- Series: Expert's Voice in Open Source
- Paperback: 368 pages
- Publisher: Apress; 2nd ed. edition (December 8, 2010)
- Language: English
- ISBN-10: 1430233184
- ISBN-13: 978-1430233183
- Product Dimensions: 7.5 x 0.8 x 9.2 inches
- Shipping Weight: 1.7 pounds (View shipping rates and policies)
- Average Customer Review: 4.2 out of 5 stars See all reviews (8 customer reviews)
- Amazon Best Sellers Rank: #369,803 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses (Expert's Voice in Open Source) 2nd ed. Edition
Use the Amazon App to scan ISBNs and compare prices.
See the Best Books of the Month
Want to know our Editors' picks for the best books of the month? Browse Best Books of the Month, featuring our favorite new books in more than a dozen categories.
Frequently bought together
Customers who bought this item also bought
About the Author
Chris Snyder is a software engineer at the Fund for the City of New York, where he helps develop next-generation websites and services for nonprofit organizations. He is a member of the executive board of New York PHP, and has been looking for new ways to build scriptable, linked, multimedia content since he saw his first Hypercard stack in 1988.
A bio is not available for this author.
Michael Southwell is a retired English professor who has been developing websites for more than 10 years in the small business, non-profit, and educational areas, with special interest in problems of accessibility. He has authored and co-authored eight books and numerous articles about writing, writing and computers, and writing education. He is a member of the executive board of New York PHP, and a Zend Certified Engineer.
Browse award-winning titles. See more
If you are a seller for this product, would you like to suggest updates through seller support?
Top Customer Reviews
- SQL injection: This book gives a great overview of what SQL injection is, how to identify vulnerabilities, how to fix them, and how to test your application
- Cross-site scripting: This was a good one for me. Much of the documentation on XSS is pretty vague. The authors did a good job of providing several detailed examples of cross-site scripting attacks, and how to defend against them.
- Validating and Sanitizing input: The authors really stress the importance of validating and sanitizing any input that comes into your application. They give examples of how to create validation libraries. However, one of my main disappointments with the book was that they failed to discuss PHP's filter_var functionality.
- Captchas: What they are and how to implement them.
- Securing RESTful services: Restricting access, authenticating and authorizing requests, and enforcing quotas and rate limits.
- How to secure UNIX
- How to secure your database
- Encryption: The authors discuss keeping your passwords safe by hashing, and how to protect other sensitive data by symmetrical or asymmetrical encryption
- SSL and SSH: Securing network connections via SSL and SSH. How to generate certificates and keys.
- Securing shared hosting
- Keeping production and development environments separate
- Keeping software up to date
These are just some of the focus areas of this book. It provides even more interesting and valuable information. While this book won't make you a security expert, it will put you well on the path of proper security-minded PHP coding.
If you bought the first edition of this book, you might be disappointment on how it was organized in the first edition; however, the second edition of this book will change your opinion forever. It is easy to follow, and the authors focus on only one specific area per chapter; as a result, it allows readers to focus on the specific security that they may either are not aware of the problems or want to get more in depth detail.
Overall, I think this book is not only good for the seasonal PHP programmers since they may only need some parts of security topics that related to their current projects but also good for the experience PHP programmer since they can use this book as reference.
I do not think this book is good for programmers who just start to learn PHP language since most of the topics in this book are for people who have worked in PHP for few years.
*This book does not even mention filter_var
*This link is by far much more useful.
All chapters have a brief explanation.
I recommend this to beginners.
This link is more useful
Pro? I wonder what Pro stand for