Command Center

#!/bin/GREPing a '[programmer][sysadmin]' with Killer Skillz

Rss 2.0


Wednesday, December 23, 2009

PHP Security Guide

Category: 2dos, PHP, Security — SkyHi @ Wednesday, December 23, 2009
Table of Contents
1. Overview
1.1 What Is Security?
1.2 Basic Steps
1.3 Register Globals
1.4 Data Filtering
1.4.1 The Dispatch Method
1.4.2 The Include Method
1.4.3 Filtering Examples
1.4.4 Naming Conventions
1.4.5 Timing
1.5 Error Reporting
2. Form Processing
2.1 Spoofed Form Submissions
2.2 Spoofed HTTP Requests
2.3 Cross-Site Scripting
2.4 Cross-Site Request Forgeries
3. Databases and SQL
3.1 Exposed Access Credentials
3.2 SQL Injection
4. Sessions
4.1 Session Fixation
4.2 Session Hijacking
5. Shared Hosts
5.1 Exposed Session Data
5.2 Browsing the Filesystem
6. About
6.1 About This Guide
6.2 About the PHP Security Consortium
6.3 More Information

Reference: http://phpsec.org/projects/guide/

Newer Post Older Post Home

Labels

  • 2dos (11)
  • Active Directory (2)
  • Adobe (1)
  • AIDE (1)
  • Amanda (4)
  • Amavisd-new ClamAv Spamassassin (12)
  • Amazon EC2 (2)
  • Android (6)
  • Anti-virus (1)
  • Apache (87)
  • APC (2)
  • awk (3)
  • Awstats (6)
  • Backup (35)
  • Bacula (9)
  • bash (37)
  • Bind DNS (51)
  • Blogger (9)
  • Bookmarks (1)
  • Bulkmail (3)
  • Caching (3)
  • Cacti (2)
  • CakePHP (1)
  • Centos (100)
  • Centos 6 (12)
  • Centos minimal services (10)
  • CentOS/RedHat (12)
  • Cheatsheets (16)
  • Cisco (19)
  • clone migrate (9)
  • Clonezilla (2)
  • Cloud (1)
  • Comodo Firewall (3)
  • Compare_files (1)
  • Compile LAMP (2)
  • cPanel (15)
  • crontab (2)
  • CSS (6)
  • Curl (2)
  • Cygwin (3)
  • DEB_APT (4)
  • Debian (17)
  • Dell Server (1)
  • DHCP (4)
  • Django (1)
  • DOS attack (10)
  • Dovecot (7)
  • DRBD (28)
  • Drupal (3)
  • ebook (1)
  • encoding (1)
  • exploits (2)
  • fail2ban (7)
  • ffmpeg (9)
  • find (12)
  • find_and_replace (2)
  • Firefox (1)
  • flowplayer (1)
  • FreeBSD (7)
  • FreeNAS (3)
  • Git (2)
  • GLPI (1)
  • GlusterFS (3)
  • GNU screen (16)
  • Google Chrome (1)
  • grsecurity (3)
  • Hack (36)
  • Hard Drive (5)
  • Hardware (22)
  • Heartbeat (19)
  • High Availability (35)
  • Hosting (3)
  • howto (1)
  • HP Proliant (2)
  • htaccess (4)
  • HTML (2)
  • iApple (2)
  • ImageMagick (1)
  • iPhone (1)
  • IPMI (1)
  • ipplan (1)
  • IPsec (2)
  • iptables (24)
  • ipv6 (11)
  • iscsi (3)
  • ISPConfig (2)
  • Javascript (2)
  • JBoss (1)
  • Joomla (1)
  • Kernel (11)
  • KVM (1)
  • Life (2)
  • Linux (88)
  • Linux_admin_tool (4)
  • Linux-HA (33)
  • Load Balancer (4)
  • logrotate (1)
  • LogWatch (9)
  • LVM (6)
  • Mac OS (31)
  • malware (2)
  • mediawiki (2)
  • Memcached (7)
  • Misc (2)
  • Mobile (1)
  • mod_evasive (5)
  • mod_rewrite (22)
  • mod_security (12)
  • mrtg (2)
  • Music (1)
  • MySQL (83)
  • Nagios Icinga (6)
  • NAT (1)
  • Netapp (1)
  • netcat (1)
  • Networking (27)
  • NFS (2)
  • Nginx (15)
  • Nmap (2)
  • NoSQL (2)
  • NTP (1)
  • OCSinventory (1)
  • OpenVPN (9)
  • OpenVZ (5)
  • Oracle (2)
  • outlook (1)
  • Parsing Data (6)
  • PCI Compliance (2)
  • Performance Tune (39)
  • Perl (22)
  • Permission (10)
  • pfSense (6)
  • PHP (123)
  • phpBB (1)
  • phpMyAdmin (3)
  • Postfix (86)
  • PostfixAdmin (1)
  • PostgreSQL (1)
  • Printer (1)
  • Problem Set (1)
  • Proftpd (15)
  • Programming Talk (12)
  • proverbs (1)
  • Proxy (1)
  • Puppet (2)
  • putty (1)
  • Python (5)
  • RAID (19)
  • Regular Expression (3)
  • Reverse Proxy (2)
  • RHEL (3)
  • RHEV (2)
  • rootkits (2)
  • rsync (11)
  • Rsyslog (1)
  • Samba (22)
  • SAN (2)
  • scripts (47)
  • Security (73)
  • SELinux (4)
  • Sendmail (82)
  • SEO (17)
  • Smart_Phone (1)
  • smartd (2)
  • SMTP Auth (3)
  • Solaris (2)
  • Spam (5)
  • SQL Injection (6)
  • Squirrelmail Autoresponder (10)
  • ssh (15)
  • SSL (2)
  • strace (1)
  • Subversion (9)
  • sudo (6)
  • Suhosin (7)
  • suPHP (30)
  • sysadmin (1)
  • tmux (7)
  • Tomcat (1)
  • Tools (5)
  • TrueCrypt (5)
  • Ubuntu (104)
  • Unicode (2)
  • Varnish (1)
  • Vim (23)
  • Virtulization (1)
  • VMware ESX Vsphere (27)
  • VMware Workstation (4)
  • vnc (5)
  • VOIP (3)
  • VPN (2)
  • vsftpd (10)
  • w00t (6)
  • Webdev (5)
  • wget (13)
  • Windows (40)
  • Windows 7 (35)
  • Windows 8 (1)
  • Windows excel (3)
  • Windows Exchange 2003 (1)
  • Windows Exchange 2007 (5)
  • Windows Hyper-V (1)
  • Windows HyperV (1)
  • Windows IE (2)
  • Windows IIS (9)
  • Windows Office (1)
  • Windows Outlook (56)
  • Windows Security (1)
  • Windows Server (13)
  • Windows Server 2003 (11)
  • Windows Server 2008 (18)
  • Windows Server 2012 (1)
  • Windows SMTP (1)
  • Windows Terminal Server (1)
  • Windows XP (3)
  • Wireless (8)
  • Wordpress (18)
  • xdebug (3)
  • Xen (2)
  • XSS (5)
  • Yum RPM (37)
  • ZFS (2)

Blog Archive

  • ►  2014 (3)
    • ►  06/22 - 06/29 (1)
    • ►  04/06 - 04/13 (1)
    • ►  03/23 - 03/30 (1)
  • ►  2013 (33)
    • ►  12/15 - 12/22 (2)
    • ►  09/08 - 09/15 (1)
    • ►  08/25 - 09/01 (3)
    • ►  08/18 - 08/25 (2)
    • ►  07/21 - 07/28 (1)
    • ►  07/14 - 07/21 (1)
    • ►  06/16 - 06/23 (1)
    • ►  06/09 - 06/16 (1)
    • ►  05/19 - 05/26 (1)
    • ►  04/28 - 05/05 (1)
    • ►  04/21 - 04/28 (1)
    • ►  04/14 - 04/21 (2)
    • ►  03/24 - 03/31 (1)
    • ►  03/17 - 03/24 (1)
    • ►  03/10 - 03/17 (1)
    • ►  02/24 - 03/03 (3)
    • ►  02/17 - 02/24 (1)
    • ►  02/03 - 02/10 (1)
    • ►  01/27 - 02/03 (1)
    • ►  01/13 - 01/20 (2)
    • ►  01/06 - 01/13 (5)
  • ►  2012 (181)
    • ►  12/30 - 01/06 (3)
    • ►  12/16 - 12/23 (7)
    • ►  12/09 - 12/16 (2)
    • ►  12/02 - 12/09 (1)
    • ►  11/25 - 12/02 (3)
    • ►  11/18 - 11/25 (2)
    • ►  10/21 - 10/28 (2)
    • ►  10/14 - 10/21 (2)
    • ►  10/07 - 10/14 (2)
    • ►  09/09 - 09/16 (1)
    • ►  09/02 - 09/09 (1)
    • ►  08/26 - 09/02 (4)
    • ►  08/19 - 08/26 (6)
    • ►  08/12 - 08/19 (26)
    • ►  08/05 - 08/12 (7)
    • ►  07/29 - 08/05 (3)
    • ►  07/22 - 07/29 (6)
    • ►  07/15 - 07/22 (2)
    • ►  07/08 - 07/15 (5)
    • ►  07/01 - 07/08 (1)
    • ►  06/24 - 07/01 (2)
    • ►  06/17 - 06/24 (9)
    • ►  06/10 - 06/17 (2)
    • ►  06/03 - 06/10 (7)
    • ►  05/27 - 06/03 (8)
    • ►  05/13 - 05/20 (1)
    • ►  05/06 - 05/13 (1)
    • ►  04/22 - 04/29 (2)
    • ►  04/15 - 04/22 (4)
    • ►  04/08 - 04/15 (3)
    • ►  03/18 - 03/25 (2)
    • ►  03/11 - 03/18 (7)
    • ►  03/04 - 03/11 (6)
    • ►  02/26 - 03/04 (3)
    • ►  02/19 - 02/26 (3)
    • ►  02/12 - 02/19 (2)
    • ►  02/05 - 02/12 (3)
    • ►  01/29 - 02/05 (3)
    • ►  01/22 - 01/29 (7)
    • ►  01/15 - 01/22 (6)
    • ►  01/08 - 01/15 (8)
    • ►  01/01 - 01/08 (6)
  • ►  2011 (283)
    • ►  12/25 - 01/01 (5)
    • ►  12/18 - 12/25 (7)
    • ►  12/11 - 12/18 (9)
    • ►  12/04 - 12/11 (13)
    • ►  11/27 - 12/04 (8)
    • ►  11/20 - 11/27 (3)
    • ►  11/13 - 11/20 (4)
    • ►  11/06 - 11/13 (7)
    • ►  10/30 - 11/06 (5)
    • ►  10/23 - 10/30 (1)
    • ►  10/16 - 10/23 (11)
    • ►  10/09 - 10/16 (2)
    • ►  10/02 - 10/09 (3)
    • ►  09/25 - 10/02 (8)
    • ►  09/18 - 09/25 (9)
    • ►  09/11 - 09/18 (5)
    • ►  09/04 - 09/11 (4)
    • ►  08/28 - 09/04 (9)
    • ►  08/21 - 08/28 (3)
    • ►  08/14 - 08/21 (1)
    • ►  08/07 - 08/14 (3)
    • ►  07/31 - 08/07 (2)
    • ►  07/24 - 07/31 (6)
    • ►  07/17 - 07/24 (2)
    • ►  07/10 - 07/17 (6)
    • ►  07/03 - 07/10 (10)
    • ►  06/26 - 07/03 (6)
    • ►  06/19 - 06/26 (8)
    • ►  06/12 - 06/19 (5)
    • ►  06/05 - 06/12 (6)
    • ►  05/29 - 06/05 (4)
    • ►  05/22 - 05/29 (3)
    • ►  05/15 - 05/22 (8)
    • ►  05/08 - 05/15 (6)
    • ►  05/01 - 05/08 (8)
    • ►  04/24 - 05/01 (1)
    • ►  04/17 - 04/24 (2)
    • ►  04/10 - 04/17 (3)
    • ►  04/03 - 04/10 (3)
    • ►  03/27 - 04/03 (6)
    • ►  03/20 - 03/27 (3)
    • ►  03/13 - 03/20 (8)
    • ►  03/06 - 03/13 (7)
    • ►  02/27 - 03/06 (5)
    • ►  02/20 - 02/27 (4)
    • ►  02/13 - 02/20 (6)
    • ►  02/06 - 02/13 (4)
    • ►  01/30 - 02/06 (1)
    • ►  01/23 - 01/30 (5)
    • ►  01/16 - 01/23 (11)
    • ►  01/09 - 01/16 (6)
    • ►  01/02 - 01/09 (8)
  • ►  2010 (750)
    • ►  12/26 - 01/02 (8)
    • ►  12/19 - 12/26 (7)
    • ►  12/12 - 12/19 (3)
    • ►  12/05 - 12/12 (8)
    • ►  11/28 - 12/05 (11)
    • ►  11/21 - 11/28 (8)
    • ►  11/14 - 11/21 (1)
    • ►  11/07 - 11/14 (27)
    • ►  10/31 - 11/07 (6)
    • ►  10/24 - 10/31 (6)
    • ►  10/17 - 10/24 (7)
    • ►  10/10 - 10/17 (4)
    • ►  10/03 - 10/10 (6)
    • ►  09/26 - 10/03 (4)
    • ►  09/19 - 09/26 (4)
    • ►  09/12 - 09/19 (13)
    • ►  09/05 - 09/12 (13)
    • ►  08/29 - 09/05 (7)
    • ►  08/22 - 08/29 (17)
    • ►  08/15 - 08/22 (5)
    • ►  08/08 - 08/15 (11)
    • ►  08/01 - 08/08 (3)
    • ►  07/25 - 08/01 (5)
    • ►  07/18 - 07/25 (8)
    • ►  07/11 - 07/18 (13)
    • ►  07/04 - 07/11 (9)
    • ►  06/27 - 07/04 (15)
    • ►  06/20 - 06/27 (13)
    • ►  06/13 - 06/20 (40)
    • ►  06/06 - 06/13 (23)
    • ►  05/30 - 06/06 (33)
    • ►  05/23 - 05/30 (37)
    • ►  05/16 - 05/23 (21)
    • ►  05/09 - 05/16 (10)
    • ►  05/02 - 05/09 (8)
    • ►  04/25 - 05/02 (19)
    • ►  04/18 - 04/25 (13)
    • ►  04/11 - 04/18 (19)
    • ►  04/04 - 04/11 (10)
    • ►  03/28 - 04/04 (16)
    • ►  03/21 - 03/28 (11)
    • ►  03/14 - 03/21 (4)
    • ►  03/07 - 03/14 (8)
    • ►  02/28 - 03/07 (7)
    • ►  02/21 - 02/28 (12)
    • ►  02/14 - 02/21 (50)
    • ►  02/07 - 02/14 (26)
    • ►  01/31 - 02/07 (33)
    • ►  01/24 - 01/31 (5)
    • ►  01/17 - 01/24 (69)
    • ►  01/10 - 01/17 (20)
    • ►  01/03 - 01/10 (14)
  • ▼  2009 (429)
    • ►  12/27 - 01/03 (25)
    • ▼  12/20 - 12/27 (9)
      • Restart or Shutdown Windows (XP, 2000 and Vista) f...
      • PHP Security Guide
      • Apache directoryindex per virtualhost
      • dns @ sign means
      • DNS Records Explained with Examples
      • How to: Troubleshoot UNIX / Linux BIND DNS server ...
      • Microsoft words 2007 macros security problem
      • Troubleshooting Memory Usage
      • /dev/sda3 has gone 188 days without being checked,...
    • ►  12/13 - 12/20 (19)
    • ►  12/06 - 12/13 (43)
    • ►  11/29 - 12/06 (18)
    • ►  11/22 - 11/29 (38)
    • ►  11/15 - 11/22 (3)
    • ►  11/08 - 11/15 (3)
    • ►  11/01 - 11/08 (19)
    • ►  10/25 - 11/01 (1)
    • ►  10/18 - 10/25 (1)
    • ►  10/11 - 10/18 (3)
    • ►  10/04 - 10/11 (1)
    • ►  09/27 - 10/04 (17)
    • ►  09/20 - 09/27 (10)
    • ►  09/13 - 09/20 (13)
    • ►  09/06 - 09/13 (14)
    • ►  08/30 - 09/06 (11)
    • ►  08/23 - 08/30 (61)
    • ►  08/16 - 08/23 (93)
    • ►  08/09 - 08/16 (13)
    • ►  08/02 - 08/09 (14)

My Blog List

  • Frequently Asked Questions About Linux / UNIX
    How to list upgradeable packages on FreeBSD using pkg - [image: See all FreeBSD related FAQ] Here is a quick list of all upgradeable packages on FreeBSD using pkg command. This is equivalent to apt list --upgrad...
    3 months ago
  • Unixmen
    Get ready to start your research for the perfect bi woman - Get ready to start your research for the perfect bi woman Looking for a bi girl are a daunting task, however it is one that’s well worth undertaking. the...
    4 months ago
  • The Geek Stuff
    PaloAlto init-cfg.txt Bootstrap Config file Layout with Examples - When you install and configure the PaloAlto firewall, when the firewall boots up for the first time, it does the bootstrapping process. PaloAlto uses the s...
    3 years ago
  • Ubuntu Geek
    Clusterssh – Administer multiple ssh or rsh shells simultaneously - Sponsored Link The command opens an administration console and an xterm to all specified hosts. Any text typed into the administration console is replicate...
    4 years ago
  • There is no place like 127.0.0.1
    Use Mosh instead of SSH - Mosh is a replacement for SSH. It's more robust and responsive, especially over Wi-Fi WiFi, cellular, and long-distance links. *On Ubuntu:* # add-apt-repo...
    6 years ago
  • Linuxaria » Linuxaria – Everything about GNU/Linux and Open source
    Useful Resources for Those Who Want to Know More About Linux - Guest post by Lucy Benton Linux is one of the most popular and versatile operating systems available. It can be used on a smartphone, computer and even a c...
    7 years ago
  • WindowsNetworking.com
    Resolving Sysprep problems with App-X packages (Part 1) - This is the first of two articles explaining how to fix systems that won't Sysprep if Windows Native/App-X applications have been removed and Windows patches.
    8 years ago
  • WindowSecurity.com
    V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...
    8 years ago
  • Linux 101 Hacks
    10 UNIX / Linuz Size Command Examples for ObjectFiles - Linux size is part of GNU binutils. This utility is very helpful for programmers to analyze the data from the executable files (or object files). By defaul...
    10 years ago
  • Aaron Walrath - Another IT Guy's Meanderings
    Updating VMware Tools on Red Hat Enterprise/Scientific/CentOS Linux 6 for VMware ESXi 5 - In a previous post I discussed installing the open source VMware tools for Red Hat Enterprise/Scientific/CentOS Linux 6 from a yum package repository provi...
    13 years ago

 

top