Securing PHP Web Applications (Paperback)

~ (Author), William Ballad (Author)

Editorial Reviews

Product Description

Easy, Powerful Code Security Techniques for Every PHP Developer

 

Hackers specifically target PHP Web applications. Why? Because they know many of these apps are written by programmers with little or no experience or training in software security. Don’t be victimized. Securing PHP Web Applications will help you master the specific techniques, skills, and best practices you need to write rock-solid PHP code and harden the PHP software you’re already using.

 

Drawing on more than fifteen years of experience in Web development, security, and training, Tricia and William Ballad show how security flaws can find their way into PHP code, and they identify the most common security mistakes made by PHP developers. The authors present practical, specific solutions–techniques that are surprisingly easy to understand and use, no matter what level of PHP programming expertise you have.

 

Securing PHP Web Applications covers the most important aspects of PHP code security, from error handling and buffer overflows to input validation and filesystem access. The authors explode the myths that discourage PHP programmers from attempting to secure their code and teach you how to instinctively write more secure code without compromising your software’s performance or your own productivity.

 

Coverage includes

• Designing secure applications from the very beginning–and plugging holes in applications you can’t rewrite from scratch
• Defending against session hijacking, fixation, and poisoning attacks that PHP can’t resist on its own
• Securing the servers your PHP code runs on, including specific guidance for Apache, MySQL, IIS/SQL Server, and more
• Enforcing strict authentication and making the most of encryption
• Preventing dangerous cross-site scripting (XSS) attacks
• Systematically testing yourapplications for security, including detailed discussions of exploit testing and PHP test automation
• Addressing known vulnerabilities in the third-party applications you’re already running

Tricia and William Ballad demystify PHP security by presenting realistic scenarios and code examples, practical checklists, detailed visuals, and more. Whether you write Web applications professionally or casually, or simply use someone else’s PHP scripts, you need this book–and you need it now, before the hackers find you!

About the Author

Tricia Ballad spent several years as a Web applications developer on the LAMP (Linux, Apache, MySQL, PHP/Perl) platform before becoming a full-time writer and technical editor. She currently writes online courseware on various technology topics.

 

William Ballad has worked in every aspect and at all levels of information technology, from hardware maintenance at a small mom-and-pop ISP to architect of Windows-based and heterogeneous networks at some of the world’s largest corporations. An active member of the IT security community for many years, he recently led an effort to counter an international hacker group exploiting OptionCart, a widely used e-commerce system.

 

The Ballads have collaborated on several Web development books, including PHP & MySQL Web Development All-in-One Desk Reference for Dummies (Wiley Publishing, 2008).

Product Details

• Paperback: 336 pages
• Publisher: Addison-Wesley Professional (December 26, 2008)
• Language: English
• ISBN-10: 0321534344
• ISBN-13: 978-0321534347
• Product Dimensions: 9 x 6.9 x 0.9 inches
• Shipping Weight: 1.1 pounds (View shipping rates and policies)
• Average Customer Review: 4.0 out of 5 stars  See all reviews (3 customer reviews)
• Amazon.com Sales Rank: #229,041 in Books (See Bestsellers in Books)

  Popular in this category: (What's this?)

  #68 in

  Books > Computers & Internet > Web Development > Programming > PHP

Customer Reviews

Most Helpful Customer Reviews

3 of 3 people found the following review helpful:

4.0 out of 5 stars Great Book for PHP Developers, March 4, 2009

By	O. J. Henty "owenjh" (Charlotte NC) - See all my reviews (REAL NAME)

Securing PHP Web Applications is a great book for any PHP developer with an interest in writing better web applications. It covers a wide range of security topics that every developer should be familiar with. It would be useful for anyone hiring a PHP developer to know the concepts outlined in this book to aid in assessing a developers ability. The book introduced me to some new methods of testing web applications that I had not heard of before. Not the best book to hand to a security professional but a great book to hand to any developer lacking in the security department.

3.0 out of 5 stars Not what I expected from a Security focused book, November 17, 2009

By	G. Koren (Tel Aviv, Israel) - See all my reviews (REAL NAME)

The author doesn't get into the intestines of PHP security breaches. This book has some good examples for beginners with very pristine knowledge of PHP security at all. If you plan to maintain a better security system or even to gain knowledge on more elaborate, extensive infringements, this book will not deliver the goods. Technically, for a book on PHP, the author focuses way too much on IIS server-security, which is 90% irrelevant to PHP programmers.

The book guides you through building and strengthening a guest-book for a website. Now in spite of guest-books being almost extinct, this is a very simple example of PHP code, which plausibly doesn't require any intricate security mechanism. Hence the author almost excuses herself for not having gone TOO DEEP on security. Nevertheless, the author does not spare the reader when she verbosely describes general security topics.

If the author had indeed chosen to focus on a more implementable example and demonstrate viable security through and through, this would've been a really great book. So, if you're looking for more than Guest-Book intricacy, find something else.

5.0 out of 5 stars Got Hackers? This book will help you eliminate those pesks., October 30, 2009

By	Ryan Satterfield "The_missing_link" (On earth Part time.) - See all my reviews (REAL NAME)

I'm reading this book and several others on safari books online. I found it so good I thought I might as well share with amazon users how useful this book is. If you are developing any application in PHP and you plan to put it online you need to read this book. This book really opened my eyes to how dangerous PHP is without the proper security. I most definitely would recommend this book. I'm sure like any book not every little command and possibility is covered but it sure helps you gain an upper hand in security you most likely didn't have before reading the book.