Evil Code and how to defend against it CSCI 4300 .
-
Upload
christal-tucker -
Category
Documents
-
view
217 -
download
0
Transcript of Evil Code and how to defend against it CSCI 4300 .
Evil Code and how to defend Evil Code and how to defend against itagainst it
CSCI 4300CSCI 4300http://shiflett.org/php-security.pdfhttp://shiflett.org/php-security.pdf
http://phpsec.org/projects/guide/2.htmlhttp://phpsec.org/projects/guide/2.html
Defense against form input attacks: Defense against form input attacks: data filteringdata filtering
Dispatch methodDispatch method
Dispatch script exampleDispatch script example
Spoofed form inputSpoofed form input
Whitelist Input VerificationWhitelist Input Verification
Whitelist Email address verificationWhitelist Email address verification
Simple message boardSimple message board
Message Board AttackMessage Board Attack
Message Board defenseMessage Board defense
• Security tip: use pre-existing PHP functions; they are more efficient and less likely to contain security holes.
Cross-Site Request forgeriesCross-Site Request forgeries
• Victim has authenticated to target site T
• Evil site E forges a privileged request to T
• Forged request succeeds by virtue of victim’s authentication tokens.
Cross-Site Request Forgery Cross-Site Request Forgery exampleexample
• Target site, stox.com:<input type=text name=stock>
<input type=text name=n_shares>
<input type=submit>
• Evil site, evil-hackers.org
<img src=http://stox.com?name=IBM&n_shares=1000000>
CSRF defense: form tokensCSRF defense: form tokens
Database CredentialsDatabase Credentials
• Place db.inc outside of document root, so it cannot be accessed via a URL!
SQL injection attackSQL injection attack
• <?php//get $uname and $passwd
...mysql_query (“select * from user where
uname=‘$uname’ and password=‘$passwd’”)
Evil input:Uname = my_unamePasswd= mypassd’; delete from user where
‘a’=‘a’