Essential PHP Security

Customers who bought this, also bought: PHP Hacks :Tips & Tools For Creating Dynamic Websites Programming Web Services with SOAP RHCE Red Hat Certified Engineer Linux Study Guide (Exam RH302) Asterisk For Dummies Python Web Programming Zend PHP Certification Study Guide How to Break Web Software: Functional and Security Testing of Web Applications and Web Services Core PHP Programming (3rd Edition) HTML, XHTML, and CSS, Sixth Edition: Visual QuickStart Guide, 6th Edition Zend Framework: A Beginner's Guide

by: Chris Shiflett

Notify me when in stock

On-line Price: $39.95 (includes GST) Paperback package 124 20%Off Retail Price You save: $10.00 Please call us to check availability	Retail Price: $49.95 Publisher: O'REILLY,30.10.2005 Category: PHP PROGRAMMING Level: ISBN: 059600656X ISBN13: 9780596006563
Add to Shopping Cart

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

Preventing cross-site scripting (XSS) vulnerabilities

Protecting against SQL injection attacks

Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

Table of Contents

Foreword
Preface
1. Introduction

      PHP Features

      Principles

      Practices
2. Forms and URLs

      Forms and Data

      Semantic URL Attacks

      File Upload Attacks

      Cross-Site Scripting

      Cross-Site Request Forgeries

      Spoofed Form Submissions

      Spoofed HTTP Requests
3. Databases and SQL

      Exposed Access Credentials

      SQL Injection

      Exposed Data
4. Sessions and Cookies

      Cookie Theft

      Exposed Session Data

      Session Fixation

      Session Hijacking
5. Includes

      Exposed Source Code

      Backdoor URLs

      Filename Manipulation

      Code Injection
6. Files and Commands

      Traversing the Filesystem

      Remote File Risks

      Command Injection
7. Authentication and Authorization

      Brute Force Attacks

      Password Sniffing

      Replay Attacks

      Persistent Logins
8. Shared Hosting

      Exposed Source Code

      Exposed Session Data

      Session Injection

      Filesystem Browsing

      Safe Mode
A. Configuration Directives
B. Functions
C. Cryptography
Index