90K reasons security is a must - PHPBenelux Edition

Transcript

1. 2 90K  reasons why  security  is  a  must

2. About  a  year  ago 2

3. A  year  later 3

4. 4 https://www.flickr.com/photos/andymag/9349743409

5. Neverending  awareness 5 https://www.flickr.com/photos/yonolatengo/8338597558

6. Why  bother? 6 https://www.flickr.com/photos/emagic/56206868

7. 7 In  the  news… https://www.flickr.com/photos/39908901@N06/6923408938

8. Yes,  you’re  a  target! 8 https://www.flickr.com/photos/jeepersmedia/14546059371

9. Email  addresses  are  valuable! 9 https://www.flickr.com/photos/horiavarlan/4514164700

10. One  password,  many  sites! 10

11. Who’s  aDer  my  data? 11 https://www.flickr.com/photos/teegardin/6093810333

12. Script  kiddies 12

13. Amateur  hacker 13 https://www.flickr.com/photos/hackny/6203305706

14. Professional  hacker 14 https://www.flickr.com/photos/equinoxefr/6857174987

15. Business  CompeLLon 15 https://www.flickr.com/photos/haggismac/5090028513

16. Governments 16 https://www.flickr.com/photos/defenceimages/7985695591

17. What  to  do  against  it? 17 https://www.flickr.com/photos/drachmann/327122302

18. Cultural  differences 18 https://www.flickr.com/photos/robdeman/2390666040

19. Legal  regulaLons 19 https://www.flickr.com/photos/puisney/1674586821

20. Architectural  consideraLons 20 https://www.flickr.com/photos/niftyniall/12768922813

21. Restrict  physical  access 21 https://www.flickr.com/photos/zapthedingbat/487133720

22. Secure  your  network 22 https://www.flickr.com/photos/99279135@N05/14618342277

23. Extra  care  for  privacy  data 23 https://www.flickr.com/photos/hyku/368912557

24. Use  encrypLon 24 https://www.flickr.com/photos/ideonexus/5175383269

25. Lock  down  your  applicaLon 25 https://www.flickr.com/photos/simon_cocks/4534589059

26. Create  security  checkpoints 26 https://www.flickr.com/photos/paulk/2212992458

27. Track  movements 27 https://www.flickr.com/photos/timsamoff/362730755

28. Code  consideraLons 28 https://www.flickr.com/photos/nyuhuhuu/4443886636

29. Security  is  not  an  aDerthought! 29 https://www.flickr.com/photos/webb-zahn/10971215425

30. SaniLse  data,  always <?php       $id  =  $_GET['id'];

          //  sanitise  tainted  data   $clean_id  =  filter_var($id,  FILTER_SANITIZE_NUMBER_INT);   $clean_id  =  filter_var($clean_id,  FILTER_VALIDATE_INT);   if  (0  <  $clean_id)  {          $stmt  =  $pdo-­‐>prepare(                  'SELECT  *  FROM  TABLE  WHERE  `id`  =  ?'          );          $stmt-­‐>bindParam(1,  $clean_id,  PDO::PARAM_INT);          $stmt-­‐>execute();   } 30

31. Use  the  right  tool  for  the  job 31 https://www.flickr.com/photos/florianric/7263382550

32. 32

33. 33

34. Layered  security 34 https://www.flickr.com/photos/feesta/2700575201

35. You  know  all  this,  right! 35 https://www.flickr.com/photos/sarahreido/3120877348

36. VicLm  of  an  aVack? 36 https://www.flickr.com/photos/marittoledo/8512244945

37. Know  you’ve  been  hacked! 37

38. Inform  everyone  ASAP! 38 https://www.flickr.com/photos/bluerobot/5490728061

39. Get  security  advise! 39

40. Inform  the  world 40

41. Your  turn 41 https://www.flickr.com/photos/tmab2003/4277896845

42. Spread  the  word 42 https://www.flickr.com/photos/suneko/373310729

43. Comment  on  “bad”  pracLces 43 https://www.flickr.com/photos/sebastian_bergmann/3991539605

44. Learn  about  the  risks 44

45. Learn  the  basics  of  hacking 45 hack.me

46. Use  hack  cheat  sheets 46 ha.ckers.org

47. ConLnuously  unit  test! 47

48. Other  resources… 48

49. EssenLal  PHP  Security 49

50. Security  Checklist 50 snipe.ly/risk_matrix

51. May  the  force  be  with  you 51

52. QuesLons 52 https://www.flickr.com/photos/colinkinner/2200500024

53. 53 https://www.flickr.com/photos/psd/2086641

54. 54 joind.in/11926 If you like it, thanks. If you don’t,

    please tell me how to improve

55. Contact  us 55 Consulting - Training - Audits - Graphics

    www.in2it.be - [email protected]