Essential PHP Security | O'Reilly Media

Tell a friend

Essential PHP Security By Chris Shiflett
October 2005
Pages: 124

| Table of Contents | Index | Sample Chapter | Colophon

Chapter 1 Introduction
1. PHP Features
2. Principles
3. Practices
Chapter 2 Forms and URLs
1. Forms and Data
2. Semantic URL Attacks
3. File Upload Attacks
4. Cross-Site Scripting
5. Cross-Site Request Forgeries
6. Spoofed Form Submissions
7. Spoofed HTTP Requests
Chapter 3 Databases and SQL
1. Exposed Access Credentials
2. SQL Injection
3. Exposed Data
Chapter 4 Sessions and Cookies
1. Cookie Theft
2. Exposed Session Data
3. Session Fixation
4. Session Hijacking
Chapter 5 Includes
1. Exposed Source Code
2. Backdoor URLs
3. Filename Manipulation
4. Code Injection
Chapter 6 Files and Commands
1. Traversing the Filesystem
2. Remote File Risks
3. Command Injection
Chapter 7 Authentication and Authorization
1. Brute Force Attacks
2. Password Sniffing
3. Replay Attacks
4. Persistent Logins
Chapter 8 Shared Hosting
1. Exposed Source Code
2. Exposed Session Data
3. Session Injection
4. Filesystem Browsing
5. Safe Mode

Appendix A Configuration Directives
1. allow_url_fopen
2. disable_functions
3. display_errors
4. enable_dl
5. error_reporting
6. file_uploads
7. log_errors
8. magic_quotes_gpc
9. memory_limit
10. open_basedir
11. register_globals
12. safe_mode
Appendix B Functions
1. eval()
2. exec()
3. file()
4. file_get_contents()
5. fopen()
6. include
7. passthru()
8. phpinfo()
9. popen()
10. preg_replace()
11. proc_open()
12. readfile()
13. require
14. shell_exec()
15. system()
Appendix C Cryptography
1. Storing Passwords
2. Using mcrypt
3. Storing Credit Card Numbers
4. Encrypting Session Data
About the Author
Colophon

Return to Essential PHP Security

Table of Contents

Chapter 1 Introduction

PHP Features

Principles

Practices

Chapter 2 Forms and URLs

Forms and Data

Semantic URL Attacks

File Upload Attacks

Cross-Site Scripting

Cross-Site Request Forgeries

Spoofed Form Submissions

Spoofed HTTP Requests

Chapter 3 Databases and SQL

Exposed Access Credentials

SQL Injection

Exposed Data

Chapter 4 Sessions and Cookies

Cookie Theft

Exposed Session Data

Session Fixation

Session Hijacking

Chapter 5 Includes

Exposed Source Code

Backdoor URLs

Filename Manipulation

Code Injection

Chapter 6 Files and Commands

Traversing the Filesystem

Remote File Risks

Command Injection

Chapter 7 Authentication and Authorization

Brute Force Attacks

Password Sniffing

Replay Attacks

Persistent Logins

Chapter 8 Shared Hosting

Exposed Source Code

Exposed Session Data

Session Injection

Filesystem Browsing

Safe Mode

Appendix A Configuration Directives

allow_url_fopen

disable_functions

display_errors

enable_dl

error_reporting

file_uploads

log_errors

magic_quotes_gpc

memory_limit

open_basedir

register_globals

safe_mode

Appendix B Functions

eval()

exec()

file()

file_get_contents()

fopen()

include

passthru()

phpinfo()

popen()

preg_replace()

proc_open()

readfile()

require

shell_exec()

system()

Appendix C Cryptography

Storing Passwords

Using mcrypt

Storing Credit Card Numbers

Encrypting Session Data

About the Author

Colophon