Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition

Summary

Our discussion of how to make sure that your PHP scripts are as secure as they can be will extend throughout Part 2.

We began here in Chapter 2 with a consideration of what is possibly the most basic threat to the safety of your users' data, input abuse. Such abuse might take a variety of forms:

Input of metacharacters
Input of the wrong type
Input of the wrong length
Input containing unexpected commands
Entry of data into hidden interfaces

We turned next to strategies for validating users' input:

You should control the behavior of PHP itself by turning off global variables and declaring variables.
You should anticipate expected input, and allow only what meets your expectations.
You should check the type, length, and format of all ...

Get Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition by Chris Snyder, Michael Southwell, Thomas Myer

Summary

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly