SSL

Full form of SSL is Secure Sockets Layer.
Secure Sockets Layer is the standard security technology for establishing an encrypted URL between browser and  web server. It ensure that all data passed between them  are integral and private means secure. SSL is industry protocol, used for securites the data. In Transaction all the URL must be SSL. To get SSL in URL (HTTPS), You must get a SSL Certification. you must provide various detail like company name, Name to Certification Authority. They will validate all the data provided by you.


SSL and  TLS are an integral part of most clients(Web browsers) and Websites(Web servers). If a Web site is on a server that supports SSL, SSL can be enabled and specific Web pages can be identified as requiring SSL access. Any Web server(Website) can be enabled by using Netscape's SSL Ref program library which can be downloaded for non-commercial use OR licensed for commercial use.

Working of SSL

Filter Input

Never trust on user input, always filter the data before send to server OR save in database.

Following are different type of filter which we must use
Email Address: Trim and validate the email address
Phone: Trim and validate the Phone number according to country.
Name: Strip tags, Trim the Name
URL/Website Name: Trim and validate the URL of the website.
Description : Strip tags, trim, remove bad words from the description

strip_tags: To Remove the Strip Tags like <script></script> or <a></a>
trim: To remove the Null & extra spaces from left / right.
htmlentities: To sanitieze the description.

Email Injection

Suppose we have "contact us" so that user visitor can send us enquiry. That are following

• Name  
• Email Address
• Description

In above Form, Following issues come

1. In Email Address someone can place [ "abc@gmail.com;testabc.@gmail.com"]
2. In Description Textarea, visitor can put description like below

[
Test Message

CC: yet-another-email-addresses@example.com, etc-etc@example.com

]

Now what happen, When we sent email through php mail function

• Two email address will be stored in database ie [CC: another-email-address@example.com, yet-another-email-addresses@example.com, etc-etc@example.com]
• Email also goes to y[et-another-email-addresses@example.com, etc-etc@example.com]
• There may be some serious issue also.

Such type of issues is known as Email Injection, where visitor tries to put data which developer not expect. 

Do following to avoid the Email Injection. 

• Validate the email address
• sanitize the description field
• Never trust on user input

Remote Code Injection

In some application, developer including the files dynamically and using the depending on URL argument to including the file name.

For example, see following URL.

1. /index.php?page=dashboard.php
2. /index.php?page=change_password.php
3. /index.php?page=buynow.php

$file=$_GET['page'];
include($file);

In above, developer is including file that is depending on the page argument in URI.

This type of development can have some very serious problem, If someone put the external URL page url.
See example below
/index.php?page=http://example.php/delete_all.php

When above URL is called, It will including delete_all.php file from another server that have dangerous code that delete all the data.
This is known as Remote Code Injection.

In Remote Code Injection, attacker put the his code, that may harm the website.

How to avoid the Remote Code Injection.

$file=$_GET['page'];
$includesFile = array('dashboard.php','change_password.php','buynow.php');
if(in_array($file, $includeFile)){
include($file);
}else{
include('filenotfound.php');
}

Session Security

There is two type of session attacks

• Session Fixation
• Session Hijacking

Session Fixation: User tries to attach explicitly and tries to set the session identifier through the URL. This is also called Session Riding because attacker may be able to "ride" on the same session.  Read More.....

Session Hijacking: In this attacker tries to get the session by guess. Read More.....