Technical topics-php Code audits

Bad guys
Links: https://zhuanlan.zhihu.com/p/24472674
Source: Know
Copyright belongs to the author. Commercial reprint please contact the author for authorization, non-commercial reprint please specify the source.

First, preface

PHP code Audit, such as the literal meaning of the PHP source code to review, understand the logic of the Code, found in the security loopholes. If there is SQL injection in the audit code, check the code for the transfer and invocation of the SQL statement to the database.

There is no threshold for getting started PHP code audits, just understanding the underlying PHP syntax rules, and understanding the causes of various types of vulnerabilities can start to try to audit PHP source code. The usual vulnerability demo in which SQL statements pass directly into PHP's own functions into the database execution, but in actual software projects, usually programmed with object-oriented thinking, involves various forms of encapsulation, invocation, and a different style of framework, under which only the patience to keep track of the invocation process is required.

In addition to the idea of code auditing, one is to read through the code to parse logic, and the other is to quickly locate some problem function through regular, and then reverse locate the call process. These two ways also correspond to the Code audit tool mainstream realization idea, one is through the parsing process discovers the flaw, another accesses than either is the localization problem function realization.

No matter what the way, focus on the actual reading code, accumulated experience.

The above is a personal point of view, carefully absorbed.

second, the basic knowledge requirementsPHP syntax

Mainstream vulnerability principle

Iii. Introductory Reading & referenceCode Audit Primer Summary

Php:php Handbook-Manual

Code Audits: Enterprise-class web code security Architecture

Iv. The actual practice of audit Basic Series

the basic series of 4 articles is basically through some intuitive small case to let people understand from the user's interaction to the execution of the code in the process of how the vulnerability is the form of existence, and how to be exploited, beginners to read this article can make people more quickly understand the process of code audit, as well as the basic audit ideas.

"Code Audit" common Web vulnerability principle Analysis and Utilization mode--sql injection

"Code Audit" common Web Vulnerability Code layer principle analysis and utilization way--File Operation Vulnerability Chapter

"Code Audit" common Web Vulnerability Code layer principle analysis and utilization of PHP code execution chapter

"Code Audit" common Web Vulnerability Code layer principle analysis and utilization way--file operation


Advanced Series

A

few of the high-level series in fact, the whole area of code audit is not high-level, but all have its characteristics, and most of it is from the real software project began to explain, you can let beginners understand the actual combat may encounter some problems, as well as the actual combat in the thinking process.

Code audit bypass Background permission limit, continue SQL injection

Code Audit breakthrough Path limit Delete files

Code audit of any user password retrieval vulnerability

Fatal consequences of improper use of the pseudo-Global Mechanism of code audits

Addslashes Summary of Code Audit bypass

both Mel and Bees series specify an audit of an actual software project, and beginners can follow the author's footsteps in digging, contacting, and other types of articles that are cluttered.

MELCMS Analysis Collection

[Send 0day] code audit that's the way to Mlecms Getshell

[Send 0day] code audit that's it. 2 Mlecms Injection

{Code Audit Ideas} (Read + audit) MLECMS (medium crisis/Not easy)

BEESCMS Analysis Collection

"A probe into code auditing" Beescms V4.0_r SQL

Further thinking of "code audit" on BEESCMS SQL injection Vulnerability

"Send 0day" code audit that's it. 3 Beescms Getshell

"Beecms Code Audit article" beecms arbitrary file deletion


Other

PHP Code Audit: Null Character issues

A CMS case tutorial introduction to PHP code auditing

PHP Code Audit storage XSS Form Defense plus use Chapter

Code Auditing for Zzcms

It is also important to mention that Web applications written in different languages have similarities, and that when you are familiar with the code audit process in a language, you can actually extend it to other languages. You will find that the basic principle is similar, of course, the difference is still there, such as addslashes and NULL in the article is so, it is the language of PHP unique problem, and some other differences are not detailed here.

V. Recommended COURSES

PHP Code Audit Combat:
http://www.ichunqiu.com/course/54473

Vi. Code Audit Tools recommended

RIPS
It can check out the common vulnerabilities such as XSS, SQL injection, sensitive information disclosure, file inclusion, can scan code in a regular way to discover vulnerabilities, or you can use custom syntax to scan code to discover problems.

Download Link:/http/rips-scanner.sourceforge.net/

Reference articles
Tools recommended: Three automated code audit tools

Vii. related Reading

An overview of SQL Injection Vulnerability in MyBatis framework

How to use grep to perform code audits on PHP

Python Secure Coding & Code audits

ConclusionThis post is designed to help you better and more systematic study of code audit, we have any suggestions hope to enlighten.
Next Technical topic research:We will be in these two days to determine the next week's technical topics, you want to learn the designated technology can leave a message application, we will adjust according to the needs of the project, thank you for your support!

Technical topics-php Code audits