 |
Pro PHP Security
Be the First to Write a Review and tell the world about this title!People who purchase this book frequently purchase: - PHP and MySQL: Create - Modify - Reuse; Timothy Boronczyk, et al, $24.50, 39% Off!
- Programming PHP, 2nd Edition; Kevin Tatroe, et al, $23.95, 40% Off!
- Essential PHP Security; Chris Shiflett, $17.95, 40% Off!
- JavaScript: The Definitive Guide, 5th Edition; David Flanagan, $29.95, 40% Off!
Books on similar topics, in best-seller order:Books from the same publisher, in best-seller order:
"Pro PHP Security is arguably the most comprehensive PHP security
book available, and is highly recommended to any developer or administrator
of a PHP-based Web site."
— Michael J. Ross, Slashdot contributor
Pro PHP Security is one of the first books devoted solely to PHP security.
It will serve as your complete guide for taking defensive and proactive security
measures within your PHP applications. (And the methods discussed are compatible
with PHP versions 3, 4, and 5.)
The knowledge you'll gain from this comprehensive guide will help you prevent
attackers from potentially disrupting site operation or destroying data. And
you'll learn about various security measures, for example, creating and deploying
"captchas," validating e-mail, fending off SQL injection attacks, and preventing
cross-site scripting attempts.
Table of Contents
About the Authors
About the Technical Reviewer
Acknowledgments
Introduction
PART 1 The Importance of Security
Chapter 1 Why Is Secure Programming a Concern?
PART 2 Maintaining a Secure Environment
Chapter 2 Dealing with Shared Hosts
Chapter 3 Maintaining Separate Development and Production
Environments
Chapter 4 Keeping Software Up to Date
Chapter 5 Using Encryption I: Theory
Chapter 6 Using Encryption II: Practice
Chapter 7 Securing Network Connections I: SSL
Chapter 8 Securing Network Connections II: SSH
Chapter 9 Controlling Access I: Authentication
Chapter 10 Controlling Access II: Permissions and Restrictions
PART 3 Practicing Secure PHP Programming
Chapter 11 Validating User Input
Chapter 12 Preventing SQL Injection
Chapter 13 Preventing Cross-Site Scripting
Chapter 14 Preventing Remote Execution
Chapter 15 Enforcing Security for Temporary Files
Chapter 16 Preventing Session Hijacking
PART 4 Practicing Secure Operations
Chapter 17 Allowing Only Human Users
Chapter 18 Verifying Your Users' Identities
Chapter 19 Using Roles to Authorize Actions
Chapter 20 Adding Accountability to Track Your Users
Chapter 21 Preventing Data Loss
Chapter 22 Safely Executing System Commands
Chapter 23 Handling Remote Procedure Calls Safely
Chapter 24 Taking Advantage of Peer Review
INDEX
About the Authors
Chris Snyder is a software engineer at Fund for the City of New York, where
he helps develop next-generation websites and services for nonprofit organizations.
He is a member of the Executive Board of New York PHP, and has been looking
for new ways to build scriptable, linked, multimedia content since he saw his
first Hypercard stack in 1988.
Michael Southwell is a retired English professor who has been developing websites
for more than 10 years in the small business, nonprofit, and educational areas,
with special interest in problems of accessibility. He has authored and co-authored
8 books and numerous articles about writing, writing and computers, and writing
education. He is a member of the Executive Board of New York PHP, and a Zend
Certified Engineer.
|
|
