Learning the essence of PHP and writing efficient PHP code for security _ PHP Tutorial

Learn the essence of PHP and write efficient PHP code for security. I. filtering input and avoiding output sometimes we filter input by phrase and avoid abbreviated output as FIEO, which has become a security mantra for PHP applications. 1. use ctype to verify ctype: 1. filter input and avoid output

Sometimes the phrase "filter input and avoid output" is abbreviated as FIEO, which has become a security mantra for PHP applications.

1. use ctype for verification

Ctype: http://php.net/ctype

2. use PCRE (Perl-compatible regular expression) for verification

PC: http://php.net/pcre

II. cross-site scripting

Cross-site scripting is usually referred to as XSS. the attack vector is targeted at the location of the variable provided by the user in the application output, but the variable is not properly converted. This allows attackers to inject a client script they selected as part of the variable value. The following is an example of the code being attacked by this type:

Online resources:

1. http://ha.ckers.org/xss.html

2. http://shiflett.org/articles/cross-site-scripting

3. http://seancoates.com/blogs/xss-woes

3. counterfeit cross-site scripts

For example, an attacker wants to get an expensive item from a popular online store without paying for it. Instead, they want an unknown victim to pay the amount. The weapon they chose was a forged cross-site request. The objective of this type of attack is to allow the victim to send a request to a specific website, so as to take advantage of the identity information that the victim has registered on the website.

Online resources:

1. http://shiflett.org/articles/cross-site-request-forgeries

2. http://shiflett.org/articles/foiling-cross-site-attacks

IV. fixed sessions

As shown in the preceding figure, user sessions are a target that is frequently attacked. this ability to identify potential victims and target websites makes some attacks accessible. There are three methods for attackers to obtain valid session identifiers. In order of difficulty, they are:

1. fixed

2. capture

3. prediction

Online resources:

1. http://shiflett.org/articles/session-fixation

2. http://phpsec.org/projects/guide/4.html#4.1

3. http://www.owasp.org/index.php/Session_fixation

5. session hijacking

Session hijacking is difficult to understand because we use it to describe two things:

1. any type of attacks that allow an attacker to access a session associated with the victim's account on the website, regardless of how the attacker obtains access.

2. you need to capture an existing session identifier, rather than a specific type of attack that gets the session identifier through fixed technology or prediction.

Online resources:

1. http://shiflett.org/articles/session-hijacking

2. http://shiflett.org/articles/the-truth-about-sessions

3. http://phpsec.org/projects/guide/4.html#4.2

VI. SQL injection

The nature of this type of attack is related to "filter input and avoid output" mentioned above. Basically, SQL injection is very similar to XSS. in XSS, the attack object makes the application think that the meaning of user input exceeds the data it represents. XSS is used to execute the input as the client code, and SQL injection is used to make the input considered an SQL query or a part of the query.

Online resources:

1. http://shiflett.org/articles/sql-injection

2. http://phpsec.org/projects/guide/3.html#3.2

VII. password storage

When Web applications can effectively process user input in database queries, attackers need to use more extensive means to access user accounts. In general, this includes obtaining access creden。 of victims to access their data.

One of the implementation methods is to forcibly enter the database server used by the Web application. Based on the database you are using, how to configure the database, and other related information, attackers have many intrusion methods.

Online resources:

1. http://php.net/mcrypt

2. http://www.openwall.com/phpass/

3. http://codahale.com/how-to-safely-store-a-password/

8. brute-force cracking

For attackers, the technical threshold for database intrusion or decryption and encryption is too high. In this case, attackers may try to use a script to simulate an HTTP request for a normal user to log on to the Web application using a browser. they attempt to log on using the given username and random password, until the correct password is found. This method becomes "brute-force attack ".

Online resources:

1. https://www.owasp.org/index.php/Brute_force_attack

2. http://en.wikipedia.org/wiki/Brute-force_attack

IX. SSL

Online resources:

1. http://arst.ch/bgm

2. http://www.owasp.org/index.php/SSL_Best_Practices

PHP Security Related Resources:

1. http://www.php.net/manual/en/security.php PHP manual on various security issues

2, http://phpsecurity.org/This is the book "Essential PHP Security" related websites

3. one of the projects of http://phpsec.org/projects/guide/ PHP Security Association is PHP Security Guide

4. http://www.enigmagroup.org/The website provides information and practical exercises on many potential attack carriers for Web applications and forums.

Sometimes, phrase filtering is used to filter input and prevent the output from being abbreviated as FIEO, which has become a security mantra for PHP applications. 1. use ctype to verify ctype :...