Pro PHP Security

From Application Security Principles to the Implementation of XSS Defenses

2nd Edition

By Chris Snyder , Thomas Myer , Michael Southwell

PHP programmers need to arm themselves in the race against security risks. Pro PHP Security takes PHP 5.3 as its starting point and solves both traditional and modern security concerns, from SQL injection to mobile security.

Full Description

  • ISBN13: 978-1-4302-3318-3
  • 368 Pages
  • User Level: Intermediate to Advanced
  • Publication Date: December 7, 2010
  • Available eBook Formats: EPUB, MOBI, PDF
  • Print Book Price: $54.99
  • eBook Price: $38.99
Buy eBook Buy Print Book Add to Wishlist

Related Titles

Full Description

PHP security, just like PHP itself, has advanced. Updated for PHP 5.3, the second edition of this authoritative PHP security book covers foundational PHP security topics like SQL injection, XSS, user authentication, and secure PHP development. Chris Snyder and Tom Myer also delve into recent developments like mobile security, the impact of JavaScript, and the advantages of recent PHP hardening efforts.

Pro PHP Security, Second Edition will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. Beginners in secure programming will find a lot of material on secure PHP development, the basics of encryption, secure protocols, as well as how to reconcile the demands of server-side and web application security.

What you’ll learn

  • Secure PHP development principles
  • PHP web application security
  • User and file security
  • Mobile security
  • Encryption and secure protocols
  • Dealing with JavaScript

Who this book is for

Pro PHP Security appeals to all intermediate and advanced PHP programmers who need to keep websites safe. It also contains material of interest to all who are concerned with web application security.

Table of Contents

Table of Contents

  1. Why Is Secure Programming a Concern?
  2. Validating and Sanitizing User Input
  3. Preventing SQL Injection
  4. Preventing Cross-Site Scripting
  5. Preventing Remote Execution
  6. Enforcing Security for Temporary Files
  7. Preventing Session Hijacking
  8. Securing REST Services
  9. Using CAPTCHAs
  10. User Authentication, Authorization, and Logging
  11. Preventing Data Loss
  12. Safe Execution of System and Remote Procedure Calls
  13. Securing Unix
  14. Securing Your Database
  15. Using Encryption
  16. Securing Network Connections: SSL and SSH
  17. Final Recommendations
Source Code/Downloads

Downloads are available to accompany this book.

Your operating system can likely extract zipped downloads automatically, but you may require software such as WinZip for PC, or StuffIt on a Mac.

Errata

Please Login to submit errata.

On page 62-63:

The sample code for checking if a semicolon is in user input is incorrect. Given the sample code a user may start their input with a semicolon and it will validate (when it shouldn't), this is because the first position in the string will return a zero which is evaluated as a boolean false.

Incorrect code:
if (strpos($variety, ';')) exit("$variety is an invalid value");

What it should be:
if (strpos($variety, ';') !== FALSE) exit("$variety is an invalid value");