Related Titles
- Full Description
-
PHP security, just like PHP itself, has advanced. Updated for PHP 5.3, the second edition of this authoritative PHP security book covers foundational PHP security topics like SQL injection, XSS, user authentication, and secure PHP development. Chris Snyder and Tom Myer also delve into recent developments like mobile security, the impact of JavaScript, and the advantages of recent PHP hardening efforts.
Pro PHP Security, Second Edition will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. Beginners in secure programming will find a lot of material on secure PHP development, the basics of encryption, secure protocols, as well as how to reconcile the demands of server-side and web application security.
What you’ll learn
- Secure PHP development principles
- PHP web application security
- User and file security
- Mobile security
- Encryption and secure protocols
- Dealing with JavaScript
Who this book is for
Pro PHP Security appeals to all intermediate and advanced PHP programmers who need to keep websites safe. It also contains material of interest to all who are concerned with web application security.
- Table of Contents
-
Table of Contents
- Why Is Secure Programming a Concern?
- Validating and Sanitizing User Input
- Preventing SQL Injection
- Preventing Cross-Site Scripting
- Preventing Remote Execution
- Enforcing Security for Temporary Files
- Preventing Session Hijacking
- Securing REST Services
- Using CAPTCHAs
- User Authentication, Authorization, and Logging
- Preventing Data Loss
- Safe Execution of System and Remote Procedure Calls
- Securing Unix
- Securing Your Database
- Using Encryption
- Securing Network Connections: SSL and SSH
- Final Recommendations
- Source Code/Downloads
- Errata
-
If you think that you've found an error in this book, please let us know about it. You will find any confirmed erratum below, so you can check if your concern has already been addressed.
On page 62-63:
The sample code for checking if a semicolon is in user input is incorrect. Given the sample code a user may start their input with a semicolon and it will validate (when it shouldn't), this is because the first position in the string will return a zero which is evaluated as a boolean false.
Incorrect code:
if (strpos($variety, ';')) exit("$variety is an invalid value");
What it should be:
if (strpos($variety, ';') !== FALSE) exit("$variety is an invalid value");
Your Cart
You don't have any books in your shopping cart yet!
Companion eBooks
Why limit yourself to one format? If you’ve purchased the print edition of most Apress titles then we’re happy to offer you the eBook edition for just $10.
User Group Program
Register your user group with Apress to take advantage of discounts on books, receive review copies, door prizes, and much, much more…
Academic Resources
Let Apress assist in the development of your academic programs and coursework.
Bulk Sales Discount
Bulk discounts apply when you buy ten or more copies of individual Apress or Friends of ED titles in either hard copy or eBook format.