Nature and Scope of the Problem
Understanding Filtering, Validation,
and Output Escaping
Preventing the Most
Common Forms of Attack
Protecting Against Common
SQL Injection Attacks
About the Author
What is the threat?
How can you analyze the threat?
internal, external, partner
Intentions and motivations:
hacking, malware, physical, push, pull
What types of threats are out there?
Viruses, worms, trojans, adware, spyware, malware, etc.
Disgruntled employees or contractors
Organized crime, gangs, or others interested in illegal gain
Corporations or governments engaged in espionage
Politically motivated individuals or groups
Accidental or careless actions
Natural disasters, no offsite backups
How bad is it?
Forbes: Biggest Cyber Attack in History
Imperva: 1 website had 26 attacks per minute
Symantec: 42% increase in attacks
Network World: 70%-80% of attacks via the Internet now originate from exploit kits
What threats are specific to PHP?
Problems due to misconfiguration
Failure to filter/validate $_* data
Attacks: XSS, Session, Injection, etc.
Open source vulnerabilities
What are some resources to find out more?
Open Source Vulnerability Database
PHP Version Details
Open source: go to that website