Useful Books and Software
|
Related Apache Books |
|
|
 |
| |
|
|
| |
 |
| |
 |
|
4.0 of 5.0 |
|
|
Essential PHP Security |
| Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks. Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book. In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks. Topics covered include: - Preventing cross-site scripting (XSS) vulnerabilities
- Protecting against SQL injection attacks
- Complicating session hijacking attempts
You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.
|
|
|
Publisher:
O'Reilly Media, Inc.
Author:
Chris Shiflett
Release Date: 2005-10-13
ISBN/EAN: 059600656X / 9780596006563
New Price: $15.92 /
Used Price: $12.12 /
Collectible Price: n.a.
Buy
it Now!
Average Rating: 4.0
Number of
Reviews: 15 |
| |
|
|
| Opened my eyes! | Rating: | While smaller than many O'Reilly titles the author wastes no time in helping the new PHP programmer write more secure code. Once you get the best practices in the first chapter down, the other seven chapters each deal with a specific class of vulnerability. You can read chapters 2-8 in any order, and you'll also spend some time with the appendices.
I confess, this book made me want to go back over my code and refactor it from the ground up! Chris gives really easy ways to prevent the more common attacks. A day to a day and a half to read this book and then build your habit library will take you far in building more secure PHP code. | | Total Votes: 2, Helpful Votes: 1, Date: 2007-11-16 | | | | Overpriced | Rating:  | Of the 103 pages in the book there are probably only 13 of unique information and 90 pages of saying the same exact thing over and over again. Worse yet, I found the author had already released the 13 pages of useful information online for free.
Definitely wish I had browsed this one in a store before I blew $30.
| | Total Votes: 4, Helpful Votes: 1, Date: 2007-01-03 | | | | Alright - not very meaty though | Rating:  | Alright - not very meaty. Overall I'm glad I read it though, as I picked up some useful nuggets.
==========
Update 2006-12-30 - I'd like to bump this up to four stars. The book came in handy today - I used some code in it regarding session variables. | | Total Votes: 4, Helpful Votes: 2, Date: 2006-12-26 | | | | PHP Security is a HUGE topic | Rating:  | This book is essential for anyone starting out in PHP, but not only for them. It offers tips for almost any skill level, maybe you know some of the ways to keep your site secure but Chris really goes in depth on some of them.
The code snippets are short, simple, but convey the point exactly as intended... and I also like Chris's method for validating tainted data, similar to a fisherman. If the fish is bad throw it back and the same goes for user input.
I still have this book for reference and have lent it to a few people which resulted in them picking their own copies... all around a great resource. | | Total Votes: 6, Helpful Votes: 3, Date: 2006-09-27 | | | | VERY VERY HIGHLY RECOMMENDED!! | Rating: | Are you a developer who is writing insecure PHP code? If you are, then this book is for you! Author Chris Shiflett, has done an outstanding job of writing a practical book that will help you improve your PHP application-level security.
Shiflett, begins by giving an overview of security principles and best practices. Then, the author covers form processing and attacks such as cross-site scripting and cross-site request forgeries. He continues by focusing on using databases and attacks such as SQL injection. Then, the author explains PHP's session support and shows you how to protect your applications from attacks such as session fixation and session hijacking. Then, he covers the risks associated with the use of includes, such as backdoor URLs and code injection. Next, the author discusses attacks such as filesystem traversal and command injection. Then, he shows you how to create secure authentication and authorization mechanisms and how to protect your applications from things like brute force attacks and replay attacks. Finally, the author explains the inherent risks associated with a shared hosting environment.
This most excellent book brings long-needed security guidelines to PHP developers everywhere. More importantly, the content of this book will be an asset to your development teams.
| | Total Votes: 5, Helpful Votes: 2, Date: 2006-06-12 | | | | Opened my eyes! | Rating: | While smaller than many O'Reilly titles the author wastes no time in helping the new PHP programmer write more secure code. Once you get the best practices in the first chapter down, the other seven chapters each deal with a specific class of vulnerability. You can read chapters 2-8 in any order, and you'll also spend some time with the appendices.
I confess, this book made me want to go back over my code and refactor it from the ground up! Chris gives really easy ways to prevent the more common attacks. A day to a day and a half to read this book and then build your habit library will take you far in building more secure PHP code. | | Total Votes: 2, Helpful Votes: 1, Date: 2007-11-16 | | | | Overpriced | Rating: | Of the 103 pages in the book there are probably only 13 of unique information and 90 pages of saying the same exact thing over and over again. Worse yet, I found the author had already released the 13 pages of useful information online for free.
Definitely wish I had browsed this one in a store before I blew $30.
| | Total Votes: 4, Helpful Votes: 1, Date: 2007-01-03 | | | | Alright - not very meaty though | Rating: | Alright - not very meaty. Overall I'm glad I read it though, as I picked up some useful nuggets.
==========
Update 2006-12-30 - I'd like to bump this up to four stars. The book came in handy today - I used some code in it regarding session variables. | | Total Votes: 4, Helpful Votes: 2, Date: 2006-12-26 | | | | PHP Security is a HUGE topic | Rating: | This book is essential for anyone starting out in PHP, but not only for them. It offers tips for almost any skill level, maybe you know some of the ways to keep your site secure but Chris really goes in depth on some of them.
The code snippets are short, simple, but convey the point exactly as intended... and I also like Chris's method for validating tainted data, similar to a fisherman. If the fish is bad throw it back and the same goes for user input.
I still have this book for reference and have lent it to a few people which resulted in them picking their own copies... all around a great resource. | | Total Votes: 6, Helpful Votes: 3, Date: 2006-09-27 | | | | VERY VERY HIGHLY RECOMMENDED!! | Rating: | Are you a developer who is writing insecure PHP code? If you are, then this book is for you! Author Chris Shiflett, has done an outstanding job of writing a practical book that will help you improve your PHP application-level security.
Shiflett, begins by giving an overview of security principles and best practices. Then, the author covers form processing and attacks such as cross-site scripting and cross-site request forgeries. He continues by focusing on using databases and attacks such as SQL injection. Then, the author explains PHP's session support and shows you how to protect your applications from attacks such as session fixation and session hijacking. Then, he covers the risks associated with the use of includes, such as backdoor URLs and code injection. Next, the author discusses attacks such as filesystem traversal and command injection. Then, he shows you how to create secure authentication and authorization mechanisms and how to protect your applications from things like brute force attacks and replay attacks. Finally, the author explains the inherent risks associated with a shared hosting environment.
This most excellent book brings long-needed security guidelines to PHP developers everywhere. More importantly, the content of this book will be an asset to your development teams.
| | Total Votes: 5, Helpful Votes: 2, Date: 2006-06-12 | | | | Opened my eyes! | Rating: | While smaller than many O'Reilly titles the author wastes no time in helping the new PHP programmer write more secure code. Once you get the best practices in the first chapter down, the other seven chapters each deal with a specific class of vulnerability. You can read chapters 2-8 in any order, and you'll also spend some time with the appendices.
I confess, this book made me want to go back over my code and refactor it from the ground up! Chris gives really easy ways to prevent the more common attacks. A day to a day and a half to read this book and then build your habit library will take you far in building more secure PHP code. | | Total Votes: 2, Helpful Votes: 1, Date: 2007-11-16 | | | | Overpriced | Rating: | Of the 103 pages in the book there are probably only 13 of unique information and 90 pages of saying the same exact thing over and over again. Worse yet, I found the author had already released the 13 pages of useful information online for free.
Definitely wish I had browsed this one in a store before I blew $30.
| | Total Votes: 4, Helpful Votes: 1, Date: 2007-01-03 | | | | Alright - not very meaty though | Rating: | Alright - not very meaty. Overall I'm glad I read it though, as I picked up some useful nuggets.
==========
Update 2006-12-30 - I'd like to bump this up to four stars. The book came in handy today - I used some code in it regarding session variables. | | Total Votes: 4, Helpful Votes: 2, Date: 2006-12-26 | | | | PHP Security is a HUGE topic | Rating: | This book is essential for anyone starting out in PHP, but not only for them. It offers tips for almost any skill level, maybe you know some of the ways to keep your site secure but Chris really goes in depth on some of them.
The code snippets are short, simple, but convey the point exactly as intended... and I also like Chris's method for validating tainted data, similar to a fisherman. If the fish is bad throw it back and the same goes for user input.
I still have this book for reference and have lent it to a few people which resulted in them picking their own copies... all around a great resource. | | Total Votes: 6, Helpful Votes: 3, Date: 2006-09-27 | | | | VERY VERY HIGHLY RECOMMENDED!! | Rating: | Are you a developer who is writing insecure PHP code? If you are, then this book is for you! Author Chris Shiflett, has done an outstanding job of writing a practical book that will help you improve your PHP application-level security.
Shiflett, begins by giving an overview of security principles and best practices. Then, the author covers form processing and attacks such as cross-site scripting and cross-site request forgeries. He continues by focusing on using databases and attacks such as SQL injection. Then, the author explains PHP's session support and shows you how to protect your applications from attacks such as session fixation and session hijacking. Then, he covers the risks associated with the use of includes, such as backdoor URLs and code injection. Next, the author discusses attacks such as filesystem traversal and command injection. Then, he shows you how to create secure authentication and authorization mechanisms and how to protect your applications from things like brute force attacks and replay attacks. Finally, the author explains the inherent risks associated with a shared hosting environment.
This most excellent book brings long-needed security guidelines to PHP developers everywhere. More importantly, the content of this book will be an asset to your development teams.
| | Total Votes: 5, Helpful Votes: 2, Date: 2006-06-12 | | |
|
|
|
|
| |
|
|
|
|
|
