CGI & PHP Enhance your site with CGi, PHP and ASP scripts

  Subscribe via RSS

  Follow @XavierMedia
«
»

Essential PHP Security

April 23rd, 2010 by CGI & PHP.com

Product Description
Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks. Security is an issue that demands attention, g… More >>

Essential PHP Security

Popularity: 7% [?]


Subscribe to new posts from this blog
You may also be interested in...
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses
Pro PHP Security
The Essential Guide to Dreamweaver CS4 with CSS, Ajax, and PHP
Perl Scripting for Windows Security: Live Response, Forensic Analysis, and Monitoring
Securing PHP Web Applications
The PHP Programming with MySQL

This entry was posted on Friday, April 23rd, 2010 at 5:16 pm and is filed under PHP Books. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

5 Responses to “Essential PHP Security”

  1. Nate Klaiber Says:
    April 23rd, 2010 at 6:50 pm

    As a very security conscious developer, I found this book to be a GREAT resource to my library. Though the book is short in length, it is very rich in content. Chris does a GREAT job of presenting the problem (citing specific examples of the exploits), showing the pitfalls, and then presenting the solutions.

    He is very thorough in his descriptions, and his easy to understand writing and use of analogies made this a very simple concept to grasp. If you are a seasoned PHP developer, or just beginning programming PHP – his writing style helps you to understand the underlying attack, visuals to see it in action, and how to prevent being attacked – it is very simple, yet deep.

    Reading this book has helped me to see where my applications may fall short, and what I can do to protect them. Especially in the realm of PHP developers, there are MANY Open Source options out there, and many of them lack the security that is mentioned in the chapters of this book. Don't let yourself get caught!

    I recommend this book, and performing an audit of your own work. Excellent book!
    Rating: 5 / 5

  2. John R. Vacca Says:
    April 23rd, 2010 at 7:56 pm

    Are you a developer who is writing insecure PHP code? If you are, then this book is for you! Author Chris Shiflett, has done an outstanding job of writing a practical book that will help you improve your PHP application-level security.

    Shiflett, begins by giving an overview of security principles and best practices. Then, the author covers form processing and attacks such as cross-site scripting and cross-site request forgeries. He continues by focusing on using databases and attacks such as SQL injection. Then, the author explains PHP's session support and shows you how to protect your applications from attacks such as session fixation and session hijacking. Then, he covers the risks associated with the use of includes, such as backdoor URLs and code injection. Next, the author discusses attacks such as filesystem traversal and command injection. Then, he shows you how to create secure authentication and authorization mechanisms and how to protect your applications from things like brute force attacks and replay attacks. Finally, the author explains the inherent risks associated with a shared hosting environment.

    This most excellent book brings long-needed security guidelines to PHP developers everywhere. More importantly, the content of this book will be an asset to your development teams.

    Rating: 5 / 5

  3. jamesodo Says:
    April 23rd, 2010 at 8:48 pm

    This 120 page book could be condensed into one chapter. Most of the examples are just applying the same filter and escape your data to different function.

    This book should be read by new programmers. If you have been programming for any decent amount of time, you should already know everything in here.
    Rating: 3 / 5

  4. Brian E. Mcelaney Says:
    April 23rd, 2010 at 10:16 pm

    Of the 103 pages in the book there are probably only 13 of unique information and 90 pages of saying the same exact thing over and over again. Worse yet, I found the author had already released the 13 pages of useful information online for free.

    Definitely wish I had browsed this one in a store before I blew $30.

    Rating: 1 / 5

  5. Matthew Keefe Says:
    April 24th, 2010 at 12:41 am

    This book is essential for anyone starting out in PHP, but not only for them. It offers tips for almost any skill level, maybe you know some of the ways to keep your site secure but Chris really goes in depth on some of them.

    The code snippets are short, simple, but convey the point exactly as intended… and I also like Chris's method for validating tainted data, similar to a fisherman. If the fish is bad throw it back and the same goes for user input.

    I still have this book for reference and have lent it to a few people which resulted in them picking their own copies… all around a great resource.
    Rating: 5 / 5

Leave a Reply

Powered by WP Status.net plugin.

Fantastic web hosting at cheap prices
© Copyright 1996-2012 Xavier Media®. All rights reserved.
Contact us | Support/help | Privacy Policy | About Xavier Media
The World According to Xavier | Powered by Yahoo! Answers