SQL & PHP Security by Andrew J. BenniestonWhether your site is the web presence for a large multinational, a gallery showing your product range and inviting potential customers to come into the shop, or a personal site exhibiting your holiday photos, web security always matters. After the hard work you’ve put in to make your site look good and respond to your users, the last thing you’d want is for a hacker to come along and somehow ruin it. There are a number of problems in web security, and unfortunately not all of them have definite solutions – this white paper examines some of these problems every time you set out to write a PHP script to ensure PHP security. These are the problems which, with well-designed and properly sanitized code, can be eliminated entirely. 1. Introduction - Web Security: The Big PictureThe web is the future in business; from e-commerce to Internet Banking, from art galleries to restaurant menus and opening times, the web is becoming an essential aspect of business. Where websites must be automated, or dynamic, a number of web application solutions exist, but each of these brings with it a set of security considerations. There are a number of problems in web security, and unfortunately not all of them have definite solutions, but this looks at some of the problems that should be considered every time you set out to write a PHP script so you can ensure PHP security on your site. These are the problems which, with well-designed code, can be eliminated entirely. Before looking in detail at the solutions, though, lets take a moment to define the problems themselves. 1.1 SQL Injection
SQL Injection – Note that the quoted string is ended after the word Injection, and another quoted string begins at the end. This matches up with the quoting already present in the web application itself, otherwise the SQL would be incorrect and an error would occur. In an SQL Injection attack, a user is able to execute SQL queries in your website's database. This attack is usually performed by entering text into a form field which causes a subsequent SQL query, generated from the PHP form processing code, to execute part of the content of the form field as though it were SQL. The effects of this attack range from the harmless (simply using SELECT to pull another data set) to the devastating (DELETE, for instance). In more subtle attacks, data could be changed, or new data added. This attack can occur anywhere user-supplied data (from a form field or uploaded filename, for example) is used in a filesystem operation. If a user specifies “../../../../../../etc/passwd” as form data, and your script appends that to a directory name to obtain user-specific files, this string could lead to the inclusion of the password file contents, instead of the intended file. More severe cases involve file operations such as moving and deleting, which allow an attacker to make arbitrary changes to your filesystem structure.
Directory Traversal – Interpretation of the special directory names . and .. can be used to alter the interpretation of a complete path. 1.3 Authentication Issues Authentication issues involve users gaining access to something they shouldn't, but to which other users should. An example would be a user who was able to steal (or construct) a cookie allowing them to login to your site under an Administrator session, and therefore be able to change anything they liked.
Authentication - Stolen cookies, or URL based authentication, can sometimes be used to gain access to areas of a website which should be restricted. 1.4 Remote Scripts (XSS) XSS or Cross-Site Scripting (also sometimes referred to as CSS, but this can be confused with Cascading Style Sheets, something entirely different!) is the process of exploiting a security hole in one site to run arbitrary code on that site's server. The code is usually included into a running PHP script from a remote location. This is a serious attack which could allow any code the attacker chooses to be run on the vulnerable server, with all of the permissions of the user hosting the script, including database and filesystem access. Download the entire PHP Security White Paper to find out more. Download the Free Edition of Acunetix Web Security Scanner and find out today if your PHP applications are hackable!
Články o bezpečnosti Keeping Web Hacking at bay with Acunetix - How to avoid a Hacker Attack on your websiteCross Site Scripting - XSS - The Underestimated Exploit Microsoft UK Events Website Hacked The JavaScript Engine of Acunetix WVS PCI Compliance (Payment Card Industry Data Security Standard) Web Applications: What are they? What of them? The True Nature of Web Application Security: The Role and Function of Black Box Scanners Web hacking: An underestimated threat Ajax security: Are AJAX applications vulnerable to hack attacks? PHP / SQL Security - Part 6 Dokumenty White Paper Hledání správného skeneru webových aplikací; proč black-box nestačíThe Payment Card Industry Compliance - Securing both Merchant and Customer data. Web Services - The Technology and its Security Concerns Are AJAX Applications Vulnerable to Hack Attacks? The importance of Securing AJAX Web Applications Auditing Your Web Site Security with Acunetix Web Vulnerability Scanner The Importance of Web Application Scanning |
|
