PHP has become one of the world's most popular web programming languages from a tool used for producing personal web page. It ensures the operation of so many busiest websites on the Internet. This also brings the problems to be focused on, that's performance, maintainability, testability, reliability and the most important thing - security.

Each chapter in Essential PHP Security explains a web application instance (such as form processing, database programming, SESSION management and validation), which covers all the major aspects in the PHP development. Besides, each section illustrates the attack methods and prevention techniques for the corresponding aspects. When finish reading Essential PHP Security, you will be able to understand and master all kinds of security measures that learned from this book, so as to calmly reply to plenty of new attacks and skills from malicious persons.

Although Essential PHP Security with an eye to PHP language only, and show you how to manipulate the PHP's special function to write the secure code, yet the concepts in this book are really suitable for any web development platform.

Table Of Contents

  • Chapter 1 Introduction
    • PHP Features
    • Principles
    • Practices
  • Chapter 2 Forms and URLs
    • Forms and Data
    • Semantic URL Attacks
    • File Upload Attacks
    • Cross-Site Scripting
    • Cross-Site Request Forgeries
    • Spoofed Form Submissions
    • Spoofed HTTP Requests
  • Chapter 3 Databases and SQL
    • Exposed Access Credentials
    • SQL Injection
    • Exposed Data
  • Chapter 4 Sessions and Cookies
    • Cookie Theft
    • Exposed Session Data
    • Session Fixation
    • Session Hijacking
  • Chapter 5 Includes
    • Exposed Source Code
    • Backdoor URLs
    • Filename Manipulation
    • Code Injection
  • Chapter 6 Files and Commands
    • Traversing the Filesystem
    • Remote File Risks
    • Command Injection
  • Chapter 7 Authentication and Authorization
    • Brute Force Attacks
    • Password Sniffing
    • Replay Attacks
    • Persistent Logins
  • Chapter 8 Shared Hosting
    • Exposed Source Code
    • Exposed Session Data
    • Session Injection
    • Filesystem Browsing
    • Safe Mode
  • Appendix A Configuration Directives
  • Appendix B Functions
  • Appendix C Cryptography

Book Example Codes

Download URLs

Format Download Size
PDF 1.33 MB
CHM 368 KB
(Homepage)