Essential PHP Security [at] Krizzna™

Posted on January 6, 2010 by krizzna

Product Description
Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks. Security is an issue that demands attention, g… More >>

Essential PHP Security

Share and Enjoy:

Tags: Essential, Security

http://www.amazon.com/Essential-PHP-Security-Chris-Shiflett/dp/059600656X%3FSubscriptionId%3DAKIAJYJSDU2KTKP3AFEQ%26tag%3Dkrizznawebid-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeA Nate Klaiber

As a very security conscious developer, I found this book to be a GREAT resource to my library. Though the book is short in length, it is very rich in content. Chris does a GREAT job of presenting the problem (citing specific examples of the exploits), showing the pitfalls, and then presenting the solutions.

He is very thorough in his descriptions, and his easy to understand writing and use of analogies made this a very simple concept to grasp. If you are a seasoned PHP developer, or just beginning programming PHP – his writing style helps you to understand the underlying attack, visuals to see it in action, and how to prevent being attacked – it is very simple, yet deep.

Reading this book has helped me to see where my applications may fall short, and what I can do to protect them. Especially in the realm of PHP developers, there are MANY Open Source options out there, and many of them lack the security that is mentioned in the chapters of this book. Don’t let yourself get caught!

I recommend this book, and performing an audit of your own work. Excellent book!
Rating: 5 / 5
http://www.amazon.com/Essential-PHP-Security-Chris-Shiflett/dp/059600656X%3FSubscriptionId%3DAKIAJYJSDU2KTKP3AFEQ%26tag%3Dkrizznawebid-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeA John R. Vacca

Are you a developer who is writing insecure PHP code? If you are, then this book is for you! Author Chris Shiflett, has done an outstanding job of writing a practical book that will help you improve your PHP application-level security.

Shiflett, begins by giving an overview of security principles and best practices. Then, the author covers form processing and attacks such as cross-site scripting and cross-site request forgeries. He continues by focusing on using databases and attacks such as SQL injection. Then, the author explains PHP’s session support and shows you how to protect your applications from attacks such as session fixation and session hijacking. Then, he covers the risks associated with the use of includes, such as backdoor URLs and code injection. Next, the author discusses attacks such as filesystem traversal and command injection. Then, he shows you how to create secure authentication and authorization mechanisms and how to protect your applications from things like brute force attacks and replay attacks. Finally, the author explains the inherent risks associated with a shared hosting environment.

This most excellent book brings long-needed security guidelines to PHP developers everywhere. More importantly, the content of this book will be an asset to your development teams.

Rating: 5 / 5
http://www.amazon.com/Essential-PHP-Security-Chris-Shiflett/dp/059600656X%3FSubscriptionId%3DAKIAJYJSDU2KTKP3AFEQ%26tag%3Dkrizznawebid-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeA jamesodo

This 120 page book could be condensed into one chapter. Most of the examples are just applying the same filter and escape your data to different function.

This book should be read by new programmers. If you have been programming for any decent amount of time, you should already know everything in here.
Rating: 3 / 5
http://www.amazon.com/Essential-PHP-Security-Chris-Shiflett/dp/059600656X%3FSubscriptionId%3DAKIAJYJSDU2KTKP3AFEQ%26tag%3Dkrizznawebid-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeA Matthew Keefe

This book is essential for anyone starting out in PHP, but not only for them. It offers tips for almost any skill level, maybe you know some of the ways to keep your site secure but Chris really goes in depth on some of them.

The code snippets are short, simple, but convey the point exactly as intended… and I also like Chris’s method for validating tainted data, similar to a fisherman. If the fish is bad throw it back and the same goes for user input.

I still have this book for reference and have lent it to a few people which resulted in them picking their own copies… all around a great resource.
Rating: 5 / 5
http://www.amazon.com/Essential-PHP-Security-Chris-Shiflett/dp/059600656X%3FSubscriptionId%3DAKIAJYJSDU2KTKP3AFEQ%26tag%3Dkrizznawebid-20%26linkCode%3Dxm2%26camp%3D2025%26creative%3D165953%26creativeA B_Reviewer

This handy book fecth most recent popular attacks, and roughly coveres most general attacking means and how to secure your website.I like author’s princle about how to filter tainted input and his code snippets are short and understandable.But this book comes with quite much minor errors; chapters seem little bit repetitive and redundant and most codes are not talked in depth.If you were a php newbie, and wish to know more php security related features or you want a short, handy cookbook which provides a quick reference, you should pick up this book.
Rating: 3 / 5

⌊ K™¦krizzna.web.id ⌉

Essential PHP Security

Archives

Recent Comments

Recent Posts

Popular Search Terms

Tag Cloud