|
Written by David Stockton
|
|
Tuesday, June 14 2011 23:09 |
 |
| Author: |
Chris Snyder, Michael Southwell |
| Published: |
December 2010 |
| Publisher: |
Apress |
| Reviewer: |
Scott Hancock |
This was a pretty solid book on PHP web application security, and should be a part of any PHP developer's library. The author gives detailed descriptions of the most common ways in which your application can be attacked, and gives well thought out examples of how to guard against them. Here are some of the topics that you'll learn about in the book:
- SQL injection: This book gives a great overview of what SQL injection is, how to identify vulnerabilities, how to fix them, and how to test your application
- Cross-site scripting: This was a good one for me. Much of the documentation on XSS is pretty vague. The authors did a good job of providing several detailed examples of cross-site scripting attacks, and how to defend against them.
- Validating and Sanitizing input: The authors really stress the importance of validating and sanitizing any input that comes into your application. They give examples of how to create validation libraries. However, one of my main disappointments with the book was that they failed to discuss PHP's filter_var functionality.
- Captchas: What they are and how to implement them.
- Securing RESTful services: Restricting access, authenticating and authorizing requests, and enforcing quotas and rate limits.
- How to secure UNIX
- How to secure your database
- Encryption: The authors discuss keeping your passwords safe by hashing, and how to protect other sensitive data by symmetrical or asymmetrical encryption
- SSL and SSH: Securing network connections via SSL and SSH. How to generate certificates and keys.
- Securing shared hosting
- Keeping production and development environments separate
- Keeping software up to date
These are just some of the focus areas of this book. It provides even more interesting and valuable information. While this book won't make you a security expert, it will put you well on the path of proper security-minded PHP coding.
For more information please see the publisher's site for the book. |
