safelity
所属分类:系统/网络安全
开发工具:PHP
文件大小:0KB
下载次数:0
上传日期:2022-02-17 00:32:56
上 传 者:
sh-1993
说明: PHP的安全编程库,
(Secure programming library for PHP,)
文件列表:
LICENSE (34523, 2022-02-16)
Safelity.php (2138, 2022-02-16)
audit.sh (555, 2022-02-16)
poc/ (0, 2022-02-16)
poc/fget.php (94, 2022-02-16)
poc/fget2.php (101, 2022-02-16)
poc/hello.txt (12, 2022-02-16)
poc/index.php (1429, 2022-02-16)
poc/info.php (15, 2022-02-16)
poc/lfd.php (123, 2022-02-16)
poc/lfd2.php (131, 2022-02-16)
poc/lfi.php (78, 2022-02-16)
poc/lfi2.php (87, 2022-02-16)
poc/library.php (29, 2022-02-16)
poc/noncompliant.php (192, 2022-02-16)
poc/ping.php (127, 2022-02-16)
safelity
=================================================
Secure programming library for PHP, written as a proof of concept by Eldar "Wireghoul" Marcussen - http://www.justanotherhacker.com. Developed as part of my presentation at GIDS on [codified security](https://wurreka.com/ict/virtual-conference/web/session/codified-security).
Concept
---------------------------------------
The idea was to write a library that allows developers to write secure code in a way that is similar to how they would write code otherwise. This library ensures that the code only executes the intended functionality without the need for input validation or encoding of special characters. In order to achieve this, some limitations were introduced. The following requirements/objectives were set:
* PHP
* Linux
* Web based usage
* Small adjustment for developers
* No need for input validation
* Auditable
PoC
---------------------------------------
Security claims should not be made lightly, a challenge to hack the library was made public on the internet. While the challenge is no longer hosted example scripts are provided in the `poc/` directory and you can try to hack them yourself:
```bash
cd poc/
php -S 0:8000
```
The challenge files are now accessible via in your browser.
Usage of the library can also be audited by running `./audit.sh ` from the command line.
Inspiration
---------------------------------------
This library was inspired by a number of posts/opinions, but the following deserve a special mention:
* Making wrong code look wrong -
* Anti if campaign -
* c2 wiki -
近期下载者:
相关文件:
收藏者: