|
|
|
|
| Upcoming Events | | |
There are no upcoming events |
| User Functions | | |
Don't have an account yet? Sign up as a New User
|
| |
|
  |
|
|
|
|
|
Anonymous: lewis
|
 Friday, May 12 2006 @ 08:55 PM EDT |
|
Configuration of linux apps and the OWASP security model.
The main app i'm concerned with is apache, and it's communication to mysql with php.
There are many suggestions in what modules should be used with apache, theory of what a secure app. should do, how to appropriately code php, what not to do with mysql.
This is just an initial string to start communication.
Lewis |
|
|
|
|
| |
lu
Registered: 10/30/05
Posts: 10
|
| Friday, May 12 2006 @ 09:45 PM EDT |
|
from the OWASP manual
http://www.owasp.org/documentation/guide/guide_downloads.html
PHP. Starting on page 257 there are outlined guidelines on writing php.
At the risk of showing my newbness in php, but not using superglobals makes things quite difficult for me.. anybody have any suggested techniques?
There was no mention of stripslashes(), stripcslashes(), strip_tags()
Starting on page 270 are there any comments questions on these suggestions?
Ok, it sayeth some rot about not using apps built using C or C++.... so only java programs are super secure? because of OOP? |
|
|
|
|
| |
Anonymous: lu
|
| Monday, May 15 2006 @ 08:51 PM EDT |
|
finding SUID root files
find / -perm +4000 -user root -type f -print
Result:
/usr/bin/newgrp
/usr/bin/chfn
/usr/bin/chsh
/usr/bin/gpasswd
/usr/bin/passwd
/usr/bin/at
/usr/bin/cardinfo
/usr/bin/traceroute.lbl
/usr/bin/gpg
/usr/bin/lpq
/usr/bin/lprm
/usr/bin/lpr
/usr/bin/mtr
/usr/bin/procmail
/usr/bin/fileshareset
/usr/bin/kgrantpty
/usr/bin/kpac_dhcp_helper
/usr/bin/cdrecord
/usr/bin/cdrecord.mmap
/usr/bin/cdrecord.shm
/usr/bin/sudo
/usr/bin/pumount
/usr/bin/pmount
/usr/bin/kppp
/usr/bin/gpg2
/usr/bin/cpufreq-selector
/usr/bin/smbumount
/usr/bin/smbmnt
/usr/bin/v4l-conf
/usr/lib/pt_chown
/usr/lib/ssh-keysign
/usr/lib/apache/suexec.disabled
/usr/sbin/exim4
/usr/sbin/pppd
/usr/sbin/pppoe
/usr/X11R6/bin/X
/bin/login
/bin/su
/bin/mount
/bin/umount
/bin/ping
/bin/ping6
find: /proc/4538/task: No such file or directory
find: /proc/4843/task/4843/fd/4: No such file or directory
/sbin/unix_chkpwd
/sbin/cardctl
find / -perm +2000 -group root -type f -print
Result:
/usr/X11R6/bin/X
find: /proc/4538/task: No such file or directory
find: /proc/4905/task/4905/fd/4: No such file or directory
I read this in a book.. at a coffee shop...
should these files need to priviliged.
chmod them as no u/g-s
|
|
|
|
|
| |
Anonymous: Lewis
|
| Monday, May 15 2006 @ 08:59 PM EDT |
|
Unneccessary accounts in linux, (unless they are necessary)
UUCP
games
x-windows managers
xfs
rpcusers
rpc,
any others? that wouldn't be neccessary in a secure environment?
|
|
|
|
|
| |
Anonymous: lewis
|
| Monday, May 15 2006 @ 09:34 PM EDT |
|
to remove services
update-rc.d -f "service_name" remove
or change the service name in the init level of your choice
|
|
|
|
|
| |
lu
Registered: 10/30/05
Posts: 10
|
| Friday, May 26 2006 @ 04:50 PM EDT |
|
Secure PHP Wiki
http://www.securephpwiki.com/index.php/Main_Page?seenIEPage=1 |
|
|
|
|
| |
|
|
|
|
|
| Topic Legend: |
 |
Normal Topic |
 |
Locked Topic |
 |
Sticky Topic |
|
 |
New Post |
 |
Sticky Topic W/ New Post |
 |
Locked Topic W/ New Post |
|
|
|
 |
Subscribe to this topic |
|
|
|
|
|
You may not post messages
|
|
Full HTML is allowed
|
|
Words are censored
|
|
|
|
