Security Khaled Al-Sham’aa

What Is Security? Security is a measurement, not a characteristic. Security must be balanced with expense. Security must be balanced with usability. Security must be part of the design.

Basic Steps Consider illegitimate uses of your application. Educate yourself. If nothing else: FILTER ALL INPUT DATA ESCAPE ALL OUTPUT DATA

Register Globals (1)

Register Globals (2)

Filtering (1)

Filtering (2)

Filtering (3)

Form Processing (1)

Form Processing (2)

Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) 1

Cross-Site Scripting (XSS) 2

Cross-Site Scripting (XSS) 3 htmlentities() strip_tags() utf8_decode()

Session Hijacking

SQL Injection (example 1)

SQL Injection (example 1) con. SELECT `id` FROM `logins` WHERE `username` = '$user' AND `password` = '$pwd' $user = “Khaled”; $pwd = “anything' OR 'x'='x”; SELECT `id` FROM `logins` WHERE `username` = 'Khaled' AND `password` = 'anything' OR 'x'='x'

SQL Injection (example 2) $query = “UPDATE usertable SET pwd='$pwd' WHERE uid='$uid' ”; $pwd = “abc”; $uid = “anything' or uid='admin'; -- ”; $query = “UPDATE usertable SET pwd='abc' WHERE uid= 'anything' or uid='admin'; -- ' ”;

Avoiding SQL Injection mysql_real_escape_string() for PHP version < use addslashes() Prepared Statements

Questions