[Dshield] PHP Hardening

Johannes Ullrich jullrich at sans.org
Wed Apr 2 13:58:27 GMT 2008


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160


I use suhosin for the DShield website. It works quite well. Setting it  
up is easy. The only problem is that if you use it on an existing  
website, you will likely run into lots of errors at first. Use hte  
"simulation"mode to help you clean things up.

Other then that... I am just writing a PHP security class. Should be  
ready in June/July ;-)

On Mar 31, 2008, at 2:26 PM, warwick ackfin wrote:
> Greetings all,
>   Looks like we will be pushing an Apache/PHP/MySql app out into the  
> wild
> shortly.  Obviously, such a beast can't go out without something  
> reasonably
> robust to protect it from itself.  I started looking into some PHP  
> Hardening
> techniques and Suhosin comes recommended by some of our sister/brother
> organizations.  Anyone have any thoughts on Suhosin or other PHP  
> hardening
> apps/techniques?
>
> http://www.hardened-php.net/suhosin/index.html
>
> Warwick
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19 2008. Why freeze  
> up north if you can be in New Orleans.  http://www.sans.org/info/15826
>

- ---------
SANS 2008 - Orlando, FL; 41 courses, April 18-25
http://www.sans.org/info/19686







-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (Darwin)

iD8DBQFH85EDPNuXYcm/v/0RA7Z6AJ0adBqy35AE/HA6ZeqF2wlLum/EjwCffojG
HRpQ5h0HVcTBcat9AVaAo/c=
=FbF9
-----END PGP SIGNATURE-----


More information about the list mailing list