Lesser Known Security Problems in PHP Applications

11 likes5,510 views

The presentation by Stefan Esser at the Zend Conference discusses lesser-known security issues in PHP applications, highlighting vulnerabilities related to input filtering, session handling, and database operations. Esser emphasizes the importance of proper input validation, secure session management, and the risks of using non-robust random number generators. He provides examples of potential exploits and recommends best practices to mitigate these security risks.

Most read

Most read

Most read

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Lesser Known Security Problems in PHP Applications

Ad

Recommended

PPTX

życie w jeziorzeStella_89

PDF

上級ユーザビリティテスト手法Tarumoto Tetsuya

PDF

Lean UX Canvas: Make User Experience CountJosh (Adi Tedjasaputra)

PDF

実践リーンエンタープライズ（20161027）Masanori Kado

PPT

Slide prima parteimartini

PDF

こうすれば書ける！ウェブアクセシビリティ方針と試験結果表示Web Accessibility Infrastructure Committee (WAIC)

PPT

Session Handling Using MemcacheAnand Ghaywankar

PDF

Web session replication with HazelcastEmrah Kocaman

PDF

Server Independent ProgrammingZendCon

PDF

Api Designsumithra jonnalagadda

PDF

JSON-RPC Proxy Generation with PHP 5Stephan Schmidt

PDF

9 Ways to Hack a Web Appelliando dias

PDF

[CB20] Operation I am Tom: How APT actors move laterally in corporate network...CODE BLUE

PDF

Profiling PHP with Xdebug / WebgrindSam Keen

PDF

Fix me if you can - DrupalCon praguehernanibf

PDF

Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiJérémy Derussé

PDF

Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd

PDF

meet.php #11 - Huston, we have an airbrakeMax Małecki

PPTX

Building and managing applications fast for IBM iZend by Rogue Wave Software

PDF

Jun Heider - Flex Application Profiling By Example360|Conferences

PDF

Web backdoors attacks, evasion, detectionn|u - The Open Security Community

PPTX

PHP Development Tools 2.0 - Success StoryMichael Spector

PDF

Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatVladyslav Radetsky

PDF

Introduction into PHP5 (Jeroen van Sluijs)Stefan Koopmanschap

ODP

Caching and tuning fun for high scalability @ FrOSCon 2011Wim Godden

PDF

Care and Maintenance of Your EPM EnvironmentEmtec Inc.

PDF

Apache and PHP: Why httpd.conf is your new BFF!Jeff Jones

ODP

Caching and tuning fun for high scalability @ FOSDEM 2012Wim Godden

KEY

Framework ShootoutZendCon

KEY

Zend_Tool: Practical use and ExtendingZendCon

More Related Content

Similar to Lesser Known Security Problems in PHP Applications (20)

PDF

Server Independent ProgrammingZendCon

PDF

Api Designsumithra jonnalagadda

PDF

JSON-RPC Proxy Generation with PHP 5Stephan Schmidt

PDF

9 Ways to Hack a Web Appelliando dias

PDF

[CB20] Operation I am Tom: How APT actors move laterally in corporate network...CODE BLUE

PDF

Profiling PHP with Xdebug / WebgrindSam Keen

PDF

Fix me if you can - DrupalCon praguehernanibf

PDF

Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiJérémy Derussé

PDF

Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd

PDF

meet.php #11 - Huston, we have an airbrakeMax Małecki

PPTX

Building and managing applications fast for IBM iZend by Rogue Wave Software

PDF

Jun Heider - Flex Application Profiling By Example360|Conferences

PDF

Web backdoors attacks, evasion, detectionn|u - The Open Security Community

PPTX

PHP Development Tools 2.0 - Success StoryMichael Spector

PDF

Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatVladyslav Radetsky

PDF

Introduction into PHP5 (Jeroen van Sluijs)Stefan Koopmanschap

ODP

Caching and tuning fun for high scalability @ FrOSCon 2011Wim Godden

PDF

Care and Maintenance of Your EPM EnvironmentEmtec Inc.

PDF

Apache and PHP: Why httpd.conf is your new BFF!Jeff Jones

ODP

Caching and tuning fun for high scalability @ FOSDEM 2012Wim Godden

Server Independent ProgrammingZendCon

Api Designsumithra jonnalagadda

JSON-RPC Proxy Generation with PHP 5Stephan Schmidt

9 Ways to Hack a Web Appelliando dias

[CB20] Operation I am Tom: How APT actors move laterally in corporate network...CODE BLUE

Profiling PHP with Xdebug / WebgrindSam Keen

Fix me if you can - DrupalCon praguehernanibf

Grâce aux tags Varnish, j'ai switché ma prod sur Raspberry PiJérémy Derussé

Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd

meet.php #11 - Huston, we have an airbrakeMax Małecki

Building and managing applications fast for IBM iZend by Rogue Wave Software

Jun Heider - Flex Application Profiling By Example360|Conferences

Web backdoors attacks, evasion, detectionn|u - The Open Security Community

PHP Development Tools 2.0 - Success StoryMichael Spector

Basic detection tests of McAfee ENS + MVISION Insights usage for SunBurst threatVladyslav Radetsky

Introduction into PHP5 (Jeroen van Sluijs)Stefan Koopmanschap

Caching and tuning fun for high scalability @ FrOSCon 2011Wim Godden

Care and Maintenance of Your EPM EnvironmentEmtec Inc.

Apache and PHP: Why httpd.conf is your new BFF!Jeff Jones

Caching and tuning fun for high scalability @ FOSDEM 2012Wim Godden

More from ZendCon (20)

KEY

Framework ShootoutZendCon

KEY

Zend_Tool: Practical use and ExtendingZendCon

PPTX

PHP on IBM i TutorialZendCon

PPT

PHP on Windows - What's NewZendCon

PPTX

PHP and Platform Independance in the CloudZendCon

PPT

I18n with PHP 5.3ZendCon

PDF

Cloud Computing: The Hard Problems Never Go AwayZendCon

PPT

Planning for Synchronization with Browser-Local DatabasesZendCon

PPT

Magento - a Zend Framework ApplicationZendCon

PDF

Enterprise-Class PHP SecurityZendCon

PDF

PHP and IBM i - Database AlternativesZendCon

PDF

Zend Core on IBM i - Security ConsiderationsZendCon

PPTX

Application Diagnosis with Zend Server TracingZendCon

PDF

Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...ZendCon

PDF

Solving the C20K problem: Raising the bar in PHP Performance and ScalabilityZendCon

PDF

Joe Staner Zend Con 2008ZendCon

PDF

Tiery EyedZendCon

PDF

Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...ZendCon

PDF

DB2 Storage Engine for MySQL and Open Source Applications SessionZendCon

PDF

Digital IdentityZendCon

Framework ShootoutZendCon

Zend_Tool: Practical use and ExtendingZendCon

PHP on IBM i TutorialZendCon

PHP on Windows - What's NewZendCon

PHP and Platform Independance in the CloudZendCon

I18n with PHP 5.3ZendCon

Cloud Computing: The Hard Problems Never Go AwayZendCon

Planning for Synchronization with Browser-Local DatabasesZendCon

Magento - a Zend Framework ApplicationZendCon

Enterprise-Class PHP SecurityZendCon

PHP and IBM i - Database AlternativesZendCon

Zend Core on IBM i - Security ConsiderationsZendCon

Application Diagnosis with Zend Server TracingZendCon

Insights from the Experts: How PHP Leaders Are Transforming High-Impact PHP A...ZendCon

Solving the C20K problem: Raising the bar in PHP Performance and ScalabilityZendCon

Joe Staner Zend Con 2008ZendCon

Tiery EyedZendCon

Make your PHP Application Software-as-a-Service (SaaS) Ready with the Paralle...ZendCon

DB2 Storage Engine for MySQL and Open Source Applications SessionZendCon

Digital IdentityZendCon

Ad

Recently uploaded (20)

PDF

"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...Fwdays

PDF

CIFDAQ Market Wrap for the week of 4th July 2025CIFDAQ

PDF

Achieving Consistent and Reliable AI Code Generation - Medusa AImedusaaico

PDF

Staying Human in a Machine- Accelerated WorldCatalin Jora

PDF

Transforming Utility Networks: Large-scale Data Migrations with FMESafe Software

PDF

"AI Transformation: Directions and Challenges", Pavlo ShaternikFwdays

PDF

“NPU IP Hardware Shaped Through Software and Use-case Analysis,” a Presentati...Edge AI and Vision Alliance

PDF

CIFDAQ Token Spotlight for 9th July 2025CIFDAQ

PDF

Building Real-Time Digital Twins with IBM Maximo & ArcGIS IndoorsSafe Software

PDF

IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...Rejig Digital

PDF

Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025BookNet Canada

PPTX

Future Tech Innovations 2025 – A TechLists InsightTechLists

PDF

[Newgen] NewgenONE Marvin Brochure 1.pdfdarshakparmar

PDF

Smart Trailers 2025 Update with History and OverviewPaul Menig

PDF

The Rise of AI and IoT in Mobile App Tech.pdfIMG Global Infotech

DOCX

Cryptography Quiz: test your knowledge of this important security concept.Rajni Bhardwaj Grover

PDF

Biography of Daniel Podor.pdfDaniel Podor

PDF

POV_ Why Enterprises Need to Find Value in ZERO.pdfdarshakparmar

PPTX

WooCommerce Workshop: Bring Your LaptopLaura Hartwig

PDF

CIFDAQ Market Insights for July 7th 2025CIFDAQ

"Beyond English: Navigating the Challenges of Building a Ukrainian-language R...Fwdays

CIFDAQ Market Wrap for the week of 4th July 2025CIFDAQ

Achieving Consistent and Reliable AI Code Generation - Medusa AImedusaaico

Staying Human in a Machine- Accelerated WorldCatalin Jora

Transforming Utility Networks: Large-scale Data Migrations with FMESafe Software

"AI Transformation: Directions and Challenges", Pavlo ShaternikFwdays

“NPU IP Hardware Shaped Through Software and Use-case Analysis,” a Presentati...Edge AI and Vision Alliance

CIFDAQ Token Spotlight for 9th July 2025CIFDAQ

Building Real-Time Digital Twins with IBM Maximo & ArcGIS IndoorsSafe Software

IoT-Powered Industrial Transformation – Smart Manufacturing to Connected Heal...Rejig Digital

Transcript: New from BookNet Canada for 2025: BNC BiblioShare - Tech Forum 2025BookNet Canada

Future Tech Innovations 2025 – A TechLists InsightTechLists

[Newgen] NewgenONE Marvin Brochure 1.pdfdarshakparmar

Smart Trailers 2025 Update with History and OverviewPaul Menig

The Rise of AI and IoT in Mobile App Tech.pdfIMG Global Infotech

Cryptography Quiz: test your knowledge of this important security concept.Rajni Bhardwaj Grover

Biography of Daniel Podor.pdfDaniel Podor

POV_ Why Enterprises Need to Find Value in ZERO.pdfdarshakparmar

WooCommerce Workshop: Bring Your LaptopLaura Hartwig

CIFDAQ Market Insights for July 7th 2025CIFDAQ

Ad