Essential PHP Security
A Guide to Building Secure Web Applications
By Chris Shiflett
October 2005
Pages: 124
ISBN 10: 0-596-00656-X |
ISBN 13: 9780596006563
(4) (Average of 3 Customer Reviews)
The PHP scripting language works beautifully with other open source tools, such as the MySQL database and Apache web server software, to build interactive web applications. But security is still an issue that developers need to address, given the frequency of attacks on web sites. Essential PHP Security explains the types of attacks that hackers use on web sites and how to correctly configure Apache and PHP to guard against them. The author of Essential PHP Security, Chris Shiflett, is an internationally recognized expert in the field of PHP security and this book shows developers how to guard against attacks by writing secure PHP code.
Full Description
Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.
In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.
Topics covered include:
- Preventing cross-site scripting (XSS) vulnerabilities
- Protecting against SQL injection attacks
- Complicating session hijacking attempts
You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.
Featured customer reviews
Chilling book, July 26 2008
I'm no newbie to computer security, but sometimes I feel like reading a good book about security instead of surfing the web for bits and pieces of security-related articles. And this had good reviews, so...
The book started off with the basic stuff: Don't trust input, always escape output, etc. Very basic. In fact I wondered if this book was a little too basic.
And then, with each progressive chapter, my attitude slowly changed from "yeah, yeah", to "hmmmm", to "oops".
It's not only because the author mercilessly brings up exploit after exploit, saying "did you think about this? and how about this, did you think about that?"; it's also because he explains why it's important, how to exploit it, and what people can do to your site if you didn't think about that.
Now, I'll go back to my PHP code and rewrite, oh, one or two classes. Or more.
Very good introduction!, October 28 2007
While smaller than many O'Reilly titles the author wastes no time in helping the new PHP programmer write more secure code. Once you get the best practices in the first chapter down, the other seven chapters each deal with a specific class of vulnerability. You can read chapters 2-8 in any order, and you'll spend some time with the appendices too.
I confess, this book made me want to go back over my code and refactor it from the ground up! Chris gives really easy ways to prevent the more common attacks any internet site faces. A day to a day and a half to read this book and then build your habit library will take you far in building more secure PHP code.
Change Your Outlook on Security, June 27 2006
Chris Shiflett recently visited our local PHP Users Group, and after the meeting, I was inspired to buy his book in preparation for a big PHP project.
Without a doubt this has changed how I view security. Before, I was aware of potential holes; I knew what SQL injection was. After reading this book, though, I feel like I have a true grasp on what I have to do to make my code secure.
In fact, I even see the difference when I look at my old code. I see potential problems.
After reading this book, some might say that Chris teaches you to be paranoid, but I would argue that he teaches you to be thorough.
I highly recommend this book for anyone with a little PHP experience.
Media reviews
"This little book is an excellent way to learn about the security pitfalls one may encounter, and defend against, when writing Web scripts in any language. By following all of Shiflett’s recommendations, you would avoid most, if not all, security vulnerabilities in PHP. If you use PHP, I highly recommend that you get this book, read it, and adhere to the suggestions found within it."
-- Rik Farrow, ;login:
"...covers all of the major areas of security and presents you with techniques for blocking (or at least minimizing the effects of) an attack against your code. A must-have book for any PHP programmer."
-- Stephen Chapman, Fellgall.com
"The book is undoubtedly intended for PHP programmers. At this time, I have no intentions of taking up the sport. However, as a site administrator, I find the book very useful for the security of the site as a whole, and allows me to constrain those who might endanger the site, and otherwise to vet clients' code."
-- Roger Walker, Edmonton Linux User Group
"If anyone is well-suited to writing such a work, it is Chris Shiflett, a well-known authority on PHP security, a respected contributor to the PHP community, founder and spokesman of the PHP Security Consortium, and founder and President of Brain Bulb, a PHP consulting firm… any PHP developer would be wise to begin with this book as a first step towards PHP security mastery…"
----Michael J. Ross, Web Developer, Slashdot. org, February 2006
Read all reviews
©2009, O'Reilly Media, Inc. (707) 827-7000 / (800) 998-9938 All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. |
About O'Reilly
Academic Solutions Authors Contacts Customer Service Jobs Newsletters O'Reilly Labs Press Room Privacy Policy RSS Feeds Terms of Service User Groups Writing for O'Reilly Content Archive Business Technology Computer Technology Microsoft Mobile Network Operating System Digital Photography Programming Software Web Web Design |
More O'Reilly Sites
O'Reilly Radar Ignite Tools of Change for Publishing Digital Media Inside iPhone O'Reilly FYI makezine.com craftzine.com hackszine.com perl.com xml.com Partner Sites InsideRIA java.net O'Reilly Insights on Forbes.com |
More Technology News Ars Technica BBC News - Technology CNET News - Technology Guardian - Technology News Mashable ReadWriteWeb Slashdot TechCrunch Technology Review The New York Times - Technology The Washington Post - Technology Wired News |