secure coding and code review - upload.wikimedia.org · cross-site request forgery (csrf) if a user...
TRANSCRIPT
![Page 1: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/1.jpg)
Secure Coding and Code Review
Berlin : 2012
![Page 2: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/2.jpg)
Outline
● Overview of top vulnerabilities● Code review practice● Secure design / writing secure code● Write some secure code● Review a volunteer's code
![Page 3: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/3.jpg)
Top Problems
● Cross-Site Scriptng (xss)● Cross-Site Request Forgery (csrf)● Register Globals● SQL Injection
![Page 4: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/4.jpg)
XSS
● An attacker is able to inject client-side scripting into a web page, executed by others. May, or may not, be cross-domain.
● Can result in:● Authenticated Requests by victim● Session hijacking● Click jacking● Propagation of Script (xss worm)● Internal network access / portscanning
![Page 5: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/5.jpg)
Reflected XSS
● Javascript in the request is written to the page
● <input type="text" name="search_term" value="<? echo $_GET['search_term']; ?>" />
● And if someone sends you a link:“page.php?search_term=”><script>alert()</script><!--”?
![Page 6: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/6.jpg)
2nd Order (Stored) XSS
● Attacker-controlled data is stored on the website, and executable scripts are displayed to the viewer (victim)
●
![Page 7: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/7.jpg)
3rd Order (Dom-based) XSS
● Attacker controls existing DOM manipulations in a way that generates attacker-influenced execution of scripts
![Page 8: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/8.jpg)
Cross-Site Script Inclusion (xssi)
● (or “Javascript Hijacking”)● A script with sensitive data is included and
manipulated from another domain
![Page 9: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/9.jpg)
Preventing XSS
● Validate your input● Escape your output
● Mediawiki Tools:● Html, Xml, Sanitizer classes● jQuery elements● Jsonp api runs as anonymous
![Page 10: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/10.jpg)
Additional Reading
● For the theories behind XSS, and why certain filter should be applied, read:https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
● Quick reference of how to escape data in different html/document contexts:https://www.owasp.org/index.php/Abridged_XSS_Prevention_Cheat_Sheet
●
![Page 11: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/11.jpg)
Additional Reading on SOP
● Understanding cross-domain aspects of xss requires knowledge of the Same Origin Policy (SOP) you are dealing with
● https://www.owasp.org/index.php/File:SameOriginPolicy.ppt● http://code.google.com/p/browsersec/wiki/Part2
● The SOP for javascript, XHR, and Flash are different!
![Page 12: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/12.jpg)
Cross-Site Request Forgery (csrf)
● If a user has an authenticated session established to a secure site, a remote site can reference resources on that site, which will be requested with the authority of the logged-in user.
● A page on funnykitties.com can call the “image”:<img src='http://en.wikipedia.com/wiki/index.php?title=some_thing&action=delete' />
![Page 13: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/13.jpg)
Preventing CSRF
● Tokens written into form just prior to editing, and checked when form is received
● This is in addition to authentication / authorization checks
● Tokens must be difficult to predict
● Mediawiki uses editToken
![Page 14: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/14.jpg)
Register Globals
● If register_globals is on, then an attacker can set variables in your script
● If an attacker can control variables in your script, there is potential for
● Remote File Inclusion● Altering code execution path
![Page 15: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/15.jpg)
Register Global Vulnerabilities
● include($lang.".php");
● <?php
//MyScript.php
if ( authenticate( $_POST['username'], $_POST['pass'] ) ) {
$authenticated = true;
}
if ( $authenticated ) {
...
}
![Page 16: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/16.jpg)
Register Global Protections
● Don't use globals in script paths● Ensure your script is called in the correct
context● if ( !defined( 'MEDIAWIKI' ) ) die( 'Invalid
entry point.' );
● Sanitize defined globals before use● Define security-critical variables before use
as 'false' or 'null'
![Page 17: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/17.jpg)
SQL Injection
● Poorly validated data received from the user is used as part of a database (SQL) statement
● Can result in:● Authentication Bypass● Data Corruption● System Compromise
![Page 18: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/18.jpg)
Preventing SQLi
● Use MediaWiki built-in database classes and pass key=>value pairs to the functions
● select(), selectRow(), insert(), insertSelect(), update(), delete(), deleteJoin(), buildLike()
![Page 19: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/19.jpg)
Additional Top Web Vulnerabilities
● OWASP Top 10● https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
![Page 20: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/20.jpg)
![Page 21: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/21.jpg)
![Page 22: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/22.jpg)
![Page 23: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/23.jpg)
![Page 24: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/24.jpg)
![Page 25: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/25.jpg)
Secure Design Principles
● Simplicity● Secure by Default● Secure the Weakest Link● Least Privilege
![Page 26: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/26.jpg)
Secure Coding Checklist
● Avoid eval, create_function● Regex'es
● Don't use /e● Escape with preg_quote()
● Filter / Validate your Inputs● intval(), getInt(), etc● Use a whitelist of expected values when
possible
![Page 27: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/27.jpg)
Secure Coding Checklist● Use HTMLForm class, or include/check
$wgUser->editToken● Defend against register-globals● Use Html and Xml helper classes● Use Sanitizer::checkCss to use user's css● Use database wrapper functions● Write clean, clearly commented code!
![Page 28: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/28.jpg)
Write Some Secure Code
● Create a Special Page that allows searching, and showing results
● Assume you have a database of important text data:
● CREATE table `myData` (`id` INT, `name` varchar(80), `body` TEXT);
● Present a search box● Search the database for matches in `name`
or `body, display matches to user
![Page 29: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/29.jpg)
Review a Volunteer's Code
![Page 30: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/30.jpg)
Secure Coding and Code Review
Berlin : 2012
![Page 31: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/31.jpg)
Outline
● Overview of top vulnerabilities● Code review practice● Secure design / writing secure code● Write some secure code● Review a volunteer's code
![Page 32: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/32.jpg)
Top Problems
● Cross-Site Scriptng (xss)● Cross-Site Request Forgery (csrf)● Register Globals● SQL Injection
![Page 33: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/33.jpg)
XSS
● An attacker is able to inject client-side scripting into a web page, executed by others. May, or may not, be cross-domain.
● Can result in:● Authenticated Requests by victim● Session hijacking● Click jacking● Propagation of Script (xss worm)● Internal network access / portscanning
![Page 34: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/34.jpg)
Reflected XSS
● Javascript in the request is written to the page
● <input type="text" name="search_term" value="<? echo $_GET['search_term']; ?>" />
● And if someone sends you a link:“page.php?search_term=”><script>alert()</script><!--”?
![Page 35: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/35.jpg)
2nd Order (Stored) XSS
● Attacker-controlled data is stored on the website, and executable scripts are displayed to the viewer (victim)
●
![Page 36: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/36.jpg)
3rd Order (Dom-based) XSS
● Attacker controls existing DOM manipulations in a way that generates attacker-influenced execution of scripts
![Page 37: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/37.jpg)
Cross-Site Script Inclusion (xssi)
● (or “Javascript Hijacking”)● A script with sensitive data is included and
manipulated from another domain
![Page 38: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/38.jpg)
Preventing XSS
● Validate your input● Escape your output
● Mediawiki Tools:● Html, Xml, Sanitizer classes● jQuery elements● Jsonp api runs as anonymous
![Page 39: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/39.jpg)
Additional Reading
● For the theories behind XSS, and why certain filter should be applied, read:https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
● Quick reference of how to escape data in different html/document contexts:https://www.owasp.org/index.php/Abridged_XSS_Prevention_Cheat_Sheet
●
![Page 40: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/40.jpg)
Additional Reading on SOP
● Understanding cross-domain aspects of xss requires knowledge of the Same Origin Policy (SOP) you are dealing with
● https://www.owasp.org/index.php/File:SameOriginPolicy.ppt● http://code.google.com/p/browsersec/wiki/Part2
● The SOP for javascript, XHR, and Flash are different!
![Page 41: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/41.jpg)
Cross-Site Request Forgery (csrf)
● If a user has an authenticated session established to a secure site, a remote site can reference resources on that site, which will be requested with the authority of the logged-in user.
● A page on funnykitties.com can call the “image”:<img src='http://en.wikipedia.com/wiki/index.php?title=some_thing&action=delete' />
![Page 42: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/42.jpg)
Preventing CSRF
● Tokens written into form just prior to editing, and checked when form is received
● This is in addition to authentication / authorization checks
● Tokens must be difficult to predict
● Mediawiki uses editToken
![Page 43: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/43.jpg)
Register Globals
● If register_globals is on, then an attacker can set variables in your script
● If an attacker can control variables in your script, there is potential for
● Remote File Inclusion● Altering code execution path
![Page 44: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/44.jpg)
Register Global Vulnerabilities
● include($lang.".php");
● <?php
//MyScript.php
if ( authenticate( $_POST['username'], $_POST['pass'] ) ) {
$authenticated = true;
}
if ( $authenticated ) {
...
}
![Page 45: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/45.jpg)
Register Global Protections
● Don't use globals in script paths● Ensure your script is called in the correct
context● if ( !defined( 'MEDIAWIKI' ) ) die( 'Invalid
entry point.' );
● Sanitize defined globals before use● Define security-critical variables before use
as 'false' or 'null'
![Page 46: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/46.jpg)
SQL Injection
● Poorly validated data received from the user is used as part of a database (SQL) statement
● Can result in:● Authentication Bypass● Data Corruption● System Compromise
![Page 47: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/47.jpg)
Preventing SQLi
● Use MediaWiki built-in database classes and pass key=>value pairs to the functions
● select(), selectRow(), insert(), insertSelect(), update(), delete(), deleteJoin(), buildLike()
![Page 48: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/48.jpg)
Additional Top Web Vulnerabilities
● OWASP Top 10● https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
![Page 49: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/49.jpg)
![Page 50: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/50.jpg)
![Page 51: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/51.jpg)
![Page 52: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/52.jpg)
![Page 53: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/53.jpg)
![Page 54: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/54.jpg)
Secure Design Principles
● Simplicity● Secure by Default● Secure the Weakest Link● Least Privilege
![Page 55: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/55.jpg)
Secure Coding Checklist
● Avoid eval, create_function● Regex'es
● Don't use /e● Escape with preg_quote()
● Filter / Validate your Inputs● intval(), getInt(), etc● Use a whitelist of expected values when
possible
![Page 56: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/56.jpg)
Secure Coding Checklist● Use HTMLForm class, or include/check
$wgUser->editToken● Defend against register-globals● Use Html and Xml helper classes● Use Sanitizer::checkCss to use user's css● Use database wrapper functions● Write clean, clearly commented code!
![Page 57: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/57.jpg)
Write Some Secure Code
● Create a Special Page that allows searching, and showing results
● Assume you have a database of important text data:
● CREATE table `myData` (`id` INT, `name` varchar(80), `body` TEXT);
● Present a search box● Search the database for matches in `name`
or `body, display matches to user
![Page 58: Secure Coding and Code Review - upload.wikimedia.org · Cross-Site Request Forgery (csrf) If a user has an authenticated session established to a secure site, a remote site can reference](https://reader034.vdocuments.mx/reader034/viewer/2022052612/5f0fd2707e708231d4460d7a/html5/thumbnails/58.jpg)
Review a Volunteer's Code