Upload
michelangelo-van-dam
View
700
Download
0
Tags:
Embed Size (px)
DESCRIPTION
We all have focussed on best practices and code quality over the past years, but we seemed to forgot the most important aspect of the web: security. This talk gives a good overview on your first-line of defence in your code, how to ensure that new exploits and hacking techniques are covered with tests and how you build solid web applications that secured enough to keep script kiddies and wanna-be hackers away. I will also give some tips what to do when you're company becomes victim of cyber crime.
Citation preview
2
http
s://w
ww.
flick
r.com
/pho
tos/
busc
hap/
3112
2390
16
90K reasonswhy security is a must
in it2PROFESSIONAL PHP SERVICES
A year later
3
Today, 2 months later
4
5
http
s://w
ww.
flick
r.com
/pho
tos/
andy
mag
/934
9743
409
Neverending awareness
6
http
s://w
ww.
flick
r.com
/pho
tos/
yono
late
ngo/
8338
5975
58
Why bother?
7
http
s://w
ww.
flick
r.com
/pho
tos/
emag
ic/5
6206
868
8
In the news…
http
s://w
ww.
flick
r.com
/pho
tos/
3990
8901
@N
06/6
9234
0893
8
Yes, you’re a target!
9
http
s://w
ww.
flick
r.com
/pho
tos/
jeep
ersm
edia
/145
4605
9371
Email addresses are valuable!
10
http
s://w
ww.
flick
r.com
/pho
tos/
horia
varla
n/45
1416
4700
One password, many sites!
11
abc123
Advice on tools!!!
12
Password managers!
2-factor authentication
13
http://www.google.com/landing/2step/
Who’s after my data?
15
http
s://w
ww.
flick
r.com
/pho
tos/
teeg
ardi
n/60
9381
0333
Script kiddies
16
Amateur hacker
17
http
s://w
ww.
flick
r.com
/pho
tos/
hack
ny/6
2033
0570
6
Professional hacker
18
http
s://w
ww.
flick
r.com
/pho
tos/
equi
noxe
fr/68
5717
4987
Business Competition
19
http
s://w
ww.
flick
r.com
/pho
tos/
hagg
ism
ac/5
0900
2851
3
Governments
20
http
s://w
ww.
flick
r.com
/pho
tos/
defe
ncei
mag
es/7
9856
9559
1
What to do against it?
21
http
s://w
ww.
flick
r.com
/pho
tos/
drac
hman
n/32
7122
302
Cultural differences
22
http
s://w
ww.
flick
r.com
/pho
tos/
robd
eman
/239
0666
040
Legal regulations
23
http
s://w
ww.
flick
r.com
/pho
tos/
puis
ney/
1674
5868
21
Architectural considerations
24
http
s://w
ww.
flick
r.com
/pho
tos/
nifty
nial
l/127
6892
2813
Restrict physical access
25
http
s://w
ww.
flick
r.com
/pho
tos/
zapt
hedi
ngba
t/487
1337
20
Secure your network
26
http
s://w
ww.
flick
r.com
/pho
tos/
9927
9135
@N
05/1
4618
3422
77
Extra care for privacy data
27
http
s://w
ww.
flick
r.com
/pho
tos/
hyku
/368
9125
57
Use encryption
28
http
s://w
ww.
flick
r.com
/pho
tos/
ideo
nexu
s/51
7538
3269
Lock down your application
29
http
s://w
ww.
flick
r.com
/pho
tos/
sim
on_c
ocks
/453
4589
059
Create security checkpoints
30
http
s://w
ww.
flick
r.com
/pho
tos/
paul
k/22
1299
2458
Track movements
31
http
s://w
ww.
flick
r.com
/pho
tos/
timsa
mof
f/362
7307
55
Code considerations
32
http
s://w
ww.
flick
r.com
/pho
tos/
nyuh
uhuu
/444
3886
636
Security is not an afterthought!
33
http
s://w
ww.
flick
r.com
/pho
tos/
web
b-za
hn/1
0971
2154
25
Sanitise data, always<?php $id = $_GET['id']; // sanitise tainted data $clean_id = filter_var($id, FILTER_SANITIZE_NUMBER_INT); $clean_id = filter_var($clean_id, FILTER_VALIDATE_INT); if (0 < $clean_id) { $stmt = $pdo->prepare( 'SELECT * FROM TABLE WHERE `id` = ?' ); $stmt->bindParam(1, $clean_id, PDO::PARAM_INT); $stmt->execute(); }
35
36
Use the right tool for the job
37
http
s://w
ww.
flick
r.com
/pho
tos/
floria
nric
/726
3382
550
38
39
Layered security
40
http
s://w
ww.
flick
r.com
/pho
tos/
fees
ta/2
7005
7520
1
You know all this, right!
41
http
s://w
ww.
flick
r.com
/pho
tos/
sara
hrei
do/3
1208
7734
8
Victim of an attack?
42
http
s://w
ww.
flick
r.com
/pho
tos/
mar
ittol
edo/
8512
2449
45
Know you’ve been hacked!
43
Inform everyone ASAP!
44
http
s://w
ww.
flick
r.com
/pho
tos/
blue
robo
t/549
0728
061
Get security advise!
45
Inform the world
46
Your turn
47
http
s://w
ww.
flick
r.com
/pho
tos/
tmab
2003
/427
7896
845
Spread the word
48
http
s://w
ww.
flick
r.com
/pho
tos/
sune
ko/3
7331
0729
Comment on “bad” practices
49
http
s://w
ww.
flick
r.com
/pho
tos/
seba
stia
n_be
rgm
ann/
3991
5396
05
Learn about the risks
50
Use hack cheat sheets
52
ha.ckers.org
Continuously unit test!
53
Other resources…
54
May the force be with you
58
Questions
59
http
s://w
ww.
flick
r.com
/pho
tos/
colin
kinn
er/2
2005
0002
4
60
joind.in/11858If you like it, thanks.
If you don’t, please tell me how to improve