secure php development with inspekt
DESCRIPTION
TRANSCRIPT
![Page 1: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/1.jpg)
PUT DOWN THE SUPERGLOBALS!Secure PHP Dev with Inspekt
Ed Finkler • inspekt.org • @funkatron
tek-X 2010 • #tekx • #inspekt • http://joind.in/1593
![Page 2: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/2.jpg)
Thursday; May 20, 2010 - Inspekt.org
Vulnerabilities!
![Page 3: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/3.jpg)
Thursday; May 20, 2010 - Inspekt.org
What causes them?
![Page 4: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/4.jpg)
Thursday; May 20, 2010 - Inspekt.org
Letting bad stuff in!
![Page 5: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/5.jpg)
Thursday; May 20, 2010 - Inspekt.org
Where's bad stuff?
![Page 6: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/6.jpg)
Thursday; May 20, 2010 - Inspekt.org
EVERYWHERE!!!
![Page 7: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/7.jpg)
Thursday; May 20, 2010 - Inspekt.org
☞ FIEO ☜
![Page 8: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/8.jpg)
Thursday; May 20, 2010 - Inspekt.org
Keep bad stuff from getting in
![Page 9: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/9.jpg)
Thursday; May 20, 2010 - Inspekt.org
Don't send bad stuff out
![Page 10: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/10.jpg)
Thursday; May 20, 2010 - Inspekt.org
Most of us know this
![Page 11: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/11.jpg)
Thursday; May 20, 2010 - Inspekt.org
PHP makes it harderthan it should be
![Page 12: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/12.jpg)
Thursday; May 20, 2010 - Inspekt.org
It should be easyto do safe things
![Page 13: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/13.jpg)
Thursday; May 20, 2010 - Inspekt.org
It should be hardto do dangerous things
![Page 14: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/14.jpg)
Thursday; May 20, 2010 - Inspekt.org
Right nowit's harder to be safe
![Page 15: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/15.jpg)
Thursday; May 20, 2010 - Inspekt.org
That sucks
![Page 16: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/16.jpg)
Thursday; May 20, 2010 - Inspekt.org
That won't changeanytime soon
![Page 17: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/17.jpg)
Thursday; May 20, 2010 - Inspekt.org
Inspekt is an attemptto change that
![Page 18: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/18.jpg)
Thursday; May 20, 2010 - Inspekt.org
Make developers show intent
![Page 19: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/19.jpg)
Thursday; May 20, 2010 - Inspekt.org
Stop direct accessto Superglobals
![Page 20: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/20.jpg)
Thursday; May 20, 2010 - Inspekt.org
example: SuperCage
![Page 21: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/21.jpg)
Thursday; May 20, 2010 - Inspekt.org
Consequences
![Page 22: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/22.jpg)
Thursday; May 20, 2010 - Inspekt.org
Simplify
![Page 23: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/23.jpg)
Thursday; May 20, 2010 - Inspekt.org
Centralize
![Page 24: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/24.jpg)
Thursday; May 20, 2010 - Inspekt.org
Avoid piecemeal filtering
![Page 25: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/25.jpg)
Thursday; May 20, 2010 - Inspekt.org
Force demonstration of intent
![Page 26: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/26.jpg)
Thursday; May 20, 2010 - Inspekt.org
Auditability
![Page 27: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/27.jpg)
Thursday; May 20, 2010 - Inspekt.org
☞ $_ ☜OH NO YOU DIDN'T
![Page 28: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/28.jpg)
Thursday; May 20, 2010 - Inspekt.org
Scoping
![Page 29: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/29.jpg)
Thursday; May 20, 2010 - Inspekt.org
Superglobals are indeed GLOBAL
![Page 30: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/30.jpg)
Thursday; May 20, 2010 - Inspekt.org
Use Singleton
![Page 31: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/31.jpg)
Thursday; May 20, 2010 - Inspekt.org
Additional Functionality
![Page 32: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/32.jpg)
Thursday; May 20, 2010 - Inspekt.org
Auto-filtering
![Page 33: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/33.jpg)
Thursday; May 20, 2010 - Inspekt.org
example:config
![Page 34: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/34.jpg)
Thursday; May 20, 2010 - Inspekt.org
wrap an arbitrary array in a cage
![Page 35: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/35.jpg)
Thursday; May 20, 2010 - Inspekt.org
example:filter_array_cage
![Page 36: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/36.jpg)
Thursday; May 20, 2010 - Inspekt.org
Build your own filters
![Page 37: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/37.jpg)
Thursday; May 20, 2010 - Inspekt.org
example:extending
![Page 38: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/38.jpg)
Thursday; May 20, 2010 - Inspekt.org
filter an array or scalar
![Page 39: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/39.jpg)
Thursday; May 20, 2010 - Inspekt.org
example:filter_static_methods
![Page 40: Secure PHP Development with Inspekt](https://reader038.vdocument.in/reader038/viewer/2022103013/5402cd0d8d7f72f24a8b463d/html5/thumbnails/40.jpg)
Thursday; May 20, 2010 - Inspekt.org
Questions?
http://funkatron.github.com/inspekt/