Security for developers/pt

Category:Development guidelines/pt
Apresentação pelo "Engenheiro de Segurança" da Fundação Wikimédia, Chris Steifrom de WMF Tech Days 2012

Como um programador do MediaWiki, você tem a responsabilidade de escrever código seguro num estilo que seja fácil de rever e auditar. Este artigo concentra-se nas questões relacionadas com a segurança e nas melhores práticas utilizadas pelos programadores do MediaWiki para resolver estes problemas de segurança. For Para problemas com o estilo de código, por favro, leia as convenções de programação no MediaWiki.

Every MediaWiki developer should carefully read this article, regardless of their level of experience in web application development and with PHP, and periodically re-familiarise themselves with this material. Additionally, every developer should carefully read the articles on Cross-site scripting (XSS), Cross-site request forgery (CSRF), and Injeção de SQL, which each provide more detailed explanations of each of these common vulnerability types. The security checklist for developers provides a useful reference for common development tasks.

Porque a segurança é importante =

Web application security is a critical issue in the wired world. Websites with security vulnerabilities are a key part of the illicit global infrastructure of malware, spam and phishing. Bot herders crawl the web looking for websites with security vulnerabilities, and then use the vulnerabilities to hijack them. The hijacked website will distribute malware (viruses) to visitors, either via browser vulnerabilities or overtly by social engineering. The downloaded malware turns the client's computer into a "zombie" that is part of a global network of organised crime aimed at stealing bank account details, sending spam, and extorting money from websites with denial-of-service threats.

Segurança demonstrável

It's not enough to assure yourself that you are perfect and that your code has no security vulnerabilities. Everyone makes mistakes. All MediaWiki core code, and a good deal of MediaWiki extensions code, is reviewed by experienced developers to verify its security. This is a good practice and should be encouraged.

Write code in such a way that it is demonstrably secure, such that a reviewer can more easily tell that it's secure. Don't write code that looks suspicious but is, on careful examination, secure. Such code causes unnecessary reviewer anxiety.

Sinopse das vulnerabilidades de segurança e ataques

This document has a strong focus on the following attacks and security risks. Each MediaWiki developer should be familiar with these issues and have at least a passing understanding of them.

Scripting entre sites (XSS)

For detailed information on avoiding XSS vulnerabilities in MediaWiki, read the Cross-site scripting article. Cross-site scripting (XSS) vulnerabilities allow an attacker to inject malicious code into a website. XSS vulnerabilities are caused by a web application not properly escaping data from external sources (such as GET data, POST data, RSS feeds or URLs). The range of attacks that can be made via XSS are very diverse, ranging from harmless pranks to the hijacking of an authenticated user's account.

Primary defenses: To avoid XSS attacks, the basic principles are:

  • Validate your input
  • Escape your output

You can skip validation, but you can never skip escaping.

Escape everything. Escape as close to the output as possible, so that the reviewer can easily verify that it was done.

Note that output encoding (escaping) is context sensitive.

So be aware of the intended output context and encode appropriately (e.g. HTML entity, URL, JavaScript, etc.)

The OWASP Abridged XSS Prevention Cheat Sheet is a useful and up to date quick reference guide for mitigating XSS issues.

If you are writing JavaScript, please ensure that you understand DOM-based XSS, and how to prevent it in your code.

Falsificação de pedido entre sites (CSRF)

"Para informação detalhada sobre como evitar as vulnerabilidades de CSRF no MediaWiki, leia o artigo Cross-site request forgery ." Cross-site request forgery (CSRF or XSRF) attacks use authentication credentials cached in a victim's browser (such as a cookie or cached username and password) to authorise malicious HTTP requests. The malicious HTTP request can be sent in many ways. As long as the requests are processed by a web browser that has cached authentication credentials, a CSRF attack can be attempted.

Primary defenses: Our primary defense mechanism against CSRF attacks is to add edit tokens to HTML forms.

Injeção de SQL

For detailed information on avoiding SQL injection, read the SQL injection article.

SQL injection relies on poorly validated input being used in a database query, possibly allowing an attacker to run arbitrary SQL queries on your server.

The attacker may then be able to fetch private data, destroy data or cause other unintended responses. In the worst case, the injected code could allow the attacker to gain full control of the system by exploiting multiple vulnerabilities in the database server, system utilities and operating system.

Defesas primárias: A defesa primária contra a injeção de SQL é utilizar as funções da base de dados integrada no MediaWiki. Evite utilizar as consultas de SQL diretas a todos os custos.

serialize() / unserialize()

unserialize() pode levar à execução arbitrária do código. Para evitar isto, os programadores do MediaWiki devem utilizar sempre JSON em vez da serialização do PHP no novo código.

Defesas primárias: Utilize FormatJson::encode() e FormatJson::decode(), em vez da serialização nativa do PHP.

Histórico

Consultar também

Subpáginas

    Category:Development guidelines/pt#Security%20for%20developers/pt Category:Security/pt
    Category:Development guidelines/pt Category:Security/pt