Press Release


Print. Print

Email. Email press release link

November 17, 2005

Essential PHP Security: A Guide to Building Secure Web Applications

Sebastopol, CA--With PHP's transition from a set of tools for personal home page development to the world's most popular web programming language, PHP developers have acquired some new concerns, such as performance, maintainability, scalability, reliability, and--perhaps most important--security. "Traditionally, security has been a topic of concern for network, database, and systems engineers," says Chris Shiflett, author of the new book Essential PHP Security (O'Reilly, US $29.95). "Over time, there has been a shift in focus up the protocol stack, and web developers now find themselves primarily responsible for the security of critical applications."

As Shiflett explains, unlike language features such as conditional expressions and looping constructs, security is abstract. He says that it is not so much a characteristic of a language as it is a characteristic of a developer: no language can prevent insecure code, although there are language features that can aid or hinder a security conscious developer. His book teaches developers how to write secure PHP code, however, the topics and techniques can easily apply to all web development technologies.

Andi Gutmans, PHP architect and co-founder of Zend Technologies, writes in his foreword to the book that security is crucial for PHP. "Recently, there have been numerous security alerts around PHP. But, in fact, the majority of them are not a result of flaws in PHP itself, but are due to improper and insecure uses of PHP by applications developers." says Gutmans. He says that, unlike in the Java or .NET space, the PHP community releases dozens of PHP applications to the open source community, such as content management systems, e-commerce systems, and forums. When security bugs appear in those applications, they are often confused with the PHP technology itself, hurting the perception of PHP in the marketplace.

It's no easy task to ensure that all PHP developers are up-to-speed with security practices, a task exacerbated by lack of materials dedicated to the subject and no simple rules for dos and don'ts. But there is hope, as Gutmans points out: "Chris Shiflett, the author of this book, has dedicated his career to improving PHP application level-security. With Essential PHP Security Chris brings long-needed security guidelines to PHP developers everywhere."

This much needed, much requested book explains the most common types of attacks and how to write code that can withstand them. Each chapter in the book covers an aspect of web application (such as form processing, database programming, session management, and authentication). The chapters provide examples of potential attacks and then explain techniques to prevent those attacks. Topics covered include:

  • Preventing cross-site scripting (XSS) vulnerabilities
  • Protecting against SQL injection attacks
  • Complicating session hijacking attempts
  • Given the growing frequency of attacks on web sites, it's more critical than ever to know how to write code that isn't susceptible. This focused book offers developers a deeper understanding and appreciation of the safeguards they can put in place.

    Additional Resources:

    Essential PHP Security
    Chris Shiflett
    ISBN: 0-596-00656-X, 109 pages, $29.95 US
    order@oreilly.com
    1-800-998-9938; 1-707-827-7000

    About O'Reilly

    O'Reilly Media spreads the knowledge of innovators through its books, online services, magazines, and conferences. Since 1978, O'Reilly Media has been a chronicler and catalyst of cutting-edge development, homing in on the technology trends that really matter and spurring their adoption by amplifying "faint signals" from the alpha geeks who are creating the future. An active participant in the technology community, the company has a long history of advocacy, meme-making, and evangelism.

    Return to: O'Reilly Press Room

    Recent Press Releases


    2/26/14 Solid Heralds the Merging of the Physical and Virtual Worlds
    2/4/14 O'Reilly Media & Safari Books Online Donate Over $100 Million in Technology Education Resources to US K-12 Schools
    12/3/13 Windows 8.1: The Missing Manual--New from O'Reilly Media
    11/20/13 iPad: The Missing Manual, 6th Edition--New from O'Reilly
    11/7/13 Designing for Behavior Change--New from O'Reilly

    Press Release Archive »

    Resources

    Press Contacts

    Corporate

    Sara Winge
    800/998-9938 x7109

    Media Relations - North America

    Sara Peyton
    800/998-9938 x7118

    Media Relations - Germany

    Corina Pahrmann
    +49-221-973160-22

    Media Relations - Japan

    Kenji Watari
    +81-3-3356-5227

    Media Relations - United Kingdom

    Josette Garcia
    +44 (0)1252-721284

    Media Relations - Conferences

    Maureen Jennings
    800/998-9938 x7083