Hal Lindsey's The Late, Great Planet Earth and the Rise of ...
Rise of the Planet of the Anonymous
-
Upload
phptechtalk -
Category
Technology
-
view
695 -
download
1
description
Transcript of Rise of the Planet of the Anonymous
www.mimos.my © 2009 MIMOS Berhad. All Rights Reserved.
Errazudin Ishak
Rise of the Planet of the Anonymous
OWASP Day Kuala Lumpur
2011
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Rise of the Planet of the Anonymous
(and what you should do as a PHP developer)
Agenda
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
• You
• Me
• Anonymous
• Why PHP
• PHP Security
• Resources
About You
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Name : Designation : Day job : Night job :
• Errazudin Ishak
• @errazudin
• Senior engineer @ Mimos Bhd Malaysia
• Focuses on web application development, deployment, performance and stability.
• 2009 : foss.my , MyGOSSCON
• 2010 : Entp. PHP Techtalk, BarcampKL, PHP Meetup, MOSC2010, PHP Northwest UK, MyGOSSCON
• 2011 : INTAN Tech Update, Wordpress Conf. Asia, Joomla! Day, MOSC
About Me
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
ANONYMOUS
Why so serious? – Joker
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
News
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
http://goo.gl/oVjqz
91
76 ATTACKED
RECOVERED
Internet
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
“…anonymous, uncontrolled, always on, and instantly accessible
from anywhere”
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Evolution…
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
http://evolutionofweb.appspot.com/
..becomes revolution
Does it apply here? (web security)
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
"Good programmers write code, great programmers reuse"
Defcon19
Web security
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Completely secure system is virtually impossible
Why?
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
RISK USABILITY
Agenda
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
• You
• Me
• Anonymous
• Why PHP
• PHP Security
• Resources
Why PHP?
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
“More internet applications speak PHP
than any other”
Why PHP?
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Source : http://w3techs.com
77%
22%
4% 1% 1% 1% 0%
Usage of server-side programming languages for websites
PHP
ASP.NET
Java
ColdFusion
Perl
Ruby
Python
Why PHP?
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Source : http://w3techs.com
77%
22%
4% 1% 1% 1% 0%
Usage of server-side programming languages for websites
PHP
ASP.NET
Java
ColdFusion
Perl
Ruby
Python
PHP Secure?
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Developer
PHP
Enterprise
User
PHP Secure?
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
PHP is not the culprit, we (developer,sys
admin,architect) are.
Why PHP?
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
“People have to understand their
systems well to know where security issues are likely to appear”
Rasmus Lerdorf
Agenda
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
• You
• Me
• Anonymous
• Why PHP
• PHP Security
• Resources
PHP Security
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Secure Ecosystem
PHP Security
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Secure Ecosystem, Maintain it!
Dev/prod environment
Up to date
Secured network
Access (Permissions)
PHP Security
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Secure Operations
PHP Security
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Secure Operations, also practice
it!
Human only
User identitification
Role based actions
Track/Audit trail
PHP Security
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Secure Programming
PHP Security
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Secure Programming,
practice it!
Input validation
DB
XSS/CSRF/Session
Access (Permissions)
PHP Security
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
“Security take an ongoing effort and a lot of little things instead of
one big one” Cal Evans
Security. (Remember Risk – Usability)
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
Resources
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
• php|architect’s Guide to PHP Security http://goo.gl/cUxuB
• Pro PHP Security http://goo.gl/HGIkI
• Defcon 19 http://goo.gl/S8Qw4
• Artur Ejsmont’s blog http://goo.gl/HGUkg
• Php.net
• Zend.com
• Phpcoe.mimos.my
THANK YOU
www.mimos.my © 2011 MIMOS Berhad. All Rights Reserved.
* All images, logos and data are the copyright of their respective owners
@errazudin