Essential PHP Security
Essential PHP Security by Chris Shiflett
- Binding:
- Paperback
- Number of Pages:
- 128
- ISBN:
- 059600656X
- Product Group:
- book
- Publisher:
- O'Reilly Media
- Publication Date:
- Oct. 13, 2005
- BooksForGeeks.com ID:
- 1150
Security demands attention, given the frequency of attacks on web sites. This work explains the common types of attacks and how to write code that isn't susceptible to them. It covers such topics as preventing cross-site scripting (XSS) vulnerabilities; protecting against SQL injection attacks; and, complicating session hijacking attempts.
Reviews for Essential PHP Security
-
Security advice that is useful for non-PHP programers too
Rated out of 5 stars, October 12th, 2009
I've found this book useful because it explained to me how certain vulnerabilities can arise. That is handy to know whatever language you are writing in. The solutions the author suggests can also be employed outside of PHP.
I agree with most of the comments of the other reviewers so I won't bore you by repeating them.
It may only be 100 pages but it's well worth the price if you need educating about web security.
-
A bit too simple for my needs
Rated out of 5 stars, July 12st, 2009
It does contain simple ways to make your websites more secure, but nothing too tricky.
I was a bit disappointed with this book. BUT it is a good book to read for beginners. -
Great introduction to PHP security
Rated out of 5 stars, May 12th, 2008
Great advice, very small compact book, clearly written.
This book makes light work of a complex topic but does not go into great depth. A lot of the recommendations are common sense (use SSL for password transmission), filter input.
As the title suggest, this are "essential" or "basic" security techniques, a must read for any new developer / a great starting point for anyone wishing to learn about PHP security.
-
Absolutely Essential
Rated out of 5 stars, December 12th, 2007
If you've done a bit of PHP programming, or have used any other online scripting languages, but have never considered the security implications, this book is essential. The threats are jaw-droppingly simple, but so are their fixes, and the principles remain for other technologies too. The techniques will also improve the integrity of your data and ensure that you consider security in the design process of your applications.
The book is lean and quick to read, the content is aimed at reasonably knowledgeable programmers, but there is nothing here that can't be easily researched. All the issues are illustrated with short, relevant examples and code, which makes a change from most programming books. The author also maintains his own website to ensure that readers can remain updated on problems for the foreseeable future. Overall, this is essential stuff and great value. -
Very informative, best practices
Rated out of 5 stars, February 12th, 2007
This book is very good, and absolutely recommandable.
The book is not very big (~100 pages) and can be read quite fast. It's also an easy read, as the language in the book is not hard as some other technical books might be. The explanations are good, and easy to understand, as well as the reasoning.
I enjoyed this book, and it's a great reference. It's size also allows you to read it again (And that's a great idea - Helps you to remember) to get the most out of the book.
The author knows what he talks about, and his advice really makes sense. You might already be aware of some of the concepts, such as filtering input etc, but Chris explains really well the ideas behind such concepts, and gives great examples of what can go wrong if you fail to follow the simple principles given.
All in all, this is a great book that really helps you, by teaching you best practices from a very experienced web-developer.
And the book is really great as a reference.