Start reading Essential PHP Security on the free Kindle Reading App or on your Kindle in under a minute. Don't have a Kindle? Get your Kindle here.
Programming Books C Java PHP Python Learn more Browse Programming Books

Deliver to your Kindle or other device

Enter a promotion code
or gift card
 
 
 

Try it free

Sample the beginning of this book for free

Deliver to your Kindle or other device

Sorry, this item is not available in
Image not available for
Color:
Image not available

To view this video download Flash Player

 

Essential PHP Security [Kindle Edition]

Chris Shiflett
3.9 out of 5 stars  See all reviews (31 customer reviews)

Digital List Price: $23.99 What's this?
Print List Price: $29.95
Kindle Price: $13.49
You Save: $16.46 (55%)

Free Kindle Reading App Anybody can read Kindle books—even without a Kindle device—with the FREE Kindle app for smartphones, tablets and computers.

To get the free app, enter your email address or mobile phone number.

Formats

Amazon Price New from Used from
Kindle Edition $13.49  
Paperback $22.16  
Shop the new tech.book(store)
New! Introducing the tech.book(store), a hub for Software Developers and Architects, Networking Administrators, TPMs, and other technology professionals to find highly-rated and highly-relevant career resources. Shop books on programming and big data, or read this week's blog posts by authors and thought-leaders in the tech industry. > Shop now

Book Description

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

  • Preventing cross-site scripting (XSS) vulnerabilities
  • Protecting against SQL injection attacks
  • Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.



Editorial Reviews

Review

You've heard the nasty stories about PHP sites being wiped off the web by evil hackers? Sadly it's not scare-mongering as it does happen, and as much as we love PHP it needs proper security to keep your site safe from harm. Plenty of PHP books have the odd chapter on security but at last O'Reilly have published a whole volume dedicated to the cause, with all the code you'll need to keep everything in order. Each chapter covers a different aspect of the application, from form processing to database programming and session management. Written in a straight forward style, it's ideal for every PHP user, but at GBP20 you might expect a little more than just 100 pages." .NET, November 2005 "If you write PHP scripts, get a copy" - Alain Williams, news@UK, March 2006

Book Description

A Guide to Building Secure Web Applications

Product Details

  • File Size: 514 KB
  • Print Length: 130 pages
  • Simultaneous Device Usage: Unlimited
  • Publisher: O'Reilly Media; 1 edition (February 9, 2009)
  • Sold by: Amazon Digital Services, Inc.
  • Language: English
  • ASIN: B0026OR358
  • Text-to-Speech: Enabled
  • X-Ray:
  • Lending: Not Enabled
  • Amazon Best Sellers Rank: #537,664 Paid in Kindle Store (See Top 100 Paid in Kindle Store)
  •  Would you like to give feedback on images?.


Customer Reviews

Most Helpful Customer Reviews
43 of 47 people found the following review helpful
3.0 out of 5 stars Good overview of php security matters November 2, 2005
Format:Paperback
You would think that with all of the books being published recently about PHP that everyone and his mother is writing PHP code. This may be true, but even if it is not, it is certain that many people and businesses are using PHP code, in concert with other applications like MySQL, to produce dynamic web sites. This is all well and good because PHP is a high-quality coding language especially well-suited to web applications. It is also open-source, meaning well-supported by a community of coders and developers and cost-free. The one problem is that, like all coding languages, poorly designed or written PHP applications can be security risks potentially allowing Internet miscreants to cause damage to web servers, hosts, and users. It appears to be the case that there are many, many instances of insecure PHP code in use, hence, the value in a targeted book on PHP security, like "Essential PHP Security", by Chris Shiflett.

The author is an internationally-known and accomplished expert on PHP security. He is the founder of the PHP Security Consortium, a group of volunteers who help educate the PHP community, and a well-known contributor to the PHP-general mail digest. The book is designed to provide security information and guidelines and explain the most common types of attacks and how to prevent or repel them.

"Essential PHP Security" is a slight volume of only 109 pages, including index. Shiflett wastes no time and immediately jumps into his topic, starting with his opinion on the use of the PHP concept of "register globals", a configuration setting which he recommends against using in favor of "superglobal arrays".
Read more ›
Comment | 
Was this review helpful to you?
16 of 16 people found the following review helpful
2.0 out of 5 stars I wanted so much to love this book December 31, 2008
Format:Paperback
I really wanted to write a glowing review of Mr. Shiflett's book, Essential PHP Security, but I can't help but dissapointed by the weaknesses.

The author's blog ([...]) and PHP security website ([...]) are good sources of information on PHP security and web creation in general. With the wisdom hinted at via his websites, I looked forward to more in depth insights and specifics in his book. Unfortunately for Mr. Shiflett, writing a book is not like writing 'bites' for a blog or marketing yourself as experienced and knowledgable. This book reads like an anthology of blog articles and seminar presentations and that weakness kills what should otherwise really be an essential text.

As another helpful reviewer pointed out, this book is a not appropriate for new PHP programmers. That reviewer also noted that it is precisely new initiates to PHP that need these lessons the most. The protective measures suggested in the book are presented superficially. The author highlights the vulnerability, but then only hints at a protective measure by providing a code snip-it which totally lacks context. Most novice readers expect examples of how to apply and integrate the suggested technique effectively and efficiently within the basics they already know.

Mr. Shiflett writes in his acknowledgements, "Written during one of the busiest years of my life ... [the people at O'reilly] have gone out of their way to make the entire process fit around my writing style and busy schedule."

Smoking gun?

For a full price book, the author had room, but perhaps not the desire to provide more substance. Concise does not have to be superficial. The book's main content is 85 pages -- followed by three appendices between pages 87 and 103. The index runs between pages 105 and 109.
Read more ›
Comment | 
Was this review helpful to you?
10 of 10 people found the following review helpful
4.0 out of 5 stars Good overview of PHP security issues to date November 22, 2005
By Sam
Format:Paperback
This long awaited work from who many refer to as the guru of PHP security is finally out.

I must say though, when it arrived in the mail, I was a bit surprised by the package. Rather than the typical book box you get, it was in a padded envelope and upon opening the package I saw that the book was a mere 109 pages (with appendices starting on page 87).

As I began to read the book, I started to realize some of the reasons for the small size. Chris stays completely on topic with PHP security and doesn't meander into subjects such as Linux server administration and security, which other (larger) texts do to quite a large extent. I acually went to another PHP security text I had recenty read, and if I took out the sysadmin sections, it left about the same amount of pages as Chris's book. Also Chris's approach to PHP security seems to be a very 'keep it simple one'. He doesn't get into elaborate security frameworks and application layers. He simply defines a PHP security issue, and provides a strait forward and simple solution for the problem. I agree with this approach since over engineering a solution, breeds complexity and complexity can easily mask, you guessed it, "security issues".

I would say what I liked most about this book is that he brought to light the security concerns when running on a shared host. I think this topic if very often neglected on the majority of PHP security articles and texts even though many of us use shared hosting due to how cheep it is. Chris devotes an entire chapter to the situation and clearly explains the vast security risks that come with shared hosting and gives examples of how to mitigate the risks.
Read more ›
Comment | 
Was this review helpful to you?
Most Recent Customer Reviews
5.0 out of 5 stars concise and useful
concise and useful
Published 1 month ago by Marco Kruit
5.0 out of 5 stars Very Informative
More of a guide for beginners, but it did help me find some things to lock my app servers down even more. Can't be too secure.
Published 16 months ago by Dave
5.0 out of 5 stars Security
Essential to my own business and my long vision on my e-commerce. I very thankful to the author. May God assist him and teach him more.
Published 17 months ago by Costa
5.0 out of 5 stars Short and sweet.
This is an excellent read for anyone, not just those using PHP. The provided information is very nicely laid out with very fluff but good practical understanding and application. Read more
Published 20 months ago by Serj
4.0 out of 5 stars good overall
Ive read a lot of general web security titles. This was my first language specific book and it provided a pretty good deep dive into PHP specific security and vulnerabilities.
Published 21 months ago by Haggy
5.0 out of 5 stars useful but not enough information
I am PHP software developer for many years. I am buying that type of books with hope to find at least one new trick or some interesting code style. Read more
Published on August 21, 2012 by David S. James
1.0 out of 5 stars Bad advice presented as "best practices."
About 15 years ago, PHP was still missing a lot of features that, today, programmers take for granted. Read more
Published on April 26, 2012 by Amazon Customer
1.0 out of 5 stars Disappointed...
This book has 7 chapters (Chapters 2 through 8) devoted to the 7 issues. The material is superficial, it does not cover many, many other issues related to PHP Security. Read more
Published on March 17, 2012 by old_customer
5.0 out of 5 stars Good For the begainer.
this book is very well written and explained. Special for new programmer, once you use this book some of the tricks will become your programming patterns.
Published on November 17, 2011 by Lee
5.0 out of 5 stars Loved it!
There were some very good best practices in this book that I immediately adopted. I'm sure most people who would be interested in this book (experienced to advanced developers)... Read more
Published on October 17, 2011 by Darius
Search Customer Reviews
Search these reviews only

More About the Author

Discover books, learn about writers, read author blogs, and more.

What Other Items Do Customers Buy After Viewing This Item?


Forums

There are no discussions about this product yet.
Be the first to discuss this product with the community.
Start a new discussion
Topic:
First post:
Prompts for sign-in
 


Look for Similar Items by Category