Security tips

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

Security tips

Wesley Overdijk
Hello to all,

As I'm going to be writing about zf2 security, I was hoping some of you had some tips for topics. Currently I don't have a lot to go with:
- Validators (and more in-dept csrf).
- Session validators
- Escaping

If you have ideas or suggestions, please let me know. Thank you :)

Kind regards,

Roberto Wesley Overdijk (RWOverdijk)
Reply | Threaded
Open this post in threaded view
|

Re: Security tips

Mike Willbanks
- Crypt (Including password hashing)
  + Timing attacks
  + Secure algorithms
  + Salts and more
- Typical PHP Security
  + Uploads
  + Exec
  + etc...

There is likely more but I am tired and my brain is on a bit of shutdown :)


On Mon, Jul 8, 2013 at 10:18 PM, Wesley Overdijk <[hidden email]> wrote:
Hello to all,

As I'm going to be writing about zf2 security, I was hoping some of you had some tips for topics. Currently I don't have a lot to go with:
- Validators (and more in-dept csrf).
- Session validators
- Escaping

If you have ideas or suggestions, please let me know. Thank you :)

Kind regards,

Roberto Wesley Overdijk (RWOverdijk)

Reply | Threaded
Open this post in threaded view
|

Re: Security tips

Enrico Zimuel-2
In reply to this post by Wesley Overdijk
Hi Wesley,

i forgot to cc zf-contributors :(

On Tue, Jul 9, 2013 at 8:31 AM, Enrico Zimuel <[hidden email]> wrote:

> Hi Wesley,
>
> the main components about security in ZF2 are:
> Zend\Authentication
> Zend\Captcha
> Zend\Crypt
> Zend\Escaper
> Zend\Filter
> Zend\InputFilter
> Zend\Permissions
> Zend\Math
> Zend\Validator
>
> Here you can find some information about Zend\Crypt in ZF2 and the
> last new features about ZF2 added in 2.1 version:
> https://speakerdeck.com/ezimuel/cryptography-made-easy-with-zend-framework-2
> http://www.zimuel.it/en/zf-2-1-0/
>
> Regards,
> Enrico Zimuel
>
> On Tue, Jul 9, 2013 at 7:18 AM, Wesley Overdijk <[hidden email]> wrote:
>> Hello to all,
>>
>> As I'm going to be writing about zf2 security, I was hoping some of you had some tips for topics. Currently I don't have a lot to go with:
>> - Validators (and more in-dept csrf).
>> - Session validators
>> - Escaping
>>
>> If you have ideas or suggestions, please let me know. Thank you :)
>>
>> Kind regards,
>>
>> Roberto Wesley Overdijk (RWOverdijk)
>
>
>
> --
> Enrico Zimuel
> Senior PHP Engineer     | [hidden email]
> Zend Framework Team     | http://framework.zend.com
> Zend Technologies Ltd.
> http://www.zend.com



--
Enrico Zimuel
Senior PHP Engineer     | [hidden email]
Zend Framework Team     | http://framework.zend.com
Zend Technologies Ltd.
http://www.zend.com
Reply | Threaded
Open this post in threaded view
|

Re: Security tips

Wesley Overdijk
Hello Enrico,

I was already sending you an email in which I said I thought you'd forgotten to press "reply-all" :D

Thanks! That's a very nice list. Should I add Acl to that?

Kind regards,

Roberto Wesley Overdijk (RWOverdijk)

On 9 jul. 2013, at 08:31, Enrico Zimuel <[hidden email]> wrote:

> Hi Wesley,
>
> i forgot to cc zf-contributors :(
>
> On Tue, Jul 9, 2013 at 8:31 AM, Enrico Zimuel <[hidden email]> wrote:
>> Hi Wesley,
>>
>> the main components about security in ZF2 are:
>> Zend\Authentication
>> Zend\Captcha
>> Zend\Crypt
>> Zend\Escaper
>> Zend\Filter
>> Zend\InputFilter
>> Zend\Permissions
>> Zend\Math
>> Zend\Validator
>>
>> Here you can find some information about Zend\Crypt in ZF2 and the
>> last new features about ZF2 added in 2.1 version:
>> https://speakerdeck.com/ezimuel/cryptography-made-easy-with-zend-framework-2
>> http://www.zimuel.it/en/zf-2-1-0/
>>
>> Regards,
>> Enrico Zimuel
>>
>> On Tue, Jul 9, 2013 at 7:18 AM, Wesley Overdijk <[hidden email]> wrote:
>>> Hello to all,
>>>
>>> As I'm going to be writing about zf2 security, I was hoping some of you had some tips for topics. Currently I don't have a lot to go with:
>>> - Validators (and more in-dept csrf).
>>> - Session validators
>>> - Escaping
>>>
>>> If you have ideas or suggestions, please let me know. Thank you :)
>>>
>>> Kind regards,
>>>
>>> Roberto Wesley Overdijk (RWOverdijk)
>>
>>
>>
>> --
>> Enrico Zimuel
>> Senior PHP Engineer     | [hidden email]
>> Zend Framework Team     | http://framework.zend.com
>> Zend Technologies Ltd.
>> http://www.zend.com
>
>
>
> --
> Enrico Zimuel
> Senior PHP Engineer     | [hidden email]
> Zend Framework Team     | http://framework.zend.com
> Zend Technologies Ltd.
> http://www.zend.com

Reply | Threaded
Open this post in threaded view
|

Re: Security tips

Wesley Overdijk
Sorry, I just noticed that Acl is in Permissions… Never mind my last email.

Kind regards,

Roberto Wesley Overdijk (RWOverdijk)

On 9 jul. 2013, at 08:34, Wesley Overdijk <[hidden email]> wrote:

> Hello Enrico,
>
> I was already sending you an email in which I said I thought you'd forgotten to press "reply-all" :D
>
> Thanks! That's a very nice list. Should I add Acl to that?
>
> Kind regards,
>
> Roberto Wesley Overdijk (RWOverdijk)
>
> On 9 jul. 2013, at 08:31, Enrico Zimuel <[hidden email]> wrote:
>
>> Hi Wesley,
>>
>> i forgot to cc zf-contributors :(
>>
>> On Tue, Jul 9, 2013 at 8:31 AM, Enrico Zimuel <[hidden email]> wrote:
>>> Hi Wesley,
>>>
>>> the main components about security in ZF2 are:
>>> Zend\Authentication
>>> Zend\Captcha
>>> Zend\Crypt
>>> Zend\Escaper
>>> Zend\Filter
>>> Zend\InputFilter
>>> Zend\Permissions
>>> Zend\Math
>>> Zend\Validator
>>>
>>> Here you can find some information about Zend\Crypt in ZF2 and the
>>> last new features about ZF2 added in 2.1 version:
>>> https://speakerdeck.com/ezimuel/cryptography-made-easy-with-zend-framework-2
>>> http://www.zimuel.it/en/zf-2-1-0/
>>>
>>> Regards,
>>> Enrico Zimuel
>>>
>>> On Tue, Jul 9, 2013 at 7:18 AM, Wesley Overdijk <[hidden email]> wrote:
>>>> Hello to all,
>>>>
>>>> As I'm going to be writing about zf2 security, I was hoping some of you had some tips for topics. Currently I don't have a lot to go with:
>>>> - Validators (and more in-dept csrf).
>>>> - Session validators
>>>> - Escaping
>>>>
>>>> If you have ideas or suggestions, please let me know. Thank you :)
>>>>
>>>> Kind regards,
>>>>
>>>> Roberto Wesley Overdijk (RWOverdijk)
>>>
>>>
>>>
>>> --
>>> Enrico Zimuel
>>> Senior PHP Engineer     | [hidden email]
>>> Zend Framework Team     | http://framework.zend.com
>>> Zend Technologies Ltd.
>>> http://www.zend.com
>>
>>
>>
>> --
>> Enrico Zimuel
>> Senior PHP Engineer     | [hidden email]
>> Zend Framework Team     | http://framework.zend.com
>> Zend Technologies Ltd.
>> http://www.zend.com
>

Reply | Threaded
Open this post in threaded view
|

Re: Security tips

Ben Scholzen 'DASPRiD'
In reply to this post by Wesley Overdijk
CONTENTS DELETED
The author has deleted this message.
Reply | Threaded
Open this post in threaded view
|

Re: Security tips

Wesley Overdijk
I don't have a reply-list button :p

Met vriendelijke groet / Kind regards,

Roberto Wesley Overdijk

@RWOverdijk
M. +31 (0)6  15553243

On 9 jul. 2013, at 13:14, Ben Scholzen 'DASPRiD' <[hidden email]> wrote:

On 09.07.2013 08:34, Wesley Overdijk wrote:
Hello Enrico,

I was already sending you an email in which I said I thought you'd forgotten to press "reply-all" :D
Do not press "reply-all", press "reply-list" ;P

--
Ben Scholzen 'DASPRiD'
Community Review Team Member | [hidden email]
Zend Framework               | http://www.dasprids.de