Book description
Easy, Powerful Code Security Techniques for Every PHP Developer
Hackers specifically target PHP Web applications. Why? Because they know many of these apps are written by programmers with little or no experience or training in software security. Don’t be victimized. Securing PHP Web Applications will help you master the specific techniques, skills, and best practices you need to write rock-solid PHP code and harden the PHP software you’re already using.
Drawing on more than fifteen years of experience in Web development, security, and training, Tricia and William Ballad show how security flaws can find their way into PHP code, and they identify the most common security mistakes made by PHP developers. The authors present practical, specific solutions–techniques that are surprisingly easy to understand and use, no matter what level of PHP programming expertise you have.
Securing PHP Web Applications covers the most important aspects of PHP code security, from error handling and buffer overflows to input validation and filesystem access. The authors explode the myths that discourage PHP programmers from attempting to secure their code and teach you how to instinctively write more secure code without compromising your software’s performance or your own productivity.
Coverage includes
Designing secure applications from the very beginning–and plugging holes in applications you can’t rewrite from scratch
Defending against session hijacking, fixation, and poisoning attacks that PHP can’t resist on its own
Securing the servers your PHP code runs on, including specific guidance for Apache, MySQL, IIS/SQL Server, and more
Enforcing strict authentication and making the most of encryption
Preventing dangerous cross-site scripting (XSS) attacks
Systematically testing yourapplications for security, including detailed discussions of exploit testing and PHP test automation
Addressing known vulnerabilities in the third-party applications you’re already running
Tricia and William Ballad demystify PHP security by presenting realistic scenarios and code examples, practical checklists, detailed visuals, and more. Whether you write Web applications professionally or casually, or simply use someone else’s PHP scripts, you need this book–and you need it now, before the hackers find you!
Table of contents
- Title Page
- Copyright Page
- Contents
- Acknowledgements
- About the Authors
- Part I Web Development Is a Blood Sport—Don’t Wander onto the Field Without a Helmet
- Part II Is That Hole Really Big Enough to Drive a Truck Through?
- Part III What’s In a Name? More Than You Expect
- Part IV “Aw come on man, you can trust me”
- Part V Locking Up for the Night
- Part VI “Don’t Get Hacked” Is Not a Viable Security Policy
- Appendix Additional Resources
- Glossary
- Index
Product information
- Title: Securing PHP Web Applications
- Author(s):
- Release date: December 2008
- Publisher(s): Addison-Wesley Professional
- ISBN: 9780321574312
You might also like
book
Securing PHP Apps
Secure your PHP-based web applications with this compact handbook. You'll get clear, practical and actionable details …
book
Modernizing Legacy Applications in PHP
Get your code under control in a series of small, specific steps About This Book Learn …
book
Preventing Web Attacks with Apache
“Ryan Barnett has raised the bar in terms of running Apache securely. If you run Apache, …
book
Professional LAMP: Linux®, Apache, MySQL®, and PHP5 Web Development
The combination of Linux, Apache, MySQL, and PHP is popular because of interaction, flexibility, customization, and-most …