200K+ reasonsWhy security is a must
in it2PROFESSIONAL PHP SERVICES
About 2 years ago
99K problems
A year later
Today!
Today!
http
s://w
ww.
flick
r.com
/pho
tos/
andy
mag
/934
9743
409
Neverending awareness
http
s://w
ww.
flick
r.com
/pho
tos/
yono
late
ngo/
8338
5975
58
Why bother?
http
s://w
ww.
flick
r.com
/pho
tos/
emag
ic/5
6206
868
In the news…
http
s://w
ww.
flick
r.com
/pho
tos/
3990
8901
@N
06/6
9234
0893
8
In the news…
http
s://w
ww.
flick
r.com
/pho
tos/
3990
8901
@N
06/6
9234
0893
8
Yes, you’re a target!
http
s://w
ww.
flick
r.com
/pho
tos/
jeep
ersm
edia
/145
4605
9371
Email addresses are valuable!
http
s://w
ww.
flick
r.com
/pho
tos/
horia
varla
n/45
1416
4700
One password, many sites!
One password, many sites!
One password, many sites!
One password, many sites!
One password, many sites!
One password, many sites!
abc123
Advice on tools!!!
Password managers!
Advice on tools!!!
Password managers!
Advice on tools!!!
Password managers!
Advice on tools!!!
Password managers!
Who’s after my data?
http
s://w
ww.
flick
r.com
/pho
tos/
teeg
ardi
n/60
9381
0333
Script kiddies
Amateur hacker
http
s://w
ww.
flick
r.com
/pho
tos/
hack
ny/6
2033
0570
6
Business Competition
http
s://w
ww.
flick
r.com
/pho
tos/
hagg
ism
ac/5
0900
2851
3
Professional hacker
http
s://w
ww.
flick
r.com
/pho
tos/
equi
noxe
fr/68
5717
4987
Governments
http
s://w
ww.
flick
r.com
/pho
tos/
defe
ncei
mag
es/7
9856
9559
1
What to do against it?
http
s://w
ww.
flick
r.com
/pho
tos/
drac
hman
n/32
7122
302
Cultural differences
http
s://w
ww.
flick
r.com
/pho
tos/
robd
eman
/239
0666
040
Legal regulations
http
s://w
ww.
flick
r.com
/pho
tos/
puis
ney/
1674
5868
21
Architectural considerations
http
s://w
ww.
flick
r.com
/pho
tos/
nifty
nial
l/127
6892
2813
Restrict physical access
http
s://w
ww.
flick
r.com
/pho
tos/
zapt
hedi
ngba
t/487
1337
20
Secure your network
http
s://w
ww.
flick
r.com
/pho
tos/
9927
9135
@N
05/1
4618
3422
77
Extra care for privacy data
http
s://w
ww.
flick
r.com
/pho
tos/
hyku
/368
9125
57
Use encryption
http
s://w
ww.
flick
r.com
/pho
tos/
ideo
nexu
s/51
7538
3269
Application Lock Down
http
s://w
ww.
flick
r.com
/pho
tos/
sim
on_c
ocks
/453
4589
059
Security Checkpoints
http
s://w
ww.
flick
r.com
/pho
tos/
paul
k/22
1299
2458
Track movements
http
s://w
ww.
flick
r.com
/pho
tos/
timsa
mof
f/362
7307
55
Code considerations
http
s://w
ww.
flick
r.com
/pho
tos/
nyuh
uhuu
/444
3886
636
Security is not an afterthought!
http
s://w
ww.
flick
r.com
/pho
tos/
web
b-za
hn/1
0971
2154
25
Sanitise data! Always!!!<?php $id = $_GET['id']; // sanitise tainted data $clean_id = filter_var($id, FILTER_SANITIZE_NUMBER_INT); $clean_id = filter_var($clean_id, FILTER_VALIDATE_INT); if (0 < $clean_id) { $stmt = $pdo->prepare( 'SELECT * FROM TABLE WHERE `id` = ?' ); $stmt->bindParam(1, $clean_id, PDO::PARAM_INT); $stmt->execute(); }
Use the right tool for the job
http
s://w
ww.
flick
r.com
/pho
tos/
floria
nric
/726
3382
550
Layered security
http
s://w
ww.
flick
r.com
/pho
tos/
fees
ta/2
7005
7520
1
You know all this, right!
http
s://w
ww.
flick
r.com
/pho
tos/
sara
hrei
do/3
1208
7734
8
Victim of an attack?
http
s://w
ww.
flick
r.com
/pho
tos/
mar
ittol
edo/
8512
2449
45
Know you’ve been hacked!
Inform everyone ASAP!
http
s://w
ww.
flick
r.com
/pho
tos/
blue
robo
t/549
0728
061
Get security advise!
Inform the world
Your turn
http
s://w
ww.
flick
r.com
/pho
tos/
tmab
2003
/427
7896
845
Spread the word
http
s://w
ww.
flick
r.com
/pho
tos/
sune
ko/3
7331
0729
Comment on “bad” practices
http
s://w
ww.
flick
r.com
/pho
tos/
seba
stia
n_be
rgm
ann/
3991
5396
05
Learn about the risks
Use hack cheat sheetsha.ckers.org
Continuously unit test!
Other resources…
Essential PHP Security
http
s://w
ww.
flick
r.com
/pho
tos/
colin
kinn
er/2
2005
0002
4
May the force be with you
Contact us
in it2PROFESSIONAL PHP SERVICES
Michelangelo van Dam [email protected]
www.in2it.be
PHP Consulting - Training - QA
phpcon.euTicket sales start soon!
Thank youHave a great conference
http
://w
ww.
flick
r.com
/pho
tos/
drew
m/3
1918
7251
5