SlideShare une entreprise Scribd logo

Securing Php

Aung Khant
Aung Khant
TechnologieÉconomie & finance
1  sur  3
Télécharger pour lire hors ligne
Securing PHP – Approaches to Web Application security Stanislav Malyshev stas@zend.com 1 Introduction Security remains one of the biggest concerns for any web application, and one that is hardest to address. This paper gives a short summary of security approaches that were tried in the past and currently researched on the example of PHP language, which is used by up to 67% of the web developers [1]. The security of the web application bases on the security of the underlying layers, such as OS and application platform layers and the application itself. While the OS layer is beyond control of the PHP project, experience shows that the language is to assist developers in developing more secure code and running it in more secure manner. The majority of the problems in PHP applications is caused by the insecure application code [2], which may allow injecting untrusted data into the output
Securing Php
Securing Php

Recommandé

Formal and Practical Aspects of Security of Operating System
Formal and Practical Aspects of Security of Operating SystemFormal and Practical Aspects of Security of Operating System
Formal and Practical Aspects of Security of Operating SystemMeghaj Mallick
 
OWASP AppSec Europe 2009 Conference
OWASP AppSec Europe 2009 ConferenceOWASP AppSec Europe 2009 Conference
OWASP AppSec Europe 2009 ConferenceSebaDeleersnyder
 
Windows 8 security eCore
Windows 8 security eCoreWindows 8 security eCore
Windows 8 security eCoreThe eCore Group
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionFarhan Tanvir
 
OWASP
OWASPOWASP
OWASPgehad hamdy
 
[PDF] CISSP Guide to Security Essentials
[PDF] CISSP Guide to Security Essentials[PDF] CISSP Guide to Security Essentials
[PDF] CISSP Guide to Security Essentialskutuer324r34
 
Client server network threat
Client server network threatClient server network threat
Client server network threatRaj vardhan
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application SecuritySirius
 

Recommandé

Formal and Practical Aspects of Security of Operating System
Formal and Practical Aspects of Security of Operating SystemFormal and Practical Aspects of Security of Operating System
Formal and Practical Aspects of Security of Operating SystemMeghaj Mallick
 
OWASP AppSec Europe 2009 Conference
OWASP AppSec Europe 2009 ConferenceOWASP AppSec Europe 2009 Conference
OWASP AppSec Europe 2009 ConferenceSebaDeleersnyder
 
Windows 8 security eCore
Windows 8 security eCoreWindows 8 security eCore
Windows 8 security eCoreThe eCore Group
 
SQL Injection
SQL InjectionSQL Injection
SQL InjectionFarhan Tanvir
 
OWASP
OWASPOWASP
OWASPgehad hamdy
 
[PDF] CISSP Guide to Security Essentials
[PDF] CISSP Guide to Security Essentials[PDF] CISSP Guide to Security Essentials
[PDF] CISSP Guide to Security Essentialskutuer324r34
 
Client server network threat
Client server network threatClient server network threat
Client server network threatRaj vardhan
 
3 Keys to Web Application Security
3 Keys to Web Application Security3 Keys to Web Application Security
3 Keys to Web Application SecuritySirius
 
Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From MalwareRishu Mehra
 
Web security by khubaib
Web security by khubaibWeb security by khubaib
Web security by khubaibKhubaib Ahmad Kunjahi
 
Security hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersSecurity hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersJiri Danihelka
 
VIRUS BY CHIRO
VIRUS BY CHIROVIRUS BY CHIRO
VIRUS BY CHIROTakagi Kun
 
Top 10 security risks for mobile backend developers
Top 10 security risks for mobile backend developersTop 10 security risks for mobile backend developers
Top 10 security risks for mobile backend developersJiri Danihelka
 
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNorth Texas Chapter of the ISSA
 
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNorth Texas Chapter of the ISSA
 
Security
SecuritySecurity
Securitynkanazawa
 
Security testing vikesh kumar
Security testing vikesh kumarSecurity testing vikesh kumar
Security testing vikesh kumarVikesh Kumar
 
Web Security Training
Web Security Training Web Security Training
Web Security Training Tonex
 
A detailed guide about dev secops
A detailed guide about dev secopsA detailed guide about dev secops
A detailed guide about dev secopsEnov8
 
Xss Xsrf
Xss XsrfXss Xsrf
Xss XsrfAung Khant
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1Aung Khant
 
XST
XSTXST
XSTAung Khant
 
Web App Security Automated Scanning
Web App Security Automated ScanningWeb App Security Automated Scanning
Web App Security Automated ScanningAung Khant
 
Web App Fingerprinting With Msn
Web App Fingerprinting With MsnWeb App Fingerprinting With Msn
Web App Fingerprinting With MsnAung Khant
 
Web Passwords
Web PasswordsWeb Passwords
Web PasswordsAung Khant
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security IissuesAung Khant
 
Web Services Info Gathering
Web Services Info GatheringWeb Services Info Gathering
Web Services Info GatheringAung Khant
 
XSS Tunnelling
XSS TunnellingXSS Tunnelling
XSS TunnellingAung Khant
 
Website Hacking Oldie
Website Hacking OldieWebsite Hacking Oldie
Website Hacking OldieAung Khant
 

Contenu connexe

Tendances

Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilitiesphanleson
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From MalwareRishu Mehra
 
Security hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersSecurity hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersJiri Danihelka
 
VIRUS BY CHIRO
VIRUS BY CHIROVIRUS BY CHIRO
VIRUS BY CHIROTakagi Kun
 
Top 10 security risks for mobile backend developers
Top 10 security risks for mobile backend developersTop 10 security risks for mobile backend developers
Top 10 security risks for mobile backend developersJiri Danihelka
 
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNorth Texas Chapter of the ISSA
 
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNorth Texas Chapter of the ISSA
 
Security testing vikesh kumar
Security testing vikesh kumarSecurity testing vikesh kumar
Security testing vikesh kumarVikesh Kumar
 
Web Security Training
Web Security Training Web Security Training
Web Security Training Tonex
 
A detailed guide about dev secops
A detailed guide about dev secopsA detailed guide about dev secops
A detailed guide about dev secopsEnov8
 

Tendances (12)

Ch08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System VulnerabilitiesCh08 Microsoft Operating System Vulnerabilities
Ch08 Microsoft Operating System Vulnerabilities
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From Malware
 
Web security by khubaib
Web security by khubaibWeb security by khubaib
Web security by khubaib
 
Security hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developersSecurity hardening and drown attack prevention for mobile backend developers
Security hardening and drown attack prevention for mobile backend developers
 
VIRUS BY CHIRO
VIRUS BY CHIROVIRUS BY CHIRO
VIRUS BY CHIRO
 
Top 10 security risks for mobile backend developers
Top 10 security risks for mobile backend developersTop 10 security risks for mobile backend developers
Top 10 security risks for mobile backend developers
 
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 2 - STRIDE by Brad Andrews
 
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad AndrewsNTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
NTXISSACSC2 - Threat Modeling Part 3 - DREAD by Brad Andrews
 
Security
SecuritySecurity
Security
 
Security testing vikesh kumar
Security testing vikesh kumarSecurity testing vikesh kumar
Security testing vikesh kumar
 
Web Security Training
Web Security Training Web Security Training
Web Security Training
 
A detailed guide about dev secops
A detailed guide about dev secopsA detailed guide about dev secops
A detailed guide about dev secops
 

En vedette

Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1Aung Khant
 
Web App Security Automated Scanning
Web App Security Automated ScanningWeb App Security Automated Scanning
Web App Security Automated ScanningAung Khant
 
Web App Fingerprinting With Msn
Web App Fingerprinting With MsnWeb App Fingerprinting With Msn
Web App Fingerprinting With MsnAung Khant
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security IissuesAung Khant
 
Web Services Info Gathering
Web Services Info GatheringWeb Services Info Gathering
Web Services Info GatheringAung Khant
 
XSS Tunnelling
XSS TunnellingXSS Tunnelling
XSS TunnellingAung Khant
 
Website Hacking Oldie
Website Hacking OldieWebsite Hacking Oldie
Website Hacking OldieAung Khant
 
Protecting Web App
Protecting Web AppProtecting Web App
Protecting Web AppAung Khant
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php AppAung Khant
 
Secure Cross Domain Communication
Secure Cross Domain CommunicationSecure Cross Domain Communication
Secure Cross Domain CommunicationAung Khant
 
Session Fixation
Session FixationSession Fixation
Session FixationAung Khant
 
Grabalo En El Cd
Grabalo En El CdGrabalo En El Cd
Grabalo En El Cdfdaian
 
Reflexion Valor Anadido Tic
Reflexion Valor Anadido TicReflexion Valor Anadido Tic
Reflexion Valor Anadido TicHerminia
 
Circo Surrealista
Circo SurrealistaCirco Surrealista
Circo Surrealistaguestb1a5b3
 
De Real Value of Virtual Worlds II
De Real Value of Virtual Worlds IIDe Real Value of Virtual Worlds II
De Real Value of Virtual Worlds IIRick van der Wal
 

En vedette (20)

Xss Xsrf
Xss XsrfXss Xsrf
Xss Xsrf
 
Php Security Value1
Php Security Value1Php Security Value1
Php Security Value1
 
XST
XSTXST
XST
 
Web App Security Automated Scanning
Web App Security Automated ScanningWeb App Security Automated Scanning
Web App Security Automated Scanning
 
Web App Fingerprinting With Msn
Web App Fingerprinting With MsnWeb App Fingerprinting With Msn
Web App Fingerprinting With Msn
 
Web Passwords
Web PasswordsWeb Passwords
Web Passwords
 
Php Security Iissues
Php Security IissuesPhp Security Iissues
Php Security Iissues
 
Web Services Info Gathering
Web Services Info GatheringWeb Services Info Gathering
Web Services Info Gathering
 
XSS Tunnelling
XSS TunnellingXSS Tunnelling
XSS Tunnelling
 
Website Hacking Oldie
Website Hacking OldieWebsite Hacking Oldie
Website Hacking Oldie
 
Protecting Web App
Protecting Web AppProtecting Web App
Protecting Web App
 
Securing Php App
Securing Php AppSecuring Php App
Securing Php App
 
Secure Cross Domain Communication
Secure Cross Domain CommunicationSecure Cross Domain Communication
Secure Cross Domain Communication
 
Session Fixation
Session FixationSession Fixation
Session Fixation
 
Grabalo En El Cd
Grabalo En El CdGrabalo En El Cd
Grabalo En El Cd
 
Reflexion Valor Anadido Tic
Reflexion Valor Anadido TicReflexion Valor Anadido Tic
Reflexion Valor Anadido Tic
 
Circo Surrealista
Circo SurrealistaCirco Surrealista
Circo Surrealista
 
Snaptalent
SnaptalentSnaptalent
Snaptalent
 
De Real Value of Virtual Worlds II
De Real Value of Virtual Worlds IIDe Real Value of Virtual Worlds II
De Real Value of Virtual Worlds II
 
Caminos
CaminosCaminos
Caminos
 

Similaire à Securing Php

A survey of cloud based secured web application
A survey of cloud based secured web applicationA survey of cloud based secured web application
A survey of cloud based secured web applicationIAEME Publication
 
A new model for the selection of web development frameworks: application to P...
A new model for the selection of web development frameworks: application to P...A new model for the selection of web development frameworks: application to P...
A new model for the selection of web development frameworks: application to P...IJECEIAES
 
Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities Papitha Velumani
 
Most Popular PHP Frameworks for web development in 2023.pdf
Most Popular PHP Frameworks for web development in 2023.pdfMost Popular PHP Frameworks for web development in 2023.pdf
Most Popular PHP Frameworks for web development in 2023.pdfHarryParker32
 
A comparative study of laravel and symfony PHP frameworks
A comparative study of laravel and symfony PHP frameworksA comparative study of laravel and symfony PHP frameworks
A comparative study of laravel and symfony PHP frameworksIJECEIAES
 
Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...IJECEIAES
 
First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017gmaran23
 
main report on restaurant
main report on restaurantmain report on restaurant
main report on restaurantNeeraj Kumar
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Achim D. Brucker
 
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...cscpconf
 
Difference Between Asp.Net and PHP
Difference Between Asp.Net and PHP Difference Between Asp.Net and PHP
Difference Between Asp.Net and PHP Rosalie Lauren
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportJeremiah Grossman
 
Top 10 techniques to minimize security vulnerabilities in php application dev...
Top 10 techniques to minimize security vulnerabilities in php application dev...Top 10 techniques to minimize security vulnerabilities in php application dev...
Top 10 techniques to minimize security vulnerabilities in php application dev...Andolasoft Inc
 
Pattern based software patent
Pattern based software patentPattern based software patent
Pattern based software patentIAEME Publication
 
Pattern based software patent
Pattern based software patentPattern based software patent
Pattern based software patentiaemedu
 
php blunders
php blundersphp blunders
php blundersdecatv
 
overview introduction to Software Engineering
overview introduction to Software Engineeringoverview introduction to Software Engineering
overview introduction to Software EngineeringMuhammad Sikandar Mustafa
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsAlan Kan
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩baoyin
 

Similaire à Securing Php (20)

A survey of cloud based secured web application
A survey of cloud based secured web applicationA survey of cloud based secured web application
A survey of cloud based secured web application
 
A new model for the selection of web development frameworks: application to P...
A new model for the selection of web development frameworks: application to P...A new model for the selection of web development frameworks: application to P...
A new model for the selection of web development frameworks: application to P...
 
Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities Analysis of field data on web security vulnerabilities
Analysis of field data on web security vulnerabilities
 
Most Popular PHP Frameworks for web development in 2023.pdf
Most Popular PHP Frameworks for web development in 2023.pdfMost Popular PHP Frameworks for web development in 2023.pdf
Most Popular PHP Frameworks for web development in 2023.pdf
 
A comparative study of laravel and symfony PHP frameworks
A comparative study of laravel and symfony PHP frameworksA comparative study of laravel and symfony PHP frameworks
A comparative study of laravel and symfony PHP frameworks
 
Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...Ontology-based context-sensitive software security knowledge management model...
Ontology-based context-sensitive software security knowledge management model...
 
First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017First Software Security Netherlands Meet Up - Delft - 18 May 2017
First Software Security Netherlands Meet Up - Delft - 18 May 2017
 
main report on restaurant
main report on restaurantmain report on restaurant
main report on restaurant
 
Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...Using Third Party Components for Building an Application Might be More Danger...
Using Third Party Components for Building an Application Might be More Danger...
 
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
DEPENDABLE WEB SERVICES SECURITY ARCHITECTURE DEVELOPMENT THEORETICAL AND PRA...
 
Difference Between Asp.Net and PHP
Difference Between Asp.Net and PHP Difference Between Asp.Net and PHP
Difference Between Asp.Net and PHP
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
 
Top 10 techniques to minimize security vulnerabilities in php application dev...
Top 10 techniques to minimize security vulnerabilities in php application dev...Top 10 techniques to minimize security vulnerabilities in php application dev...
Top 10 techniques to minimize security vulnerabilities in php application dev...
 
Pattern based software patent
Pattern based software patentPattern based software patent
Pattern based software patent
 
Pattern based software patent
Pattern based software patentPattern based software patent
Pattern based software patent
 
php blunders
php blundersphp blunders
php blunders
 
overview introduction to Software Engineering
overview introduction to Software Engineeringoverview introduction to Software Engineering
overview introduction to Software Engineering
 
Web Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging ThreatsWeb Application Testing for Today’s Biggest and Emerging Threats
Web Application Testing for Today’s Biggest and Emerging Threats
 
Best PHP Frameworks
Best PHP FrameworksBest PHP Frameworks
Best PHP Frameworks
 
六合彩香港-六合彩
六合彩香港-六合彩六合彩香港-六合彩
六合彩香港-六合彩
 

Plus de Aung Khant

Introducing Msd
Introducing MsdIntroducing Msd
Introducing MsdAung Khant
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server IbmAung Khant
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design PatternsAung Khant
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code ReviewAung Khant
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering ExecutiveAung Khant
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith PatternsAung Khant
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web ServersAung Khant
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web AppAung Khant
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection PaperAung Khant
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv OwaspAung Khant
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White PaperAung Khant
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementAung Khant
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege EscalationAung Khant
 
Php Security Workshop
Php Security WorkshopPhp Security Workshop
Php Security WorkshopAung Khant
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApacheAung Khant
 
Protecting Web Based Applications
Protecting Web Based ApplicationsProtecting Web Based Applications
Protecting Web Based ApplicationsAung Khant
 
Search Attacks
Search AttacksSearch Attacks
Search AttacksAung Khant
 
Secure Dev Practices
Secure Dev PracticesSecure Dev Practices
Secure Dev PracticesAung Khant
 

Plus de Aung Khant (20)

Introducing Msd
Introducing MsdIntroducing Msd
Introducing Msd
 
Securing Web Server Ibm
Securing Web Server IbmSecuring Web Server Ibm
Securing Web Server Ibm
 
Security Design Patterns
Security Design PatternsSecurity Design Patterns
Security Design Patterns
 
Security Code Review
Security Code ReviewSecurity Code Review
Security Code Review
 
Security Engineering Executive
Security Engineering ExecutiveSecurity Engineering Executive
Security Engineering Executive
 
Security Engineeringwith Patterns
Security Engineeringwith PatternsSecurity Engineeringwith Patterns
Security Engineeringwith Patterns
 
Security Web Servers
Security Web ServersSecurity Web Servers
Security Web Servers
 
Security Testing Web App
Security Testing Web AppSecurity Testing Web App
Security Testing Web App
 
Sql Injection Paper
Sql Injection PaperSql Injection Paper
Sql Injection Paper
 
Sql Injection Adv Owasp
Sql Injection Adv OwaspSql Injection Adv Owasp
Sql Injection Adv Owasp
 
Sql Injection White Paper
Sql Injection White PaperSql Injection White Paper
Sql Injection White Paper
 
S Shah Web20
S Shah Web20S Shah Web20
S Shah Web20
 
S Vector4 Web App Sec Management
S Vector4 Web App Sec ManagementS Vector4 Web App Sec Management
S Vector4 Web App Sec Management
 
Privilege Escalation
Privilege EscalationPrivilege Escalation
Privilege Escalation
 
Php Security Workshop
Php Security WorkshopPhp Security Workshop
Php Security Workshop
 
Preventing Xs Sin Perl Apache
Preventing Xs Sin Perl ApachePreventing Xs Sin Perl Apache
Preventing Xs Sin Perl Apache
 
Protecting Web Based Applications
Protecting Web Based ApplicationsProtecting Web Based Applications
Protecting Web Based Applications
 
Ruby Security
Ruby SecurityRuby Security
Ruby Security
 
Search Attacks
Search AttacksSearch Attacks
Search Attacks
 
Secure Dev Practices
Secure Dev PracticesSecure Dev Practices
Secure Dev Practices
 

Dernier

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 

Dernier (20)

Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 

Securing Php

  • 1. Securing PHP – Approaches to Web Application security Stanislav Malyshev stas@zend.com 1 Introduction Security remains one of the biggest concerns for any web application, and one that is hardest to address. This paper gives a short summary of security approaches that were tried in the past and currently researched on the example of PHP language, which is used by up to 67% of the web developers [1]. The security of the web application bases on the security of the underlying layers, such as OS and application platform layers and the application itself. While the OS layer is beyond control of the PHP project, experience shows that the language is to assist developers in developing more secure code and running it in more secure manner. The majority of the problems in PHP applications is caused by the insecure application code [2], which may allow injecting untrusted data into the output