Product Description

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks. Security is an issue that demands attention, given the growing frequency of attacks on web sites. "Essential PHP Security" explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book. In the much-needed (and highly-requested) "Essential PHP Security", each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks. Topics covered include: preventing cross-site scripting (XSS) vulnerabilities; protecting against SQL injection attacks; and, complicating session hijacking attempts. You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

Product Details

• Amazon Sales Rank: #40576 in Books
• Published on: 2005-10-13
• Original language: German
• Number of items: 1
• Binding: Paperback
• 124 pages

Review
You've heard the nasty stories about PHP sites being wiped off the web by evil hackers? Sadly it's not scare-mongering as it does happen, and as much as we love PHP it needs proper security to keep your site safe from harm. Plenty of PHP books have the odd chapter on security but at last O'Reilly have published a whole volume dedicated to the cause, with all the code you'll need to keep everything in order. Each chapter covers a different aspect of the application, from form processing to database programming and session management. Written in a straight forward style, it's ideal for every PHP user, but at GBP20 you might expect a little more than just 100 pages." .NET, November 2005 "If you write PHP scripts, get a copy" - Alain Williams, news@UK, March 2006

Synopsis
Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks. Security is an issue that demands attention, given the growing frequency of attacks on web sites. "Essential PHP Security" explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book. In the much-needed (and highly-requested) "Essential PHP Security", each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include: preventing cross-site scripting (XSS) vulnerabilities; protecting against SQL injection attacks; and, complicating session hijacking attempts. You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

From the Publisher
The PHP scripting language works beautifully with other open source tools, such as the MySQL database and Apache web server software, to build interactive web applications. But security is still an issue that developers need to address, given the frequency of attacks on web sites. Essential PHP Security explains the types of attacks that hackers use on web sites and how to correctly configure Apache and PHP to guard against them. The author of Essential PHP Security, Chris Shiflett, is an internationally recognized expert in the field of PHP security and this book shows developers how to guard against attacks by writing secure PHP code.

Customer Reviews

Great introduction to PHP security
Great advice, very small compact book, clearly written.

This book makes light work of a complex topic but does not go into great depth. A lot of the recommendations are common sense (use SSL for password transmission), filter input.

As the title suggest, this are "essential" or "basic" security techniques, a must read for any new developer / a great starting point for anyone wishing to learn about PHP security.

Absolutely Essential
If you've done a bit of PHP programming, or have used any other online scripting languages, but have never considered the security implications, this book is essential. The threats are jaw-droppingly simple, but so are their fixes, and the principles remain for other technologies too. The techniques will also improve the integrity of your data and ensure that you consider security in the design process of your applications.

The book is lean and quick to read, the content is aimed at reasonably knowledgeable programmers, but there is nothing here that can't be easily researched. All the issues are illustrated with short, relevant examples and code, which makes a change from most programming books. The author also maintains his own website to ensure that readers can remain updated on problems for the foreseeable future. Overall, this is essential stuff and great value.

Very informative, best practices
This book is very good, and absolutely recommandable.

The book is not very big (~100 pages) and can be read quite fast. It's also an easy read, as the language in the book is not hard as some other technical books might be. The explanations are good, and easy to understand, as well as the reasoning.

I enjoyed this book, and it's a great reference. It's size also allows you to read it again (And that's a great idea - Helps you to remember) to get the most out of the book.

The author knows what he talks about, and his advice really makes sense. You might already be aware of some of the concepts, such as filtering input etc, but Chris explains really well the ideas behind such concepts, and gives great examples of what can go wrong if you fail to follow the simple principles given.

All in all, this is a great book that really helps you, by teaching you best practices from a very experienced web-developer.

And the book is really great as a reference.