[Dshield] PHP Hardening

Algol Tradent tradent at yahoo.com
Tue Apr 8 23:48:55 GMT 2008


Hi,

You might want to take a look at mod_security for
Apache

http://www.modsecurity.org/



--- Johannes Ullrich <jullrich at sans.org> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
> 
> 
> I use suhosin for the DShield website. It works
> quite well. Setting it  
> up is easy. The only problem is that if you use it
> on an existing  
> website, you will likely run into lots of errors at
> first. Use hte  
> "simulation"mode to help you clean things up.
> 
> Other then that... I am just writing a PHP security
> class. Should be  
> ready in June/July ;-)
> 
> On Mar 31, 2008, at 2:26 PM, warwick ackfin wrote:
> > Greetings all,
> >   Looks like we will be pushing an
> Apache/PHP/MySql app out into the  
> > wild
> > shortly.  Obviously, such a beast can't go out
> without something  
> > reasonably
> > robust to protect it from itself.  I started
> looking into some PHP  
> > Hardening
> > techniques and Suhosin comes recommended by some
> of our sister/brother
> > organizations.  Anyone have any thoughts on
> Suhosin or other PHP  
> > hardening
> > apps/techniques?
> >
> > http://www.hardened-php.net/suhosin/index.html
> >
> > Warwick
> > _________________________________________
> > SANS Security 2008 in New Orleans!! January 11-19
> 2008. Why freeze  
> > up north if you can be in New Orleans. 
> http://www.sans.org/info/15826
> >
> 
> - ---------
> SANS 2008 - Orlando, FL; 41 courses, April 18-25
> http://www.sans.org/info/19686
> 
> 
> 
> 
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.7 (Darwin)
> 
>
iD8DBQFH85EDPNuXYcm/v/0RA7Z6AJ0adBqy35AE/HA6ZeqF2wlLum/EjwCffojG
> HRpQ5h0HVcTBcat9AVaAo/c=
> =FbF9
> -----END PGP SIGNATURE-----
> _________________________________________
> SANS Security 2008 in New Orleans!! January 11-19
> 2008. Why freeze up north if you can be in New
> Orleans.  http://www.sans.org/info/15826
> 



      ____________________________________________________________________________________
You rock. That's why Blockbuster's offering you one month of Blockbuster Total Access, No Cost.  
http://tc.deals.yahoo.com/tc/blockbuster/text5.com


More information about the list mailing list