IPMI
(1)
ipplan
(1)
IPsec
(2)
iptables
(24)
ipv6
(11)
iscsi
(3)
ISPConfig
(2)
Javascript
(2)
JBoss
(1)
Joomla
(1)
Kernel
(11)
KVM
(1)
Life
(2)
Linux
(88)
Linux_admin_tool
(4)
Linux-HA
(33)
Load Balancer
(4)
logrotate
(1)
LogWatch
(9)
LVM
(6)
Mac OS
(31)
malware
(2)
mediawiki
(2)
Memcached
(7)
Misc
(2)
Mobile
(1)
mod_evasive
(5)
mod_rewrite
(22)
mod_security
(12)
mrtg
(2)
Music
(1)
MySQL
(83)
Nagios Icinga
(6)
NAT
(1)
Netapp
(1)
netcat
(1)
Networking
(27)
NFS
(2)
Nginx
(15)
Nmap
(2)
NoSQL
(2)
NTP
(1)
OCSinventory
(1)
OpenVPN
(9)
OpenVZ
(5)
Oracle
(2)
outlook
(1)
Parsing Data
(6)
PCI Compliance
(2)
Performance Tune
(39)
Perl
(22)
Permission
(10)
pfSense
(6)
PHP
(123)
phpBB
(1)
phpMyAdmin
(3)
Postfix
(86)
PostfixAdmin
(1)
PostgreSQL
(1)
Printer
(1)
Problem Set
(1)
Proftpd
(15)
Programming Talk
(12)
proverbs
(1)
Proxy
(1)
Puppet
(2)
putty
(1)
Python
(5)
RAID
(19)
Regular Expression
(3)
Reverse Proxy
(2)
RHEL
(3)
RHEV
(2)
rootkits
(2)
rsync
(11)
Rsyslog
(1)
Samba
(22)
SAN
(2)
scripts
(47)
Security
(73)
SELinux
(4)
Sendmail
(82)
SEO
(17)
Smart_Phone
(1)
smartd
(2)
SMTP Auth
(3)
Solaris
(2)
Spam
(5)
SQL Injection
(6)
Squirrelmail Autoresponder
(10)
ssh
(15)
SSL
(2)
strace
(1)
Subversion
(9)
sudo
(6)
Suhosin
(7)
suPHP
(30)
sysadmin
(1)
tmux
(7)
Tomcat
(1)
Tools
(5)
TrueCrypt
(5)
Ubuntu
(104)
Unicode
(2)
Varnish
(1)
Vim
(23)
Virtulization
(1)
VMware ESX Vsphere
(27)
VMware Workstation
(4)
vnc
(5)
VOIP
(3)
VPN
(2)
vsftpd
(10)
w00t
(6)
Webdev
(5)
wget
(13)
Windows
(40)
Windows 7
(35)
Windows 8
(1)
Windows excel
(3)
Windows Exchange 2003
(1)
Windows Exchange 2007
(5)
Windows Hyper-V
(1)
Windows HyperV
(1)
Windows IE
(2)
Windows IIS
(9)
Windows Office
(1)
Windows Outlook
(56)
Windows Security
(1)
Windows Server
(13)
Windows Server 2003
(11)
Windows Server 2008
(18)
Windows Server 2012
(1)
Windows SMTP
(1)
Windows Terminal Server
(1)
Windows XP
(3)
Wireless
(8)
Wordpress
(18)
xdebug
(3)
Xen
(2)
XSS
(5)
Yum RPM
(37)
ZFS
(2)
Blog Archive
►
2014
(3)
►
06/22 - 06/29
(1)
►
04/06 - 04/13
(1)
►
03/23 - 03/30
(1)
►
2013
(33)
►
12/15 - 12/22
(2)
►
09/08 - 09/15
(1)
►
08/25 - 09/01
(3)
►
08/18 - 08/25
(2)
►
07/21 - 07/28
(1)
►
07/14 - 07/21
(1)
►
06/16 - 06/23
(1)
►
06/09 - 06/16
(1)
►
05/19 - 05/26
(1)
►
04/28 - 05/05
(1)
►
04/21 - 04/28
(1)
►
04/14 - 04/21
(2)
►
03/24 - 03/31
(1)
►
03/17 - 03/24
(1)
►
03/10 - 03/17
(1)
►
02/24 - 03/03
(3)
►
02/17 - 02/24
(1)
►
02/03 - 02/10
(1)
►
01/27 - 02/03
(1)
►
01/13 - 01/20
(2)
►
01/06 - 01/13
(5)
►
2012
(181)
►
12/30 - 01/06
(3)
►
12/16 - 12/23
(7)
►
12/09 - 12/16
(2)
►
12/02 - 12/09
(1)
►
11/25 - 12/02
(3)
►
11/18 - 11/25
(2)
►
10/21 - 10/28
(2)
►
10/14 - 10/21
(2)
►
10/07 - 10/14
(2)
►
09/09 - 09/16
(1)
►
09/02 - 09/09
(1)
►
08/26 - 09/02
(4)
►
08/19 - 08/26
(6)
►
08/12 - 08/19
(26)
►
08/05 - 08/12
(7)
►
07/29 - 08/05
(3)
►
07/22 - 07/29
(6)
►
07/15 - 07/22
(2)
►
07/08 - 07/15
(5)
►
07/01 - 07/08
(1)
►
06/24 - 07/01
(2)
►
06/17 - 06/24
(9)
►
06/10 - 06/17
(2)
►
06/03 - 06/10
(7)
►
05/27 - 06/03
(8)
►
05/13 - 05/20
(1)
►
05/06 - 05/13
(1)
►
04/22 - 04/29
(2)
►
04/15 - 04/22
(4)
►
04/08 - 04/15
(3)
►
03/18 - 03/25
(2)
►
03/11 - 03/18
(7)
►
03/04 - 03/11
(6)
►
02/26 - 03/04
(3)
►
02/19 - 02/26
(3)
►
02/12 - 02/19
(2)
►
02/05 - 02/12
(3)
►
01/29 - 02/05
(3)
►
01/22 - 01/29
(7)
►
01/15 - 01/22
(6)
►
01/08 - 01/15
(8)
►
01/01 - 01/08
(6)
►
2011
(283)
►
12/25 - 01/01
(5)
►
12/18 - 12/25
(7)
►
12/11 - 12/18
(9)
►
12/04 - 12/11
(13)
►
11/27 - 12/04
(8)
►
11/20 - 11/27
(3)
►
11/13 - 11/20
(4)
►
11/06 - 11/13
(7)
►
10/30 - 11/06
(5)
►
10/23 - 10/30
(1)
►
10/16 - 10/23
(11)
►
10/09 - 10/16
(2)
►
10/02 - 10/09
(3)
►
09/25 - 10/02
(8)
►
09/18 - 09/25
(9)
►
09/11 - 09/18
(5)
►
09/04 - 09/11
(4)
►
08/28 - 09/04
(9)
►
08/21 - 08/28
(3)
►
08/14 - 08/21
(1)
►
08/07 - 08/14
(3)
►
07/31 - 08/07
(2)
►
07/24 - 07/31
(6)
►
07/17 - 07/24
(2)
►
07/10 - 07/17
(6)
►
07/03 - 07/10
(10)
►
06/26 - 07/03
(6)
►
06/19 - 06/26
(8)
►
06/12 - 06/19
(5)
►
06/05 - 06/12
(6)
►
05/29 - 06/05
(4)
►
05/22 - 05/29
(3)
►
05/15 - 05/22
(8)
►
05/08 - 05/15
(6)
►
05/01 - 05/08
(8)
►
04/24 - 05/01
(1)
►
04/17 - 04/24
(2)
►
04/10 - 04/17
(3)
►
04/03 - 04/10
(3)
►
03/27 - 04/03
(6)
►
03/20 - 03/27
(3)
►
03/13 - 03/20
(8)
►
03/06 - 03/13
(7)
►
02/27 - 03/06
(5)
►
02/20 - 02/27
(4)
►
02/13 - 02/20
(6)
►
02/06 - 02/13
(4)
►
01/30 - 02/06
(1)
►
01/23 - 01/30
(5)
►
01/16 - 01/23
(11)
►
01/09 - 01/16
(6)
►
01/02 - 01/09
(8)
►
2010
(750)
►
12/26 - 01/02
(8)
►
12/19 - 12/26
(7)
►
12/12 - 12/19
(3)
►
12/05 - 12/12
(8)
►
11/28 - 12/05
(11)
►
11/21 - 11/28
(8)
►
11/14 - 11/21
(1)
►
11/07 - 11/14
(27)
►
10/31 - 11/07
(6)
►
10/24 - 10/31
(6)
►
10/17 - 10/24
(7)
►
10/10 - 10/17
(4)
►
10/03 - 10/10
(6)
►
09/26 - 10/03
(4)
►
09/19 - 09/26
(4)
►
09/12 - 09/19
(13)
►
09/05 - 09/12
(13)
►
08/29 - 09/05
(7)
►
08/22 - 08/29
(17)
►
08/15 - 08/22
(5)
►
08/08 - 08/15
(11)
►
08/01 - 08/08
(3)
►
07/25 - 08/01
(5)
►
07/18 - 07/25
(8)
►
07/11 - 07/18
(13)
►
07/04 - 07/11
(9)
►
06/27 - 07/04
(15)
►
06/20 - 06/27
(13)
►
06/13 - 06/20
(40)
►
06/06 - 06/13
(23)
►
05/30 - 06/06
(33)
►
05/23 - 05/30
(37)
►
05/16 - 05/23
(21)
►
05/09 - 05/16
(10)
►
05/02 - 05/09
(8)
►
04/25 - 05/02
(19)
►
04/18 - 04/25
(13)
►
04/11 - 04/18
(19)
►
04/04 - 04/11
(10)
►
03/28 - 04/04
(16)
►
03/21 - 03/28
(11)
►
03/14 - 03/21
(4)
►
03/07 - 03/14
(8)
►
02/28 - 03/07
(7)
►
02/21 - 02/28
(12)
►
02/14 - 02/21
(50)
►
02/07 - 02/14
(26)
►
01/31 - 02/07
(33)
►
01/24 - 01/31
(5)
►
01/17 - 01/24
(69)
►
01/10 - 01/17
(20)
►
01/03 - 01/10
(14)
▼
2009
(429)
►
12/27 - 01/03
(25)
▼
12/20 - 12/27
(9)
Restart or Shutdown Windows (XP, 2000 and Vista) f...
PHP Security Guide
Apache directoryindex per virtualhost
dns @ sign means
DNS Records Explained with Examples
How to: Troubleshoot UNIX / Linux BIND DNS server ...
Microsoft words 2007 macros security problem
Troubleshooting Memory Usage
/dev/sda3 has gone 188 days without being checked,...
►
12/13 - 12/20
(19)
►
12/06 - 12/13
(43)
►
11/29 - 12/06
(18)
►
11/22 - 11/29
(38)
►
11/15 - 11/22
(3)
►
11/08 - 11/15
(3)
►
11/01 - 11/08
(19)
►
10/25 - 11/01
(1)
►
10/18 - 10/25
(1)
►
10/11 - 10/18
(3)
►
10/04 - 10/11
(1)
►
09/27 - 10/04
(17)
►
09/20 - 09/27
(10)
►
09/13 - 09/20
(13)
►
09/06 - 09/13
(14)
►
08/30 - 09/06
(11)
►
08/23 - 08/30
(61)
►
08/16 - 08/23
(93)
►
08/09 - 08/16
(13)
►
08/02 - 08/09
(14)
My Blog List
Frequently Asked Questions About Linux / UNIX
How to configure AWS SES with Postfix MTA on Debian Linux
-
[image: See all Amazon AWS web services related articles/faq] AWS SES (Amazon Simple Email Service) is a cloud-based email-sending service that is both rel...
23 hours ago
Unixmen
A Closer Look at Remote Peering: Technologies and Techniques
-
In the realm of digital communication, the significance of efficient internet traffic exchange has escalated with the surge in global cloud content. With...
2 weeks ago
The Geek Stuff
PaloAlto init-cfg.txt Bootstrap Config file Layout with Examples
-
When you install and configure the PaloAlto firewall, when the firewall boots up for the first time, it does the bootstrapping process. PaloAlto uses the s...
1 year ago
Ubuntu Geek
Clusterssh – Administer multiple ssh or rsh shells simultaneously
-
Sponsored Link The command opens an administration console and an xterm to all specified hosts. Any text typed into the administration console is replicate...
3 years ago
There is no place like 127.0.0.1
Web Application Vulnerability Scanning Tools
-
Web Application Vulnerability Scanning Tools Nessus http://www.tenable.com/products/nessus PortSwigger https://portswigger.net/ qualys https://www.qualys....
5 years ago
Linuxaria » Linuxaria – Everything about GNU/Linux and Open source
What You Don’t Know About Linux Open Source Could Be Costing to More Than You Think
-
Guest post by Marc Fisher If you would like to test out Linux before completely switching it as your everyday driver, there are a number of means by which ...
5 years ago
WindowsNetworking.com
Resolving Sysprep problems with App-X packages (Part 1)
-
This is the first of two articles explaining how to fix systems that won't Sysprep if Windows Native/App-X applications have been removed and Windows patches.
6 years ago
WindowSecurity.com
V2V Communications security considerations
-
The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...
6 years ago
Linux 101 Hacks
10 UNIX / Linuz Size Command Examples for ObjectFiles
-
Linux size is part of GNU binutils. This utility is very helpful for programmers to analyze the data from the executable files (or object files). By defaul...
9 years ago
Aaron Walrath - Another IT Guy's Meanderings
Updating VMware Tools on Red Hat Enterprise/Scientific/CentOS Linux 6 for VMware ESXi 5
-
In a previous post I discussed installing the open source VMware tools for Red Hat Enterprise/Scientific/CentOS Linux 6 from a yum package repository provi...
12 years ago