Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses, Second Edition
- 7h 58m
- Chris Snyder, Michael Southwell, Thomas Myer
- Apress
- 2010
PHP security, just like PHP itself, has advanced. Updated for PHP 5.3, the second edition of this authoritative PHP security book covers foundational PHP security topics like SQL injection, XSS, user authentication, and secure PHP development. Chris Snyder and Tom Myer also delve into recent developments like mobile security, the impact of JavaScript, and the advantages of recent PHP hardening efforts.
Pro PHP Security, Second Edition will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. Beginners in secure programming will find a lot of material on secure PHP development, the basics of encryption, secure protocols, as well as how to reconcile the demands of server-side and web application security.
What you’ll learn
- Secure PHP development principles
- PHP web application security
- User and file security
- Mobile security
- Encryption and secure protocols
- Dealing with JavaScript
About the Authors
Chris Snyder is the Director of the Center for Internet Innovation at the Fund for the City of New York, where he is working on a mobile web app platform for nonprofit organizations. He is a longtime member of the New York PHP user group, and has been looking for new ways to build scriptable, linked, multimedia content since creating his first Hypercard stack in 1988.
Thomas Myer lives and works in Austin, Texas. He has owned and operated Triple Dog Dare Media, a PHP consulting firm, since 2001. Over the past decade, he and his team have developed hundreds of PHP-based software solutions for their customers, customized many other systems, and integrated PHP applications to work with e-commerce systems, cloud applications, social media APIs, and mobile devices.
Michael Southwell is a retired English professor who has been developing websites for more than 10 years in the small business, nonprofit, and educational areas, with special interest in problems of accessibility. He has authored and co-authored 8 books and numerous articles about writing, writing and computers, and writing education. He is a member of the Executive Board of New York PHP, and a Zend Certified Engineer.
In this Book
-
Why Is Secure Programming a Concern?
-
Validating and Sanitizing User Input
-
Preventing SQL Injection
-
Preventing Cross-Site Scripting
-
Preventing Remote Execution
-
Enforcing Security for Temporary Files
-
Preventing Session Hijacking
-
Securing REST Services
-
Using CAPTCHAs
-
User Authentication, Authorization, and Logging
-
Preventing Data Loss
-
Safe Execution of System and Remote Procedure Calls
-
Securing Unix
-
Securing Your Database
-
Using Encryption
-
Securing Network Connections: SSL and SSH
-
Final Recommendations