PHP Super Puzzle: Superglobal brings the hacker _php tutorial

Imperva, a pioneer and leader in new business security solutions, is committed to providing security solutions for key applications and high-value business data in the data center, taking the lead in introducing a new layer of protection specifically designed for physical and virtual data centers as the third pillar of enterprise security. Recently, the company released the September Hacker Intelligence Action Report-"PHP superglobals: Super Problem" (phpsuperglobals:supersized trouble), the recent attack on the PHP application launched in-depth analysis, including the PHP " Superglobal "parameter, and further analyzes the general characteristics of the attack activity and the significance of the overall integrity of the web.

"Attacked hosts can be used as zombie slaves to attack other servers, so attacks initiated against PHP applications can affect the security and health of the entire network," said Amichai Shulman, chief technology officer at Imperva. These attacks will have very serious consequences, as the PHP platform is the most commonly used Web application development platform to support more than 80% sites, including Facebook and Wikipedia. It is clear that the security community must now pay more attention to this issue. ”

The report also found that hackers ' ability to fuse advanced attack technologies into simple scripts is increasing. At the same time, the report argues that PHP Superglobals can be a major target for hacking by providing high ROI for attacks.

PHP Superglobal parameters are increasingly popular in the hacker community because they can integrate multiple security issues into the same advanced cyber threat, destroying application logic, damaging servers, and causing fraudulent transactions and data theft. The Imperva research team noted that for one months each application averaged 144 attacks with Superglobal parameter attack paths. In addition, the researchers found that attacks can last more than five months, and at peak request times, each application will suffer as many as 90 attacks per minute.

The highlights and recommendations of the report include:

• If a key is exposed to a third-party infrastructure, a "retreat"-Safe mode is required: The report found weaknesses in widely used phpMyAdmin (PMA) tools for managing MySQL databases in a PHP environment. Because the tool is often tied to other applications that use the MySQL database, its weaknesses can affect the server, and even if the tool is not used by the administrator, the server will be attacked by code execution, causing the entire server to be taken over. In order to solve this problem, it is recommended to use "retreat" type safety mode.

• It is best to adopt positive safety mode: The active security mechanism prescribes the available parameter names for each resource, and only this mode prevents attackers from manipulating weak links with external variables that allow everyone to send external parameters with the same internal variable name, overwriting the original internal variable values.

• Hackers are becoming smarter: Imperva researchers have found that attackers can initiate complex attacks and integrate them into easy-to-use tools. However, there is a flaw in the PHP attack as well as the ability to perform powerful attacks. An application security solution that detects and eliminates an attack phase can cause the entire attack to be reactive.

• The Superglobal parameter in the request should be masked: These parameters do not appear in the request for any reason, and should therefore be banned.

http://www.bkjia.com/PHPjc/739149.html www.bkjia.com true http://www.bkjia.com/PHPjc/739149.html techarticle Imperva, a pioneer and leader in new business security solutions, is committed to providing security solutions for key applications and high-value business data in the data center, the first to launch ...

