Inspekt is a PHP library that makes it easier to write secure web applications, and released under New BSD License. Inspekt acts as a sort of 'firewall' API between user input and the rest of the application. It takes PHP superglobal arrays, encapsulates their data in an "cage" object, and destroys the original superglobal. Data can then be retrieved from the input data object using a variety of accessor methods that apply filtering, or the data can be checked against validation methods. Raw data can only be accessed via a 'getRaw()' method, forcing the developer to show clear intent.

Inspekt is built upon Chris Shiflett's original Zend_Filter_Input component (now deprecated) from the Zend Framework. Main features include :

• 'Cage' objects that encapsulate input and require the coder to use the provided filtering and validation methods to access input data
• Automatic application of filtering as defined in a configuration file
• A library of static filtering and validation methods
• A simple, clear API
• No external dependencies

A sample usage of Inspekt :

// require the inspekt library require "Inspekt.php"; // create a "SuperCage" to wrap all possible user input // the SuperCage should be created before doing *anything* else $input = Inspekt::makeSuperCage(); // we need to ensure that $_POST['userid'] is an integer if ($userid = $input->post->testInt('userid')) { /* do stuff with $userid */ $db->insert("id={$userid}"); } else { trigger_error('$userid input is invalid', E_USER_ERROR); }

Posted by Hatem at 8:14 PM to Tools | Permalink | Comments (2)

This April 1st will be not funny at all for security experts. We are at D-1 and until today nobody knows what this worm so called Conficker C can really do ! It can damage your computer, your data, steal private information, none knows ! All we know until today that at D-Day all infected computers will be under control of a master computer located somewhere across the web.

Conficker which have been discovered the first time on November 21, 2008, seems to be the worst infection since the SQL Slammer. Estimates of the number of computers infected range from almost 9 million PCs to 15 million computers. On March 27, 2009, the British Director of Parliamentary ICT released a (leaked) memo stating that the House of Commons computer network has been infected with the virus and called for all people who have access the network to use caution and not to connect any unauthorized equipment to the network.[

Conficker is clever in the way it hides its tracks because it uses an enormous number of URLs to communicate with HQ. The first version of Conficker used just 250 addresses each day -- which security researchers and ICANN simply bought and/or disabled -- but Conficker C will up the ante to 50,000 addresses a day when it goes active, a number which simply can't be tracked and disabled by hand.

You can read more about this worm on wikipedia, CNN.

Posted by Hatem at 7:18 PM to General | Permalink | Comments (0)

HTML Purifier is a standards-compliant HTML filter library written in PHP. HTML Purifier will not only remove all malicious code (better known as XSS) with a thoroughly audited, secure yet permissive whitelist, it will also make sure your documents are standards compliant, something only achievable with a comprehensive knowledge of W3C's specifications. Tired of using BBCode due to the current landscape of deficient or insecure HTML filters? Have a WYSIWYG editor but never been able to use it? Looking for high-quality, standards-compliant, open-source components for that application you're building? HTML Purifier is for you!

You can find a very intersting comparaison of HTML Purifier with other HTML filtering solutions such as striptags, PHP Input Filter, HTML_Safe, kses, htmLawed, and Safe HTML Checker. HTML Purifier is available under LGPL license, the key features include whitelist, removal, well-formed, nesting, attributes, xss safe and standard safe. More informations and download at http://htmlpurifier.org

Posted by Hatem at 9:48 PM to Tools | Permalink | Comments (1)

To keep your database safe from SQL injection attacks, GreenSQL is a new Open Source database firewall that you might give a try. GreenSQL works as a reverse proxy and has built in support for MySQL. The logic is based on evaluation of SQL commands using a risk scoring matrix as well as blocking known db administrative commands (DROP, CREATE, etc). GreenSQL is distributed under the GPL license.

GreenSQL Architecture
GreenSQL Web Frontend

In addition to black list patterns that are used to block SQL, GreenSQL have also a white list. If the query is considered illegal - whitelist is check. If it was found in the whitelist, it will be redirected to genuine MySQL server. If it was not found, an empty result set will be send to application. The project is written in C++ and PHP. You can find a demo online to see how GreenSQL looks like. Download is also available from sourceforge.

Posted by Hatem at 6:31 AM to Experience | Tools | Permalink | Comments (0)

Last month we started hearing reports about an Iframe injection that infected thousands of websites and servers. The malware in question is a variant of Zlob and attempt to install itself in the client-side throught an ActiveX, as an unsigned Real player control - reported McAfee Avert Labs.

There are details on how the malware try to infect clients, but not so much information on how servers have been infected. In March 2008, McAfee estimated that nearly 200,000 web pages have been found infected, most of them running phpBB.

Today Hostdepot sent a newsletter alerting that their servers are victims of the "iframe" attack and that they are working to resolve it. Many servers worldwide are still infected with this malware. phpBB was at the origin of the Perl/Santy.worm attack back in 2004, but the origin of the malware this time is still unknown.

Posted by Hatem at 7:19 AM to Alert | Permalink | Comments (0)

When a server is not well configured and the system administrator didn't make his job correctly, there is no reason to blame PHP. It's not in defense of the PHP scripting language, but to be realistic and to give to Ceasar what belongs to Ceasar!

Mod_php problem is well known for system admins and if you used to deal with high traffic websites, it's something very common to face and to resolve also. Personally during my 7-8 years of experience with PHP, I never faced such problems, even with very high traffic of one million unique visitors a day and more !

Nik Cubrilovic who posted the news on TechCrunch, posted on his blog also tips to prevent "PHP Leakage". Most easy way is using mod_security to filter output and prevent any leakage, which I find the most efficient way. Code that lives outside or inside the webroot doesn't matter much. I better recommend using PEAR if you want that your script stay out of the webroot, the classes at least. I'm curious to hear other expert's opinion on the subject, especially since it's the case of a very popular website such Facebook.

Posted by Hatem at 6:29 PM to Experience | Permalink | Comments (0)