Synopses & Reviews
PHP is the world's most popular open source web scripting language, installed on almost 17 million domains worldwide (www.php.net/usage.php). It is loved by beginners and embraced by advanced users. This book offers developers a complete guide to taking both defensive and proactive security approaches within their PHP applications.
Pro PHP Security guides developers through many of the defensive and proactive security measures that can be taken to help prevent attackers from potentially disrupting site operation or destroying data. Moreover, this book covers a wide swath of security measures, showing readers how to create and deploy captchas, validate email, fend off SQL injection attacks, prevent cross-site scripting attempts, and more.
Pro PHP Security is one of the first books devoted solely to PHP security. It will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. The methods discussed are compatible with PHP versions 3, 4, and 5.
The knowledge you?ll gain from this comprehensive guide will help you prevent attackers from potentially disrupting site operation or destroying data. And you?ll learn about various security measures, for example, creating and deploying captchas, validating e-mail, fending off SQL injection attacks, and preventing cross-site scripting attempts.
Table of Contents
Why is Secure Programming a Concern?- Dealing with Shared Hosts.- Maintaining Separate Development and Production Environments.- Keeping Software Up To Date.- Connecting Securely.- Using Encryption.- Controlling Access.- Reducing Risk with PHP's Safe Mode.- Peer Review.- Preventing SQL Injection.- Preventing Hijacking of Temporary Files.- Preventing Hijacking of Sessions.- Preventing Spoofing of Forms.- Preventing Spoofing of File Uploads.- Preventing Misuse of Shell Arguments.- Preventing Misuse of Global Variables.- Preventing Buffer Overflow.- Using Content Filtering.- Using Roles to Authorize Script Execution.- Avoiding Cross-site Scripting.- Using captchas as Turing Tests.- Verifying Email Addresses.- Adding undo to Prevent Data Loss.- Adding Accountability to Track (Ab)Use.- Safely Executing Privileged Scripts.- Handling Remote Procedure Calls Safely.- Using FTP Safely.- Fending Off the Robots.