Securing PHP Web Applications.pdf

时间:2022-09-07 06:28:14
【文件属性】:

文件名称:Securing PHP Web Applications.pdf

文件大小:13.08MB

文件格式:PDF

更新时间:2022-09-07 06:28:14

Securing  PHP Web Applications

Contents Acknowledgments xiii About the Authors xv Part I Web Development Is a Blood Sport—Don't Wander onto the Field Without a Helmet 1 Chapter 1 Security Is a Server Issue and Other Myths 3 Reality Check 3 Security Is a Server Issue 5 Hackers Gain Control Through Insecure Applications 5 Programmers Can Harden Their Own Applications 6 Security Through Obscurity 7 Native Session Management Provides Plenty of Security 9 “My Application Isn’t Major Enough to Get Hacked” 9 The “Barbarians at the Gate” Syndrome 10 Wrapping It Up 10 Part II Is That Hole Really Big Enough to Drive a Truck Through? 11 Chapter 2 Error Handling 13 The Guestbook Application 13 Program Summary 13 Primary Code Listing 14 From the Library of Lee Bogdanoff CONTENTS vi Users Do the Darnedest Things . . . 15 I Wonder What Will Happen If I Do This? 15 Expecting the Unexpected 18 Building an Error-Handling Mechanism 19 Test for Unexpected Input 20 Decide What to Do with Erroneous Data 23 Make the System Mind-Numbingly Easy to Use 24 Wrapping It Up 26 Chapter 3 System Calls 27 Navigating the Dangerous Waters of exec(),system(), and Backticks 27 Using System Binaries with the SUID Bit and sudo 28 Using System Resources 29 Usingescapeshellcmd() and escapeshellarg() to Secure System Calls 30 escapeshellcmd() 30 escapeshellarg() 30 Create an API to Handle All System Calls 31 Why Not Just Escape the Arguments and Be Done? 31 Validate User Input 32 Patch the Guestbook Application 32 ThemoveFile()Function 32 Changes to the Application 34 Wrapping It Up 34 Part III What's In a Name? More Than You Expect 35 Chapter 4 Buffer Overflows and Variable Sanitation 37 What Is a Buffer, How Does It Overflow, and Why Should You Care? 37 Buffers, Stacks, Heaps, and Memory Allocation 39 Consequences of a Buffer Overflow 42 Memory Allocation and PHP 42 Pay Attention to the Latest Security Alerts 44 Prevent Buffer Overflows by Sanitizing Variables 46 Premise: Data Is Guilty Until Proven Innocent, Especially If It Comes from Outside the Application 46 Where Does Data Come From? 48 How to Sanitize Data to Prevent Buffer Overflows 48 Patch the Application 49 Verify That We’re Running the Latest Stable Versions 49 Check Variable Sanitation 51 Wrapping It Up 52 Chapter 5 Input Validation 53 New Feature: Allow Users to Sign Their Guestbook Comments 53 From the Library of Lee Bogdanoff CONTENTS vii The Problem: Users Who Give You More Than You Asked For 54 Spammers 55 Injection Attacks 55 Assumptions: You Know What Your Data Looks Like 55 Database Constraints 56 Logical Constraints 56 The Solution: Regular Expressions to Validate Input 57 Tainted Data 57 Regexes 101 58 That Greedy, Lazy . . . Regex! 62 Common Input Validation Patterns 65 Wrapping It Up 67 Chapter 6 Filesystem Access: Accessing the Filesystem for Fun and Profit 69 Opening Files 69 Local Filesystem Access 69 Remote Filesystem Access 71 Preventing Remote Filesystem Exploits 72 Creating and Storing Files 73 Allowing File Uploads 73 Storing Files Safely 75 Changing File Properties Safely 76 Changing File Permissions in UNIX, Linux, and Mac OS X 76 Changing Windows File Permissions 77 Changing File Permissions in PHP 87 Patching the Application to Allow User-Uploaded Image Files 88 Modify the API 88 Create the Upload Form 90 Wrapping It Up 90 Part IV “Aw come on man, you can trust me” 93 Chapter 7 Authentication 95 What Is User Authentication? 95 Usernames and Passwords 97 Image Recognition 99 Privileges 100 How to Authenticate Users 101 Directory-Based Authentication 101 User Database 114 Storing Usernames and Passwords 115 Encryption 115 Password Strength 116 Assess Your Vulnerability 117 From the Library of Lee Bogdanoff CONTENTS viii Patching the Application to Authenticate Users 117 Add User Database Table and Double-Check Database Security 118 Create Authentication API 119 Wrapping It Up 120 Chapter 8 Encryption 121 What Is Encryption? 121 Choosing an Encryption Type 123 Algorithm Strength 123 Speed Versus Security 124 Use of the Data 124 Password Security 125 Patching the Application to Encrypt Passwords 125 Modifying the User Table 126 Create the Encryption and Salting Functions 126 Modify the Password Validation System 127 Wrapping It Up 128 Chapter 9 Session Security 129 What Is a Session Variable? 129 Major Types of Session Attacks 129 Session Fixation 130 Session Hijacking 131 Session Poisoning 133 Patching the Application to Secure the Session 133 Wrapping It Up 136 Chapter 10 Cross-Site Scripting 137 What Is XSS? 137 Reflected XSS 137 Stored XSS 138 Patching the Application to Prevent XSS Attacks 138 Wrapping It Up 139 Part V Locking Up for the Night 141 Chapter 11 Securing Apache and MySQL 143 Programming Languages, Web Servers, and Operating Systems Are Inherently Insecure 143 Securing a UNIX, Linux, or Mac OS X Environment 144 Update the Operating System 145 Securing Apache 147 Upgrade or Install the Latest Stable Version of Apache 147 Give Apache Its Own User and Group 149 From the Library of Lee Bogdanoff CONTENTS ix Hide the Version Number and Other Sensitive Information 151 Restrict Apache to Its Own Directory Structure 152 Disable Any Options You Don’t Explicitly Need 153 Install and Enable ModSecurity 154 Securing MySQL 159 Upgrade or Install the Latest Version 159 Disable Remote Access 163 Change Admin Username and Password 163 Delete Default Database Users and Create New Accounts for Each Application 164 Delete the Sample Databases 165 Wrapping It Up 166 Chapter 12 Securing IIS and SQL Server 167 Securing a Windows Server Environment 167 Update the Operating System 168 Securing IIS 177 Reduce the Server’s Footprint 177 Secure the Web Root 179 Securing SQL Server 187 Install or Upgrade to the Latest Version 187 Secure Microsoft SQL Server 200 Wrapping It Up 205 Chapter 13 Securing PHP on the Server 207 Using the Latest Version of PHP 207 Examining the Zend Framework and Zend Optimizer 208 Finding the Latest Stable Version of PHP 212 Using the Suhosin Patch and Extension 213 Using the Security Features Built into PHP and Apache 213 safe_mode 213 SuEXEC 214 Using ModSecurity 215 Hardening php.ini 216 Wrapping It Up 218 Chapter 14 Introduction to Automated Testing 219 Why Are We Talking About Testing in a Security Book? 219 Testing Framework 220 Types of Tests 222 Unit Tests 222 System Tests 223 Choosing Solid Test Data 223 Wrapping It Up 224 From the Library of Lee Bogdanoff CONTENTS x Chapter 15 Introduction to Exploit Testing 225 What Is Exploit Testing? 225 Fuzzing 226 Installing and Configuring PowerFuzzer 227 Using PowerFuzzer 231 Testing Toolkits 233 Obtaining CAL9000 234 Using CAL9000 235 Proprietary Test Suites 246 Benefits and Features of a Proprietary Test Suite 246 Using a Proprietary Test Suite to Scan Your Application 247 Wrapping It Up 254 Part VI “Don’t Get Hacked” Is Not a Viable Security Policy 255 Chapter 16 Plan A: Designing a Secure Application from the Beginning 257 Before You Sit Down at the Keyboard . . . 257 Concept Summary 257 Workflow and Actors Diagram 260 Data Design 260 Infrastructure Functions 267 Identifying Points of Failure 269 Login and Logout 269 File Upload 270 User Input 270 Filesystem Access 271 Wrapping It Up 271 Chapter 17 Plan B: Plugging the Holes in Your Existing Application 273 Set Up Your Environment 273 Using a Three-Stage Deployment 273 Using Version Control 275 Application Hardening Checklist 276 Check Your Server Security 276 Find the Vulnerabilities in Your Code 276 Fix the Most Obvious Problems 277 Have Your Code Peer-Reviewed 278 Wrapping It Up 278 Epilogue Security Is a Lifestyle Choice: Becoming a Better Programmer 279 Avoid Feature Creep 279 Write Self-Documenting Code 280 Use the Right Tools for the Job 282 Have Your Code Peer-Reviewed 283 Wrapping It Up 284 From the Library of Lee Bogdanoff CONTENTS xi Appendix Additional Resources 285 PEAR 285 Books 286 Web Sites 287 Tools 288 Integrated Development Environments (IDE) and Frameworks 288 Exploit Testing Tools 288 Automated Testing Tools 288 Glossary 289 Index 293


网友评论