PHP Application and Website Defense

sseq-lib (PHP security) + Examples

What is sseq-lib? A simple but mighty PHP security library.

Mainly meant for private and semi-professional developers who need some help in securing small php applications against some of the top-10 attacks on web software.

Security increase to avoid:

* XSS (Cross Site Scripting)
* SQL-Injection
* CSRF (Cross Site Request Forgery)
* Session-Fixation
* Mail-Header-Injection
* File-Injection
* HTTP-Header-Manipulation
* Response-Splitting
* Informative error messages

Installation

Copy the whole directory "sseq-lib" into the document root of the web server. Open the file "seq_lib.php" and set the parameter "$_SEQ_BASEDIR" to the current directory.

Example:

• If you copied sseq-lib into the server root: set "$_SEQ_BASEDIR" in seq_lib.php to:
  $_SEQ_BASEDIR = $_SERVER['DOCUMENT_ROOT'] . '/sseq-lib/';
• If you copied the sseq-lib directory into another directory (your applications directory): set "$_SEQ_BASEDIR" in seq_lib.php to this directory:
  $_SEQ_BASEDIR = $_SERVER['DOCUMENT_ROOT'] . '/your-directory/sseq-lib/';

Do not forget to close with a slash! (/)

Usage

Modify a PHP script for the URL to be secured to include the file "seq_lib.php":

Example:

• If you copied sseq-lib into the server root:
  include_once('sseq-lib/seq_lib.php');
• If you copied the sseq-lib directory into another directory (your applications directory):
  include_once('/your-directory/seq_lib.php');

Configuration instructions (Oh dear, it's all German! Shame on me!) :o(

SSEQ-LIB: Konfiguration

Examples - how to use SSEQ-LIB (Oh boy, it's German too but it's the code that counts!)

Gegen Cross-Site-Request-Forgery absichern (Secure against Cross-Site-Request-Forgery)
Datenbankabfragen gegen SQL-Injection sichern (Secure against SQL-Injection)
Ausgaben gegen Cross-Site-Scripting sichern (Secure against Cross-Site-Scripting)
Gegen Cross-Site-Request-Forgery absichern