Treat ALL input as malicious

Top 25 software errors

Injections (part 1)


Simple videos: 1a, 1b,2 showing hack (warning - turn down your volume!)


(Not in book, understand through online readings/vids!)


(Not in book, understand through online readings/vids!)

GET/POST insertion

Common 539 mistake: (what usually keeps taking Nova down!)

What is so bad about register_globals anyways?

PHP Superglobals

PHP Best Practices:

Stopping Insertion

Client vs. Server

Regular Expressions in PHP

			$string = "This is a test is it any good, isn't it?";
			echo preg_replace("/\sis\s/", " was ", $string);
			//Output: This was a test was it any good, isn't it?
			//NOTE only caught the an 'is' with spaces on BOTH sides
			//no 'g' needed!

Vectors used to discover inadequate input filters:

Popular characters to test input validation

CharacterURL EncodingComments
'%27The mighty tick mark (apostrophe), absolutely necessary for SQL injection
;%3bCommand separator, line terminator for scripts
<%3cOpening HTML tag
>%3eClosing HTML tag
%%25Useful for double-decode, search fields, signifies ASP, JSP tag
?%3fSignifies PHP tag
=%3dPlace multiple equal signs in a URL parameter
(%28SQL injection
)%29SQL injection
.%2eDirectory transversal, file access
/%2fDirectory transversal
*above characters are not always invalid, but where these characters are not expected by the application can easily be turned into an exploit

Build a php black list like this
Build a php white list like this
Play with Flowershop and break it!