![Page 1: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/1.jpg)
Dip Your Toesin the Sea of Security
James Titcumbphp[MiNDS] Meetup - January 2016
![Page 2: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/2.jpg)
James Titcumbwww.jamestitcumb.comwww.roave.comwww.phphants.co.ukwww.phpsouthcoast.co.uk@asgrim
Who is this guy?
![Page 3: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/3.jpg)
Some simple code...
<?php
$a = (int)filter_var($_GET['a'], FILTER_SANITIZE_NUMBER_INT);
$b = (int)filter_var($_GET['b'], FILTER_SANITIZE_NUMBER_INT);
$result = $a + $b;
printf('The answer is %d', $result);
![Page 4: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/4.jpg)
![Page 5: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/5.jpg)
The Golden Rules
![Page 6: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/6.jpg)
The Golden Rules(my made up golden rules)
![Page 7: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/7.jpg)
1. Keep it simple
![Page 8: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/8.jpg)
2. Know the risks
![Page 9: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/9.jpg)
3. Fail securely
![Page 10: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/10.jpg)
4. Don’t reinvent the wheel
![Page 11: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/11.jpg)
5. Never trust anything
![Page 13: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/13.jpg)
Application Security(mainly PHP applications)
![Page 14: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/14.jpg)
Always remember…
Filter InputEscape Output
![Page 15: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/15.jpg)
© 2003 Disney/Pixar. All Rights Reserved.
SQL Injection (#1)
![Page 17: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/17.jpg)
SQL Injection (#1)
1. Use PDO / mysqli2. Use prepared / parameterized statements
![Page 18: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/18.jpg)
SQL Injection (#1)<?php
// user_id=1; DROP TABLE users; --
$user_id = $_GET['user_id'];
$sql = "
SELECT * FROM users
WHERE user_id = {$user_id}";
$db->execute($sql); ✘
![Page 19: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/19.jpg)
SQL Injection (#1)<?php
$user_id = $_GET['user_id'];
$sql = "
SELECT * FROM users
WHERE user_id = :userid";
$stmt = $db->prepare($sql);
$stmt->bind('userid', $user_id);
$stmt->execute();✓
![Page 20: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/20.jpg)
© 2003 Disney/Pixar. All Rights Reserved.
![Page 21: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/21.jpg)
exec($_GET)https://github.com/search?q=exec%28%24_GET&ref=cmdform&type=Code
![Page 22: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/22.jpg)
eval()https://github.com/search?q=eval%28%24_GET&type=Code&ref=searchresults
![Page 23: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/23.jpg)
Cross-Site Scripting / XSS (#3)© 2003 Disney/Pixar. All Rights Reserved.
![Page 24: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/24.jpg)
Cross-Site Scripting / XSS (#3)
● Escape output<?php
$unfilteredInput = '<script type="text/javascript">...</script>';
// Unescaped - JS will run :'(
echo $unfilteredInput;
// Escaped - JS will not run :)
echo htmlspecialchars($string, ENT_QUOTES, 'UTF-8');
![Page 25: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/25.jpg)
Cross-Site Request Forgery / CSRF (#8)
http://www.factzoo.com/invertebrates/cuttlefish-chameleon-of-the-sea.html
![Page 26: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/26.jpg)
<?php
if (!$isPost) {
$csrfToken = base64_encode(random_bytes(32)));
$_SESSION['csrf_token'] = $csrfToken;
// ... output the form ...
echo '<input type="hidden" name="csrf_token" value="'.$csrfToken.'" />';
} else if ($isPost) {
if (hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
die("Token invalid...");
}
// ... handle the form ...
}
Cross-Site Request Forgery / CSRF (#8)
![Page 27: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/27.jpg)
<?php
if (!$isPost) {
$csrfToken = base64_encode(random_bytes(32)));
$_SESSION['csrf_token'] = $csrfToken;
// ... output the form ...
echo '<input type="hidden" name="csrf_token" value="'.$csrfToken.'" />';
} else if ($isPost) {
if (hash_equals($_SESSION['csrf_token'], $_POST['csrf_token'])) {
die("Token invalid...");
}
// ... handle the form ...
}
Cross-Site Request Forgery / CSRF (#8)
![Page 28: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/28.jpg)
Errors, Exceptions & Logging (#6)
© 2003 Disney/Pixar. All Rights Reserved.
![Page 29: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/29.jpg)
Errors, Exceptions & Logging (#6)
![Page 30: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/30.jpg)
© 2003 Disney/Pixar. All Rights Reserved.
![Page 31: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/31.jpg)
curl + https<?php
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
✘
![Page 32: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/32.jpg)
curl + https<?php
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, true);
curl_setopt($ch, CURLOPT_CAINFO, "/path/to/certificate");
✓
![Page 33: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/33.jpg)
© 2003 Disney/Pixar. All Rights Reserved.
![Page 34: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/34.jpg)
WordPress PluginsAudit third party plugins carefully.
![Page 35: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/35.jpg)
WordPress PluginsAudit third party plugins carefully.
ANY THIRD PARTY CODE
![Page 36: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/36.jpg)
WordPress PluginsAudit third party plugins carefully.
ANY THIRD PARTY CODE
github.com/ /SecurityAdvisories
![Page 37: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/37.jpg)
![Page 38: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/38.jpg)
We are not allsecurity experts!
![Page 39: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/39.jpg)
We are not allsecurity experts!
… but we CAN write secure code
![Page 40: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/40.jpg)
Be the threat
Think Differently
![Page 41: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/41.jpg)
What do you want?
Think Differently
![Page 42: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/42.jpg)
How do you get it?
Think Differently
![Page 43: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/43.jpg)
Threat ModellingD.R.E.A.D.
© Buena Vista Pictures
![Page 44: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/44.jpg)
Threat Modelling
DamageREAD
© Buena Vista Pictures
![Page 45: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/45.jpg)
Threat Modelling
DamageReproducibilityEAD
© Buena Vista Pictures
![Page 46: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/46.jpg)
Threat Modelling
DamageReproducibilityExploitabilityAD
© Buena Vista Pictures
![Page 47: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/47.jpg)
Threat Modelling
DamageReproducibilityExploitabilityAffected usersD
© Buena Vista Pictures
![Page 48: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/48.jpg)
Threat Modelling
DamageReproducibilityExploitabilityAffected usersDiscoverability
© Buena Vista Pictures
![Page 49: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/49.jpg)
Authentication& Authorization
![Page 50: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/50.jpg)
AuthenticationVerifying Identity
![Page 51: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/51.jpg)
Case Study: Custom Authentication
We thought about doing this…
![Page 52: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/52.jpg)
Case Study: Custom Authentication
We thought about doing this…
![Page 53: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/53.jpg)
Case Study: Custom Authentication
We thought about doing this…
✘
![Page 54: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/54.jpg)
Password Hashingpassword_hash()
![Page 55: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/55.jpg)
AuthorizationVerifying Access
![Page 56: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/56.jpg)
CRYPTOGRAPHYIS
HARD
![Page 57: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/57.jpg)
![Page 58: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/58.jpg)
CRYPTOGRAPHYIS
HARDNEVER EVER “ROLL YOUR OWN”
![Page 59: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/59.jpg)
CRYPTOGRAPHYIS
HARDNEVER EVER “ROLL YOUR OWN”
EVER!!!
![Page 60: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/60.jpg)
How to encrypt then?
![Page 61: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/61.jpg)
I’ve got some great ideas for encryption...
Image: The Guardian (http://goo.gl/pUkyvO)
![Page 62: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/62.jpg)
How to encrypt then?libsodium PECL package
![Page 63: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/63.jpg)
Linux Server Security
![Page 64: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/64.jpg)
Create an SSH Fortress
![Page 65: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/65.jpg)
Firewalls
![Page 66: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/66.jpg)
iptables#!/bin/bash
IPT="/sbin/iptables"
$IPT --flush
$IPT --delete-chain
$IPT -P INPUT DROP
$IPT -P FORWARD DROP
$IPT -P OUTPUT DROP
# Loopback
$IPT -A INPUT -i lo -j ACCEPT
$IPT -A OUTPUT -o lo -j ACCEPT
# Inbound traffic
$IPT -A INPUT -p tcp --dport ssh -j ACCEPT
$IPT -A INPUT -p tcp --dport 80 -j ACCEPT
$IPT -A INPUT -p tcp --dport 443 -j ACCEPT
# Outbound traffic
$IPT -A OUTPUT -p tcp --dport 80 -j ACCEPT
$IPT -A OUTPUT -p tcp --dport 443 -j ACCEPT
$IPT -A OUTPUT -p udp --dport 53 -m state --state NEW -j ACCEPT
![Page 67: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/67.jpg)
ufwsudo ufw enable
sudo ufw allow 22
sudo ufw allow 80
![Page 68: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/68.jpg)
Mitigate Brute Force Attacks
![Page 69: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/69.jpg)
Install OnlyWhat You Need
![Page 70: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/70.jpg)
© 2003 Disney/Pixar. All Rights Reserved.
![Page 71: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/71.jpg)
+
![Page 72: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/72.jpg)
Case Study: Be Minimal
Internets
Postfix
Squid Proxy(badly configured)
hacker
spam
![Page 73: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/73.jpg)
Resources
● http://securingphp.com/● https://www.owasp.org/● http://blog.ircmaxell.com/● https://github.com/paragonie/random_compat● https://github.com/ircmaxell/password_compat
![Page 74: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/74.jpg)
The Golden Rules
1. Keep it simple2. Know the risks3. Fail securely4. Don’t reinvent the wheel5. Never trust anything / anyone
![Page 75: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/75.jpg)
If you follow all this, you get...
![Page 76: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/76.jpg)
If you follow all this, you get...
![Page 77: Dip Your Toes in the Sea of Security (PHP MiNDS January Meetup 2016)](https://reader030.vdocuments.mx/reader030/viewer/2022020314/587fd35e1a28ab58248b5151/html5/thumbnails/77.jpg)
Any questions? :)
https://joind.in/talk/0ad74James Titcumb @asgrim