Books & Videos

Table of Contents

  1. Chapter 1 Introduction

    1. PHP Features

    2. Principles

    3. Practices

  2. Chapter 2 Forms and URLs

    1. Forms and Data

    2. Semantic URL Attacks

    3. File Upload Attacks

    4. Cross-Site Scripting

    5. Cross-Site Request Forgeries

    6. Spoofed Form Submissions

    7. Spoofed HTTP Requests

  3. Chapter 3 Databases and SQL

    1. Exposed Access Credentials

    2. SQL Injection

    3. Exposed Data

  4. Chapter 4 Sessions and Cookies

    1. Cookie Theft

    2. Exposed Session Data

    3. Session Fixation

    4. Session Hijacking

  5. Chapter 5 Includes

    1. Exposed Source Code

    2. Backdoor URLs

    3. Filename Manipulation

    4. Code Injection

  6. Chapter 6 Files and Commands

    1. Traversing the Filesystem

    2. Remote File Risks

    3. Command Injection

  7. Chapter 7 Authentication and Authorization

    1. Brute Force Attacks

    2. Password Sniffing

    3. Replay Attacks

    4. Persistent Logins

  8. Chapter 8 Shared Hosting

    1. Exposed Source Code

    2. Exposed Session Data

    3. Session Injection

    4. Filesystem Browsing

    5. Safe Mode

  1. Appendix A Configuration Directives

    1. allow_url_fopen

    2. disable_functions

    3. display_errors

    4. enable_dl

    5. error_reporting

    6. file_uploads

    7. log_errors

    8. magic_quotes_gpc

    9. memory_limit

    10. open_basedir

    11. register_globals

    12. safe_mode

  2. Appendix B Functions

    1. eval()

    2. exec()

    3. file()

    4. file_get_contents()

    5. fopen()

    6. include

    7. passthru()

    8. phpinfo()

    9. popen()

    10. preg_replace()

    11. proc_open()

    12. readfile()

    13. require

    14. shell_exec()

    15. system()

  3. Appendix C Cryptography

    1. Storing Passwords

    2. Using mcrypt

    3. Storing Credit Card Numbers

    4. Encrypting Session Data

  4. About the Author

  5. Colophon