PHPDeveloper.org

C. Sadeesh Kumar's Blog: Smart File Type Detection Using PHP

Mon, 29 Aug 2011 12:07:53 -0500

In a new post today C. Sadeesh Kumar has a quick tip to help your script detect file types without having to rely on the extension to be correct.

In most web applications today, there is a need to allow users to upload images, audio and video files. Sometimes, we also need to restrict certain types of files from being uploaded - an executable file being an obvious example. Security aside, one might also want to prevent users from misusing the upload facility, e.g. uploading copyrighted music files illegally and using the service to promote piracy! In this article, we'll look into a few ways in which we can achieve this.

The trick to his example is in using the Fileinfo PECL extension. With the help of this extension you can look inside the file and pick out the "magic bytes" (the first few bytes of a file) and see what MIME type the file really is. He includes a simple example of using the extension on a file and a file upload script that checks the type and handles the file accordingly.

Ibuildings techPortal: PHP intrusion Detection System (PHPIDS)

Tue, 04 Aug 2009 08:48:42 -0500

On the Ibuildings techPortal site today Boy Baukema looks at PHPIDS, the PHP intrusion detection system and how it can start to help protect you and your application feel a little safer.

Just a reminder to everyone who is interested in WebAppSec and hasn't done so already to try PHPIDS, the Intrusion Detection System. [...] Installing PHPIDS is easy. Just download the latest version in your preferred format and then review the the FAQ for sample code on how to install it.

He does warn on one thing though - the system is a basic intrusion detection system and is not as complex as other detection tools. There were some complains he had about what it thought were intrusions and recommends that you only have it pointing to the external side of your application to cause less hassle in the long run.

Maurice Svay's Blog: Face detection in pure PHP (without OpenCV)

Mon, 22 Jun 2009 12:53:22 -0500

Maurice Svay has a new blog post that includes a script he's developed to perform facial recognition (detect faces in images) with PHP without the need of the Open-CV library.

OpenCV seems to perform well but you need to be able to install it on your server. In my case, I wanted to have a pure PHP solution, so it can work with most hosts. So I started to think about implementing it myself. [...] I kept searching and finally found a canvas+javascript implementation of face detection at http://blog.kpicturebooth.com/?p=8. The code looked fairly compact and simple. Shouldn't be hard to port to PHP.

The class takes in the filename of an image (just JPG, but could easily be adapted) and a data file to use to run the image through the GD image library and output a JPG similar to this with the face highlighted by a red square.

HowTo Forge: Intrusion Detection For PHP Applications With PHPIDS

Tue, 24 Jun 2008 10:22:04 -0500

On the HowTo Forge website, there's a recently posted article about using the IDS tool for PHP to help with intrusion detection for your website.

This tutorial explains how to set up IDS tool on a web server with Apache2 and PHP5. PHPIDS (PHP-Intrusion Detection System) is a simple to use, well structured, fast and state-of-the-art security layer for your PHP based web application. The IDS neither strips, sanitizes nor filters any malicious input, it simply recognizes when an attacker tries to break your site and reacts in exactly the way you want it to.

They show the steps you'll need to get things installed and working as well as some of the configuration changes you'll need to add/make (including the creation of an auto-prepend file to make using it all over easy).

Sebastian Bergmann's Blog: On PHPUnit and Software Metrics

Fri, 08 Feb 2008 09:31:00 -0600

In one of his latest entries, Sebastian Bergmann answers a question from another blogger about the future of software metrics and project mess detection as a part of the PHPUnit project.

When I started to work on these projects, there was no other place for me then to develop them as part of PHPUnit. [...] But the more I thought about it, I realized that these features do not belong into PHPUnit but into a suite of tools that PHPUnit is a well-integrated part of.

He did, however, include it as a part of the PHPUnit 3.2 release at that time. Now, however, there are the tools and platforms to make those tests useful outside of the PHPUnit environment and is allowing him to move it out from the testing application and on to closer integration with other software.

Sebastian Bergmann's Blog: Copy & Paste Detection in PHPUnit 3.2

Wed, 22 Aug 2007 09:31:00 -0500

Sebastian Bergmann spotlights another feature of the upcoming PHPUnit version 3.2 - the inclusion of a Project Mess Detector's ability to help find duplicate code.

Duplicate code can be hard to find, especially in a large project. Johann-Peter Hartmann of MAYFLOWER GmbH recently implemented Copy & Paste Detection for PHPUnit's growing set of features that extends its usage scenarios beyond "just unit testing" to a one-stop solution for quality assurance in PHP-based projects.

In his example, Sebastian shows what the response will look like when the tests find duplicate code - giving details like the files involved and the code fragment that was duplicated.

Check out this list in another post on Sebastian's blog for more of the metrics that will be included in the upcoming version.

Tutorial: An Introduction to PHPIDS (PHP-Intrusion Detection System)

Tue, 19 Jun 2007 15:28:56 -0500

After several weeks of work Mario Heiderich, Lars Strojny and of course myself released the first stable versions of the PHPIDS - currently at version 0.2.2.

You will find the project site on http://php-ids.org/

In this article I would like to present our framework and explain how it can be used, hoping that developers consider it useful to make their application more secure.

The PHPIDS is a system that is meant to be an additional layer of security for any PHP based website or web application. In fact, this layer does not filter input - that would be a task for different layers - but it makes sure that no potential attack against the application goes unnoticed.

Based on a collection of heavily tested regular expressions the PHPIDS is able to efficiently recognize, classify and ultimately react on many different kinds of attacks - including, besides others, XSS, SQL injection, directory traversal, String.fromCharcode attacks, halfwidth/fullwidth encoding attacks and remote code execution. Due to its flexible and easy configuration the PHPIDS reaction will happen in exactly the way the developer intends.

The integration is as simple as can be. Besides PHP 5.2 the only necessary extension is SimpleXML and the following code:

[php] getFilterFromXML('../../lib/default_filter.xml'); /* * Instanciate the IDS and start the detection * * here we are using $_GET but you can pass any * array you want like $_SERVER, $_SESSION etc. */ $get = new IDS_Monitor($_GET, $storage); $report = $get->run(); if (!$report->isEmpty()) { // Get the overall impact echo "Impact: {$report->getImpact()}n"; // Get array of every tag used echo 'Tags: ' . join(', ', $report->getTags()) . "n"; // Iterate through the report and get every event (IDS_Event) foreach ($report as $event) { echo "Variable: {$event->getName()} | Value: {$event->getValue()}n"; echo "Impact: {$event->getImpact()} | Tags: " . join(", ", $event->getTags()) . "n"; // Iterator throught every filter foreach ($event as $filter) { echo "Description: {$filter->getDescription()}n"; echo "Tags: " . join(", ", $filter->getTags()) . "n"; } } } /* * Additionally you have the option to store the detected * data using IDS_Log_Composite and for example IDS_Log_File */ require_once '../../lib/IDS/Log/File.php'; require_once '../../lib/IDS/Log/Composite.php'; $compositeLog = new IDS_Log_Composite(); $compositeLog->addLogger( IDS_Log_File::getInstance('log.txt') ); if (!$report->isEmpty()) { $compositeLog->execute($report); } } catch (Exception $e) { printf( 'An error occured: %s', $e->getMessage() ); } ?> [/php]

Ideally the PHPIDS should be included in a central position of the application or even better via auto_prepend_file. If an attack takes place the IDS result object will be returned filled with data and the programmer can decide the appropriate reaction. For the most part decisions about the reaction are dependent on the detected attacks' cumulative impact.

The impact variable acts as an indicator for an attack's severity and can be used to grade the application's reaction on that attack. For example, if the impact was 3, an appropriate response might be to log the issue in a file, whereas if the impact was around 12, a warning mail to the site owner might be more applicable whilst an impact of 24 or above might print out a message to the attacker stating that his intrusion attempt has been detected and request aborted.

The PHPIDS is heavily tested via phpUnit and profiles via xdebug meaning that you can expect a minimal performance hit to your applications. We are currently using the PHPIDS with great success on several high traffic sites; ormigo.com and neu.de being the two foremost examples of this. Documentation and support is available on the project site or via our forum. Future development for the PHPIDS will possibly rank around detection of fragmented XSS and enhanced detection of heavily encoded attack vectors.

For users of .NET there's the .NETIDS written by Martin Hinks which is a port of the PHPIDS and uses the same filter rules. You will find any related resources on the .NETIDS project page (http://code.google.com/p/dotnetids/). Support for the .NETIDS is also available in the PHPIDS forum.

Regards, Christian Matthies & Mario Heiderich