Product Description

Pro PHP Security is one of the first books devoted solely to PHP security. It will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. (And the methods discussed are compatible with PHP versions 3, 4, and 5.)

The knowledge you'll gain from this comprehensive guide will help you prevent attackers from potentially disrupting site operation or destroying data. And you'll learn about various security measures, for example, creating and deploying "captchas," validating e-mail, fending off SQL injection attacks, and preventing cross-site scripting attempts.

Product Details

• Amazon Sales Rank: #157030 in Books
• Published on: 2005-08-29
• Original language: English
• Number of items: 1
• Binding: Paperback
• 528 pages

About the Author
Chris Snyder is a software engineer at Fund for the City of New York, where he helps develop next-generation websites and services for nonprofit organizations. He is a member of the Executive Board of New York PHP, and has been looking for new ways to build scriptable, linked, multimedia content since he saw his first Hypercard stack in 1988.

Michael Southwell is a retired English professor who has been developing websites for more than 10 years in the small business, nonprofit, and educational areas, with special interest in problems of accessibility. He has authored and co-authored 8 books and numerous articles about writing, writing and computers, and writing education. He is a member of the Executive Board of New York PHP, and a Zend Certified Engineer.

Customer Reviews

Securing systems & Securing code
I found Pro PHP Security a very informative book. I received this book around the same time that I began developing online financial software. This book lived up to the name and answered a lot of my questions.

I found the chapter on encryption and hashing very interesting. I knew what each system of protection accomplished but not how. Next the authors proceeded to discuss Secure Sockets Layer (SSL) and how certificates are created. It was fun to be able to create my own certificate and keys, and gain a better understanding of how the whole process works.

After covering server security and connection security, the authors moved onto secure programming. The first chapter covers user input validation. This is one area that many programmers, myself included, do not devote much time. If you can sanitize the data you get from the user, you have overcome one of the largest hurdles of securing your code.

After that chapter, each following chapter begins with the presentation of an exploit and how it works, followed by discussions of sites affected by these exploits, and concluding with how to prevent it. SQL injection, cross-site scripting, remote execution and session hijacking are some of the exploits discussed. This section of the book gave me plenty to think about and more than enough to work on implementing.

If anyone is a PHP programmer and deals with any kind of sensitive data, then this book is a must read. The authors attempt to provide all the best practices because one method may not work in a given situation, but they also let you know the disadvantages of each method. As Snyder and Southwell discuss in the first chapter, as developers we cannot eliminate risk but we can do our best to mitigate it.

Good info, not many solutions
Like the title states this book tells you about a lot of security issues you should be aware of, but doesn't go in depth for many solutions. Especially xss which is the only reason i bought the book. For how much the book costs i figured it would include some really good php solutions. I mean the thing is in black and white, what's with the price tag that doesn't tell me anything that i can't find on the web.

Very little about PHP security at all
The book is entitled PHP security. But the actual content covers very little PHP at
all: less than 20 percent. It tries to cover everything from UNIX permission,SSH
and all other security issues, but really doesn't have much to do with PHP. So I
think the title is highly misleading. For someone interested in the general
security issues, it might be a fine book. But not for programmers want to know
the security about PHP.