Building Secure App Using ZF2

All rights reserved. Zend Technologies, Inc.
Building secure web

applications using ZF2
by Enrico Zimuel (enrico@zend.com)
Senior Software Engineer
Zend Framework Core Team
Zend Technologies Ltd
Enrico Zimuel (@ezimuel)
o!tware Engineer since "##$
%ssembly &'$( C)C**( +a,a( -erl( -.-
-.- Engineer at Zend Technologies in the
Zend Framework Team
/nternational s0eaker( author o! articles and
books on -.- and secure 0rogramming
1esearcher 0rogrammer at /n!ormatics
/nstitute o! 2ni,ersity o! %msterdam
Co3!ounder o! -24 Torino (/taly)
About me
56%- To0 Ten %ttacks
") Cross3ite cri0ting (7)
8) /n9ection Flaws
:) ;alicious File E&ecution
<) /nsecure =irect 5b9ect 1e!erence
>) Cross ite 1e?uest Forgery (C1F)
$) /n!ormation Leakage and /m0ro0er Error .andling
@) Aroken %uthentication and ession ;anagement
') /nsecure Cry0togra0hic torage
#) /nsecure Communications
"B) Failure to 1estrict 21L %ccess
ecurity 0ractices
Filter Input, Escape Output
Yes, but it's not enoug!
ecurity tools in ZF8
ZendC%uthentication
ZendCCa0tcha
ZendCCry0t
ZendCEsca0er
ZendCFilter
ZendC/n0utFilter
ZendC-ermissions
ZendC;ath
ZendCDalidator
Zend"Autentication
%uthentication
Zend"Autentication 0ro,ides %-/ !or authentication

and includes concrete authentication ada0ters !or
common use case scenarios.
%da0tersE
=atabase Table
=igest
.TT-
L=%-
Four ada0ter
E&am0le
Zend"#ermissions
ZendC-ermissionsC%cl
The com0onent 0ro,ides a lightweight and !le&ible

access control list (%CL) im0lementation !or
0ri,ileges management
TerminologyE
a resource is an ob9ect to which access is

controlled
a role is an ob9ect that may re?uest access

to a resource
E&am0le
ZendC-ermissionsC1bac (G ZF8.")
-ro,ides a lightweight 1ole3Aased %ccess Control

im0lementation based around -.- >.:Hs -L
RecursiveIterator and RecursiveIteratorIterator
1A%C di!!ers !rom access control lists (%CL) by

0utting the em0hasis on roles and their
0ermissions rather than ob9ects (resources)
TerminologyE
an identit$ has one or more roles
a role re?uests access to a 0ermission
a permission is gi,en to a role

Zend"Filter
ZendCFilter
The ZendCFilter com0onent 0ro,ides a set o!

commonly needed data !ilters. /t also 0ro,ides a
sim0le !ilter chaining mechanism by which
multi0le !ilters may be a00lied to a single datum
in a user3de!ined order.
1ememberE IFilter the in0ut( alwaysJ

tandard Filter Classes
%lnum
%l0ha
AaseKame
Aoolean
Callback
Com0ress)=ecom0ress
=igits
=ir
Encry0t)=ecry0t
.tmlEntities
/nt
Kull
KumberFormat
-reg1e0lace
1eal-ath
tringToLower)To200er
tringTrim
tri0KewLines)Tags
Zend"%alidator
ZendCDalidator
The ZendCDalidator com0onent 0ro,ides a set o!

commonly needed ,alidators. /t also 0ro,ides a
sim0le ,alidator chaining mechanism by which
multi0le ,alidators may be a00lied to a single
datum in a user3de!ined order.
% ,alidator e&amines its in0ut with res0ect to some

re?uirements and 0roduces a boolean result 3
whether the in0ut success!ully ,alidates against
the re?uirements.
E&am0le
tandard Dalidator Classes
%lnum
%l0ha
Aarcode
Aetween
Callback
CreditCard
=ate
=bC1ecordE&ists and Ko1ecordE&ists
=igits
Email%ddress
4reaterThan)LessThan
.e&
.ostname
/ban
/dentical
/n%rray
/0
/sbn
KotEm0ty
-ostCode
1ege&
itema0
te0
tringLength
Zend"InputFilter
ZendC/n0utFilter
The ZendC/n0utFilter com0onent can be used to

!ilter and ,alidate generic sets o! in0ut data. For
instance( you could use it to !ilter LM4ET or
LM-5T ,alues( CL/ arguments( etc.
1ememberE IFilter the in0ut( alwaysJ

E&am0le
Zend"Escaper
Esca0er
Esca0e the out0ut( multi0le !ormatsE
esca0e.tml()
esca0e.tml%ttr()
esca0e+s()
esca0e2rl()
Esca0eCss()
1ememberE IEsca0e the out0ut( alwaysJ

Zend"&aptca
ZendCCa0tcha
C%-TC.% stands !or ICom0letely %utomated

-ublic Turing test to tell Com0uters and
.umans %0artJN it is used as a challenge3
res0onse to ensure that the indi,idual
submitting in!ormation is a human and not an
automated 0rocess
% ca0tcha is used to 0re,ent s0am submissions

E&am0le
Ca0tcha ada0ters
ZendCCa0tchaC%bstract6ord
ZendCCa0tchaC=umb
ZendCCa0tchaCFiglet
ZendCCa0tchaC/mage
ZendCCa0tchaC1eCa0tcha
Zend"&r$pt
Cry0togra0hy is hard
Cry0togra0hy is hard( and the im0lementation is

e,en more hardO
-.- o!!ers some cry0to 0rimiti,es but you need some

cry0togra0hy background to use it (this is not
straight!orward)
This can res0resent a barrier that discouraged most

o! the -.- de,elo0ers
Cry0togra0hy using ZF8
Zend"&r$pt wants to hel0 -.- de,elo0ers to use strong

cryptography in their 0ro9ects
/n -.- we ha,e built3in !unctions and e&tensions !or

cry0togra0hy sco0esE
cry0t()
;cry0t
50enL
.ash (by de!ault in -.- >.".8)
;hash (emulated by .ash !rom -.- >.:)

ZendCCry0t
Zend"&r$pt com0onentsE
Zend"&r$pt"#assword
Zend"&r$pt"'e$"(eri)ation
Zend"&r$pt"*$mmetic
Zend"&r$pt"#ublic'e$
Zend"&r$pt"+as
Zend"&r$pt"+mac
Zend"&r$pt"Bloc,&iper
+ow to encr$pt
sensiti)e data
Encry0t and %uthenticate
Zend"&r$pt"Bloc,&iper can be used to encry0t)decry0t

sensiti,e data (symmetric encry0tion)
-ro,ides encr$ption - autentication .+/A&0
im0li!ied %-/E
set'e$.1,e$0
encr$pt.1data0
decr$pt.1data0
/t uses the /cr$pt ada0ter (ZendCCry0tCymmetricC;cry0t)

=e!ault encry0tion ,alues
=e!ault ,alues used by Bloc,&iperE
%E algorithm (key o! 8>$ bits)
CAC mode * .;%C (.%38>$)
-PC@ 0adding mode (1FC >$>8)
-AP=F8 to generate encry0tion key *

authentication key !or .;%C
1andom /D !or each encry0tion

E&am0leE %E encry0tion
The encry0ted te&t is encoded in Aase$<( you can switch to
binary out0ut using setBinar$Output.true0
E&am0leE encry0tion out0ut
B$<bB>b''>:<8dc#"e@#">e<#8@">ac!B!'#$$8Bd
b!#d"eBBddB@#'b">e@8e'cZg*h5:<C:!:eb'Te+
;#&6Q1De&"y>zeLrAsK,*dFeDy:A+a*07Zb2QF
KZwB&#s
ZendCCry0tCAlockCi0herEEencry0t
IThis is the message to encry0tJ
Ithis is the
encry0tion keyJ
+/A&, I%, ciperte2t
E&am0leE decry0t
+ow to sa3el$ store
a user's password
.ow to store a 0assword
.ow do you sa!ely store a 0asswordR
5ld school (insecure)E
;=>).%"(0assword)
;=>).%"(0assword . salt)
where salt is a random string
Kew school (secure)E
bcr$pt
6hy ;=>).%" Ssalt is not secureR
=ictionary)brute !orce attacks more e!!icient
4#53accelerated 0assword hashE
6itepi2el pro7ect
white0i&el.zorina?.com
< =ual .= >#@B( ~ L8'BB

Algorithm Speed 8 chars 9 chars 10 chars
md5($pass) 33 billion p/s 1 hour 4 days 294 days
bcry0t
bcr$pt uses Alow!ish ci0her * iterations to generate

secure hash ,alues
bcr$pt is secure against brute !orce attacks because is

slow( ,ery slow (that means attacks need huge amount
o! time to be com0leted)
The algorithm needs a salt ,alue and a work !actor

0arameter (cost)( which allows you to determine how
e&0ensi,e the bcr$pt !unction will be
ZendCCry0tC-asswordCAcry0t
6e used the cr$pt.0 !unction o! -.- to im0lement the

bcr$pt algorithm
The cost is an integer ,alue !rom < to :"
The de!ault ,alue !or ZendCCry0tC-asswordCAcry0t is "<

(that is e?ui,alent to " second o! com0utation using an
/ntel Core i> C-2 at :.: 4hz).
The cost ,alue de0ends on the C-2 s0eed( check on your

systemO 6e suggest to consume at least 8 second.
E&am0leE bcry0t
The out0ut o! bcr$pt (Lhash) is a string o! $B bytes

.ow to ,eri!y a 0assword
To check i! a 0assword is ,alid against an hash ,alue

we can use the methodE
Bcr$pt99)eri3$.1password, 1as0
where 1password is the ,alue to check and 1as is
the hash ,alue generated by bcry0t
This method returns true i! the 0assword is ,alid and

!alse otherwise
*ecure random
numbers in #+#
-.- ,s. randomness
.ow generate a 0seudo3random ,alue in -.-R
Kot good !or cry0togra0hy 0ur0oseE
rand()
mtMrand()
4ood !or cry0togra0hy (-.- >.:*)E
o0ensslMrandomM0seudoMbytes()
rand() is not so random E(
rand() o! -.- on 6indows -seudo3random bits
ourceE random.org
1andom Kumber 4enerator in ZF8
6e re!actored the random number generator in ZF8 to

use (in order)E
80 openssl:random:pseudo:b$tes.0
20 mcr$pt:create:i).0, wit /&;Y#<:(E%:5;A=(O/
>0 mt:rand.0, not used 3or cr$ptograp$!
50enL 0ro,ides secure random numbers
;cry0t with )de,)urandom 0ro,ides good security
mtMrand() is not secure !or cry0to 0ur0oses

1andom number in ZendC;ath
6e 0ro,ides a cou0le o! methods !or 1K4E
ZendC;athC;athEErandB$tes(Llength( Lstrong T !alse)
ZendC;athC;athEErand(Lmin( Lma&( Lstrong T !alse)
randB$tes.0 generates $length random bytes
rand.0 generates a random number between Lmin and Lma&
/! 1strong ??? true( the !unctions use only 50enL or ;cry0t

(i! -.- doesnUt su00ort these e&tensions throw an E&ce0tion)
ome re!erences
Colin -erci,al( Stronger Key Derivation via Sequential Memory-Har

!unctions( 0resented at A=CanUB#( ;ay 8BB# (link)
T. ;yer( ;. outhwell( "ro "H" Security# !rom $pplication Security

"rinciples to the Implementation of %SS Defenses( %0ress( 8 edition(
8B"B
-. Kiels( T. +. utton( $ !uture-$apta&le "asswor Scheme'

-roceedings o! 2EK/7 %nnual Technical Con!erence( "### (link)
Chris hi!lett( Essential "H" Security( $ )uie to *uiling Secure

+e& $pplications( 5U1eilly ;edia( 8BB>
Enrico Zimuel( ,ryptography mae easy using -en !ramewor. /'

Zend 6ebinar( 8B"8 (,ideo 3 slides)
Enrico Zimuel( ,ryptography in "H"( How to protect sensitive ata

in "H" using cryptography' 6eb V -.- ;agazine. /ssue 8)8B"8 (link)
Thank youO
/ore in3ormation
ttp9@@3ramewor,ABendAcom
*end an email to enricoCBendAcom
I;& cannels .3reenode0
DB3tal,, DB3tal,Ade)

Building Secure App Using ZF2

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Building Secure App Using ZF2

Uploaded by

Copyright:

Available Formats

All rights reserved. Zend Technologies, Inc.

Building secure web

Zend"Autentication 0ro,ides %-/ !or authentication

The com0onent 0ro,ides a lightweight and !le&ible

a resource is an ob9ect to which access is

a role is an ob9ect that may re?uest access

-ro,ides a lightweight 1ole3Aased %ccess Control

1A%C di!!ers !rom access control lists (%CL) by

an identit$ has one or more roles

a role re?uests access to a 0ermission

a permission is gi,en to a role

The ZendCFilter com0onent 0ro,ides a set o!

1ememberE IFilter the in0ut( alwaysJ

The ZendCDalidator com0onent 0ro,ides a set o!

% ,alidator e&amines its in0ut with res0ect to some

=bC1ecordE&ists and Ko1ecordE&ists

The ZendC/n0utFilter com0onent can be used to

1ememberE IFilter the in0ut( alwaysJ

Esca0e the out0ut( multi0le !ormatsE

1ememberE IEsca0e the out0ut( alwaysJ

C%-TC.% stands !or ICom0letely %utomated

% ca0tcha is used to 0re,ent s0am submissions

Cry0togra0hy is hard( and the im0lementation is

-.- o!!ers some cry0to 0rimiti,es but you need some

This can res0resent a barrier that discouraged most

Zend"&r$pt wants to hel0 -.- de,elo0ers to use strong

/n -.- we ha,e built3in !unctions and e&tensions !or

.ash (by de!ault in -.- >.".8)

;hash (emulated by .ash !rom -.- >.:)

Zend"&r$pt"Bloc,&iper can be used to encry0t)decry0t

-ro,ides encr$ption - autentication .+/A&0

/t uses the /cr$pt ada0ter (ZendCCry0tCymmetricC;cry0t)

=e!ault ,alues used by Bloc,&iperE

%E algorithm (key o! 8>$ bits)

CAC mode * .;%C (.%38>$)

-PC@ 0adding mode (1FC >$>8)

-AP=F8 to generate encry0tion key *

1andom /D !or each encry0tion

.ow do you sa!ely store a 0asswordR

5ld school (insecure)E

Kew school (secure)E

=ictionary)brute !orce attacks more e!!icient

4#53accelerated 0assword hashE

bcr$pt uses Alow!ish ci0her * iterations to generate

bcr$pt is secure against brute !orce attacks because is

The algorithm needs a salt ,alue and a work !actor

6e used the cr$pt.0 !unction o! -.- to im0lement the

The cost is an integer ,alue !rom < to :"

The de!ault ,alue !or ZendCCry0tC-asswordCAcry0t is "<

The cost ,alue de0ends on the C-2 s0eed( check on your

The out0ut o! bcr$pt (Lhash) is a string o! $B bytes

To check i! a 0assword is ,alid against an hash ,alue

This method returns true i! the 0assword is ,alid and

.ow generate a 0seudo3random ,alue in -.-R

Kot good !or cry0togra0hy 0ur0oseE

4ood !or cry0togra0hy (-.- >.:*)E

6e re!actored the random number generator in ZF8 to

50enL 0ro,ides secure random numbers

;cry0t with )de,)urandom 0ro,ides good security

mtMrand() is not secure !or cry0to 0ur0oses

6e 0ro,ides a cou0le o! methods !or 1K4E

ZendC;athC;athEErandB$tes(Llength( Lstrong T !alse)

ZendC;athC;athEErand(Lmin( Lma&( Lstrong T !alse)

randB$tes.0 generates $length random bytes