[Dshield] PHP Hardening
Algol Tradent
tradent at yahoo.com
Tue Apr 8 23:48:55 GMT 2008
Hi,
You might want to take a look at mod_security for
Apache
http://www.modsecurity.org/
--- Johannes Ullrich <jullrich at sans.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
>
> I use suhosin for the DShield website. It works
> quite well. Setting it
> up is easy. The only problem is that if you use it
> on an existing
> website, you will likely run into lots of errors at
> first. Use hte
> "simulation"mode to help you clean things up.
>
> Other then that... I am just writing a PHP security
> class. Should be
> ready in June/July ;-)
>
> On Mar 31, 2008, at 2:26 PM, warwick ackfin wrote:
> > Greetings all,
> > Looks like we will be pushing an
> Apache/PHP/MySql app out into the
> > wild
> > shortly. Obviously, such a beast can't go out
> without something
> > reasonably
> > robust to protect it from itself. I started
> looking into some PHP
> > Hardening
> > techniques and Suhosin comes recommended by some
> of our sister/brother
> > organizations. Anyone have any thoughts on
> Suhosin or other PHP
> > hardening
> > apps/techniques?
> >
> > http://www.hardened-php.net/suhosin/index.html
> >
> > Warwick
> > _________________________________________
> > SANS Security 2008 in New Orleans!! January 11-19
> 2008. Why freeze
> > up north if you can be in New Orleans.
> http://www.sans.org/info/15826
> >
>
> - ---------
> SANS 2008 - Orlando, FL; 41 courses, April 18-25
> http://www.sans.org/info/19686
>
>
>
>
>
>
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
>
>
iD8DBQFH85EDPNuXYcm/v/0RA7Z6AJ0adBqy35AE/HA6ZeqF2wlLum/EjwCffojG
> HRpQ5h0HVcTBcat9AVaAo/c=
> =FbF9
> -----END PGP SIGNATURE-----
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19
> 2008. Why freeze up north if you can be in New
> Orleans. http://www.sans.org/info/15826
>
____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.
http://tc.deals.yahoo.com/tc/blockbuster/text5.com
More information about the list
mailing list