sseq-lib (PHP security) + Examples

What is sseq-lib? A simple but mighty PHP security library.

Mainly meant for private and semi-professional developers who need some help in securing small php applications against some of the top-10 attacks on web software.

Security increase to avoid:

* XSS (Cross Site Scripting)
* SQL-Injection
* CSRF (Cross Site Request Forgery)
* Session-Fixation
* Mail-Header-Injection
* File-Injection
* HTTP-Header-Manipulation
* Response-Splitting
* Informative error messages

Installation

Copy the whole directory „sseq-lib“ into the document root of the web server.
Open the file „seq_lib.php“ and set the parameter „$_SEQ_BASEDIR“ to the current directory.

Example:

  • If you copied sseq-lib into the server root:
    set „$_SEQ_BASEDIR“ in seq_lib.php to:
    $_SEQ_BASEDIR = $_SERVER[‚DOCUMENT_ROOT‘] . ‚/sseq-lib/‘;
  • If you copied the sseq-lib directory into another directory (your
    applications directory):
    set „$_SEQ_BASEDIR“ in seq_lib.php to this directory:
    $_SEQ_BASEDIR = $_SERVER[‚DOCUMENT_ROOT‘] . ‚/your-directory/sseq-lib/‘;

Do not forget to close with a slash! (/)

Usage

Modify a PHP script for the URL to be secured to include the file „seq_lib.php“:

Example:

  • If you copied sseq-lib into the server root:
    include_once(’sseq-lib/seq_lib.php‘);
  • If you copied the sseq-lib directory into another directory (your
    applications directory):
    include_once(‚/your-directory/seq_lib.php‘);

Configuration instructions (Oh dear, it’s all German! Shame on me!) :o(

SSEQ-LIB: Konfiguration


Examples – how to use SSEQ-LIB (Oh boy, it’s German too but it’s the code that counts!)

Gegen Cross-Site-Request-Forgery absichern (Secure against Cross-Site-Request-Forgery)
Datenbankabfragen gegen SQL-Injection sichern (Secure against SQL-Injection)
Ausgaben gegen Cross-Site-Scripting sichern (Secure against Cross-Site-Scripting)
Gegen Cross-Site-Request-Forgery absichern