Programming Books C Java PHP Python Learn more Browse Programming Books
Essential PHP Security and over one million other books are available for Amazon Kindle. Learn more
Qty:1
  • List Price: $29.95
  • Save: $8.21 (27%)
FREE Shipping on orders over $35.
In Stock.
Ships from and sold by Amazon.com.
Gift-wrap available.
Add to Cart
FREE Shipping on orders over $35.
Used: Good | Details
Sold by Dana Park
Condition: Used: Good
Comment: Pages are smooth and clear, with minimal folds or creases. Minor page curl. Free of any markings or labels. Minor to moderate surface wear to cover includes rubbing to edges. *** Fast Amazon shipping, delivery tracking number, no-hassle return policy - your satisfaction is guaranteed!
Add to Cart
Have one to sell? Sell on Amazon
Flip to back Flip to front
Listen Playing... Paused   You're listening to a sample of the Audible audio edition.
Learn more
See all 2 images

Essential PHP Security Paperback – October 20, 2005


See all 4 formats and editions Hide other formats and editions
Amazon Price New from Used from
Kindle
"Please retry"
Paperback
"Please retry"
$21.74
$16.42 $0.08

Frequently Bought Together

Essential PHP Security + Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast + Securing PHP Web Applications
Price for all three: $78.65

Buy the selected items together

NO_CONTENT_IN_FEATURE

Shop the New Digital Design Bookstore
Check out the Digital Design Bookstore, a new hub for photographers, art directors, illustrators, web developers, and other creative individuals to find highly rated and highly relevant career resources. Shop books on web development and graphic design, or check out blog posts by authors and thought-leaders in the design industry. Shop now

Product Details

  • Paperback: 130 pages
  • Publisher: O'Reilly Media; 1 edition (October 20, 2005)
  • Language: English
  • ISBN-10: 059600656X
  • ISBN-13: 978-0596006563
  • Product Dimensions: 9.1 x 7 x 0.3 inches
  • Shipping Weight: 8 ounces (View shipping rates and policies)
  • Average Customer Review: 3.9 out of 5 stars  See all reviews (30 customer reviews)
  • Amazon Best Sellers Rank: #499,757 in Books (See Top 100 in Books)

Editorial Reviews

Review

You've heard the nasty stories about PHP sites being wiped off the web by evil hackers? Sadly it's not scare-mongering as it does happen, and as much as we love PHP it needs proper security to keep your site safe from harm. Plenty of PHP books have the odd chapter on security but at last O'Reilly have published a whole volume dedicated to the cause, with all the code you'll need to keep everything in order. Each chapter covers a different aspect of the application, from form processing to database programming and session management. Written in a straight forward style, it's ideal for every PHP user, but at GBP20 you might expect a little more than just 100 pages." .NET, November 2005 "If you write PHP scripts, get a copy" - Alain Williams, news@UK, March 2006

Book Description

A Guide to Building Secure Web Applications

More About the Author

Discover books, learn about writers, read author blogs, and more.

Customer Reviews

It really does get right to the point, and doesn't waste any time.
S. Hickey
Chris does a GREAT job of presenting the problem (citing specific examples of the exploits), showing the pitfalls, and then presenting the solutions.
Nate Klaiber
The language is easy to understand and the examples are clear and concise.
K. Haman

Most Helpful Customer Reviews

43 of 47 people found the following review helpful By John A. Suda VINE VOICE on November 2, 2005
Format: Paperback
You would think that with all of the books being published recently about PHP that everyone and his mother is writing PHP code. This may be true, but even if it is not, it is certain that many people and businesses are using PHP code, in concert with other applications like MySQL, to produce dynamic web sites. This is all well and good because PHP is a high-quality coding language especially well-suited to web applications. It is also open-source, meaning well-supported by a community of coders and developers and cost-free. The one problem is that, like all coding languages, poorly designed or written PHP applications can be security risks potentially allowing Internet miscreants to cause damage to web servers, hosts, and users. It appears to be the case that there are many, many instances of insecure PHP code in use, hence, the value in a targeted book on PHP security, like "Essential PHP Security", by Chris Shiflett.

The author is an internationally-known and accomplished expert on PHP security. He is the founder of the PHP Security Consortium, a group of volunteers who help educate the PHP community, and a well-known contributor to the PHP-general mail digest. The book is designed to provide security information and guidelines and explain the most common types of attacks and how to prevent or repel them.

"Essential PHP Security" is a slight volume of only 109 pages, including index. Shiflett wastes no time and immediately jumps into his topic, starting with his opinion on the use of the PHP concept of "register globals", a configuration setting which he recommends against using in favor of "superglobal arrays".
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
15 of 15 people found the following review helpful By Castlebravo on December 31, 2008
Format: Paperback
I really wanted to write a glowing review of Mr. Shiflett's book, Essential PHP Security, but I can't help but dissapointed by the weaknesses.

The author's blog ([...]) and PHP security website ([...]) are good sources of information on PHP security and web creation in general. With the wisdom hinted at via his websites, I looked forward to more in depth insights and specifics in his book. Unfortunately for Mr. Shiflett, writing a book is not like writing 'bites' for a blog or marketing yourself as experienced and knowledgable. This book reads like an anthology of blog articles and seminar presentations and that weakness kills what should otherwise really be an essential text.

As another helpful reviewer pointed out, this book is a not appropriate for new PHP programmers. That reviewer also noted that it is precisely new initiates to PHP that need these lessons the most. The protective measures suggested in the book are presented superficially. The author highlights the vulnerability, but then only hints at a protective measure by providing a code snip-it which totally lacks context. Most novice readers expect examples of how to apply and integrate the suggested technique effectively and efficiently within the basics they already know.

Mr. Shiflett writes in his acknowledgements, "Written during one of the busiest years of my life ... [the people at O'reilly] have gone out of their way to make the entire process fit around my writing style and busy schedule."

Smoking gun?

For a full price book, the author had room, but perhaps not the desire to provide more substance. Concise does not have to be superficial. The book's main content is 85 pages -- followed by three appendices between pages 87 and 103. The index runs between pages 105 and 109.
Read more ›
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again
17 of 19 people found the following review helpful By R. Peake on October 23, 2005
Format: Paperback
This book helped me identify and report a critical security vulnerability in a commercial third party PHP application we were planning to deploy in a business-critical fashion. For that alone, it was worth its weight in gold.

This books is the antidoe to the common misperception that PHP applications fall short on security. With sparkling clarity, Chris demystifies dozens of attacks and provides both solid theoretical and practical bases for coding securely in PHP. Throughout his work as a PHP security consultant, and culminating in this book, Chris has defined the lexicon for web security -- telling us precisely what it means to filter input, and precisely what it means to escape output -- as well as when, how and why. This is nothing short of a defining work on web application security as it applies specifically to PHP.

While this book does not cover using encoders (like the Zend Encoder or IonCube Encoder) to heighten security in a plain-text scripting language, every other topic you would expect to be covered is treated -- above all -- with accuracy, and all in just over a hundred pages. Where other authors might potificte to fill pages, Chris crafted this book to live up to its title -- it is indeed essential, distilled, and precise. Therefore there is little excuse from this point on to not have read it at least once, and thumb through it from time to time when developing or auditing a PHP application. I intend to make it required reading in my department, and recommend it highly to colleagues in other companies developing web applications in PHP.
Comment Was this review helpful to you? Yes No Sending feedback...
Thank you for your feedback. If this review is inappropriate, please let us know.
Sorry, we failed to record your vote. Please try again

Customer Images

Most Recent Customer Reviews

Search