Essential PHP Security
A Guide to Building Secure Web Applications
Publisher: O'Reilly Media
Final Release Date: October 2005
Pages: 130

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

  • Preventing cross-site scripting (XSS) vulnerabilities
  • Protecting against SQL injection attacks
  • Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

Table of Contents
Product Details
About the Author
Colophon
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillyEssential PHP Security
 
3.8

(based on 6 reviews)

Ratings Distribution

  • 5 Stars

     

    (1)

  • 4 Stars

     

    (4)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (1)

  • 1 Stars

     

    (0)

Pros

  • Easy to understand (3)
  • Well-written (3)

Cons

No Cons

Best Uses

  • Novice (3)

Reviewed by 6 customers

Displaying reviews 1-6

Back to top

 
4.0

Good overview, Good ideas, Good execution

By tcordes

from Winnipeg, Canada

About Me Developer, Sys Admin

Verified Reviewer

Pros

  • Accurate
  • Concise
  • Easy to understand
  • Helpful examples
  • Relevant
  • Well-written

Cons

    Best Uses

    • Expert
    • Intermediate
    • Novice
    • Student

    Comments about oreilly Essential PHP Security:

    The first thing that will strike you when obtaining this book is its brevity. Can one hundred pages do this important topic justice, and are the details stale after over a decade? Sort of, and not really.

    As an experienced PHP developer, I knew about every security issue in this book. A novice probably wouldn't. However, the author approaches each potential problem from a few different angles, and offers some unique potential solutions. As such, I gleaned over a dozen tidbits that prompted further investigation and implementation in my own code base. Many turned into simple checks that "phew, I was covering that". A couple of ideas allowed me to harden my code against unlikely attack vectors.

    That said, I would point out that not all proposed solutions are ones I would agree with or implement, especially not exactly as described (i.e. $clean). However, the goal of a short book is to get you thinking, and you can forge your own solutions after grokking the problem. At this the book excels.

    As for obsolescence, it's only a minor problem. An updated edition would probably just add new chapters regarding new PHP features, like timing-attack-immune password hashing. The core ideas and exploits outlined in this book remain completely relevant to PHP programmers today. All new PHP programmers should be forced to read this book! And kudos to the author and editors, this book has remarkably few errors.

     
    2.0

    A small book for a big topic

    By Ton van Lankveld

    from Boekel, the Netherlands

    About Me Designer, Educator

    Verified Buyer

    Pros

    • Easy to understand
    • Well-written

    Cons

    • Not comprehensive enough
    • Too basic

    Best Uses

    • Novice

    Comments about oreilly Essential PHP Security:

    Now it's obviose for all to see that the Internet is far from secure, it is almost painfull to see how little pages are spend on this important topic.
    The idea is good, but php.net has more information on the security aspect of this language then above booklet.
    IMHO Chris Shiflett should site down and do some serious writing. The topic lends itself for a book the size of Lord of the Rings.

     
    4.0

    Essential is the right word

    By Federico Freonius Pirani

    from Milan, Italy

    About Me Developer

    Verified Reviewer

    Pros

    • Easy to understand
    • Helpful examples
    • Well-written

    Cons

    • Too basic

    Best Uses

    • Novice
    • Student

    Comments about oreilly Essential PHP Security:

    Even though the first chapters are a bit too basic for a PHP programmer with some experience, as you go on reading you can find some interesting solution to improve your security. The best feature, in my opinion, is that shared hosting is taken into consideration, very uncommon in the books I have read so far.
    If you use superglobals directly in your SQL queries or you are a novice in PHP, this book is for you.

    (4 of 4 customers found this review helpful)

     
    4.0

    Chilling book

    By Anonymous

    from Undisclosed

    Comments about oreilly Essential PHP Security:

    I'm no newbie to computer security, but sometimes I feel like reading a good book about security instead of surfing the web for bits and pieces of security-related articles. And this had good reviews, so...

    The book started off with the basic stuff: Don't trust input, always escape output, etc. Very basic. In fact I wondered if this book was a little too basic.

    And then, with each progressive chapter, my attitude slowly changed from "yeah, yeah", to "hmmmm", to "oops".

    It's not only because the author mercilessly brings up exploit after exploit, saying "did you think about this? and how about this, did you think about that?"; it's also because he explains why it's important, how to exploit it, and what people can do to your site if you didn't think about that.

    Now, I'll go back to my PHP code and rewrite, oh, one or two classes. Or more.

    (3 of 3 customers found this review helpful)

     
    4.0

    Very good introduction!

    By Leam Hall

    from Undisclosed

    Comments about oreilly Essential PHP Security:

    While smaller than many O'Reilly titles the author wastes no time in helping the new PHP programmer write more secure code. Once you get the best practices in the first chapter down, the other seven chapters each deal with a specific class of vulnerability. You can read chapters 2-8 in any order, and you'll spend some time with the appendices too.

    I confess, this book made me want to go back over my code and refactor it from the ground up! Chris gives really easy ways to prevent the more common attacks any internet site faces. A day to a day and a half to read this book and then build your habit library will take you far in building more secure PHP code.

    (6 of 6 customers found this review helpful)

     
    5.0

    Change Your Outlook on Security

    By Evan Broder

    from Undisclosed

    Comments about oreilly Essential PHP Security:

    Chris Shiflett recently visited our local PHP Users Group, and after the meeting, I was inspired to buy his book in preparation for a big PHP project.

    Without a doubt this has changed how I view security. Before, I was aware of potential holes; I knew what SQL injection was. After reading this book, though, I feel like I have a true grasp on what I have to do to make my code secure.

    In fact, I even see the difference when I look at my old code. I see potential problems.

    After reading this book, some might say that Chris teaches you to be paranoid, but I would argue that he teaches you to be thorough.

    I highly recommend this book for anyone with a little PHP experience.

    Displaying reviews 1-6

    Back to top

     
    Buy 2 Get 1 Free Free Shipping Guarantee
    Buying Options
    Immediate Access - Go Digital what's this?
    Ebook:  $23.99
    Formats:  DAISY, ePub, Mobi, PDF
    Print & Ebook:  $32.95
    Print:  $29.95