Enjoy fast, FREE delivery, exclusive deals and award-winning movies & TV shows with Prime
Try Prime and start saving today with Fast, FREE Delivery

List Price: $29.95 Details

Save: $13.46 (45%)

Get Fast, Free Shipping with Amazon Prime FREE Returns

FREE delivery Wednesday, June 7 on orders shipped by Amazon over $25

Select delivery location

In Stock

[{"displayPrice":"$16.49","priceAmount":16.49,"currencySymbol":"$","integerValue":"16","decimalSeparator":".","fractionalValue":"49","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"k5VCGyUHH3cTZkH8IBTgf%2F2A%2FT42Z3wT%2FKrDXjJOObDvF1RYnx%2BOHEubcgeXzETxuXHC9TtR%2BKaTIJakDLILR2TXwJrLgXdwIyIX8hla7Dxdxo725rNXWEz%2BNdYpbduwS%2F1uRYxuYNI%3D","locale":"en-US","buyingOptionType":"NEW"},{"displayPrice":"$10.99","priceAmount":10.99,"currencySymbol":"$","integerValue":"10","decimalSeparator":".","fractionalValue":"99","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"k5VCGyUHH3cTZkH8IBTgf%2F2A%2FT42Z3wTUJlFnnNexiRLCwueft9jT%2BYuhL2dUeMFU4b8UZI55vQhwXF%2B8ECWinxLpG0yKAYuuG3Oo29AdwrkSrmXwL%2BYEocytZ5KFBw0MleIdqeodrOTcFfmznSqYVbxUeAFpKbI3Sr4HsTu0vebkIv%2BUwFSbibh%2F6BCGDPQ","locale":"en-US","buyingOptionType":"USED"}]

$$16.49 () Includes selected options. Includes initial monthly payment and selected options. Details

Payment

Secure transaction

Ships from

Amazon.com

Sold by

Amazon.com

Returns

Eligible for Return, Refund or Replacement within 30 days of receipt

Details

Payment

Secure transaction

We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more

Ships from

Amazon.com

Sold by

Amazon.com

Returns

Eligible for Return, Refund or Replacement within 30 days of receipt

This item can be returned in its original condition for a full refund or replacement within 30 days of receipt.

Read full return policy

Add a gift receipt for easy returns

Get Fast, Free Shipping with Amazon Prime

FREE delivery Tuesday, June 6 on orders shipped by Amazon over $25. Order within 3 hrs 24 mins

Select delivery location

Used: Good | Details

Sold by GREENWORLD BOOKS

Fulfilled by Amazon

Access codes and supplements are not guaranteed with used items.

Have one to sell?

Sell on Amazon

Other Sellers on Amazon

Added

Not added

$23.51
& FREE Shipping

Sold by: Books Unplugged

Added

Not added

$24.87
+ $3.99 shipping

Sold by: BunkoBooks

Flip to back Flip to front

Listen Playing... Paused You're listening to a sample of the Audible audio edition.
Learn more

See all 2 images

Follow the Author

Chris Shiflett

Essential PHP Security 1st Edition

by Chris Shiflett (Author)

4.3 54 ratings

See all formats and editions

Price

New from

Used from

Paperback, Illustrated

"Please retry"

$16.49

$11.58

$4.69

Paperback
$10.99 - $16.49

26 Used from $4.69 18 New from $11.58

Purchase options and add-ons

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

Preventing cross-site scripting (XSS) vulnerabilities
Protecting against SQL injection attacks
Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

ISBN-10

059600656X
ISBN-13

978-0596006563
Edition

1st
Publisher

O'Reilly Media
Publication date

October 23, 2005
Language

English
Dimensions

7 x 0.28 x 9.19 inches
Print length

126 pages
See all details

Frequently bought together

$16.49

Get it as soon as Wednesday, Jun 7

In Stock.

Ships from and sold by Amazon.com.

+

Web Application Security: Exploitation and Countermeasures for Modern Web Applications

$31.99

Get it as soon as Tuesday, Jun 6

In Stock.

Ships from and sold by Amazon.com.

Total price:

To see our price, add these items to your cart.

Try again!

Details

Added to Cart

Choose items to buy together.

Mike McGrath
22
Paperback
57 offers from $6.79

Editorial Reviews

About the Author

Chris Shiflett, an internationally recognized expert in the field of PHP security, is the founder and President of Brain Bulb, a PHP consultancy. Chris has been developing web applications with PHP for several years and regularly speaks at OSCON, ApacheCon, and PHP users conferences in North America. He is the author of the HTTP Developer's Handbook (Sams) and writes frequently about web application security. As an open source advocate, he maintains several open source projects and is a member of the PHP development team.

Product details

Publisher ‏ : ‎ O'Reilly Media; 1st edition (October 23, 2005)
Language ‏ : ‎ English
Paperback ‏ : ‎ 126 pages
ISBN-10 ‏ : ‎ 059600656X
ISBN-13 ‏ : ‎ 978-0596006563
Item Weight ‏ : ‎ 7.9 ounces
Dimensions ‏ : ‎ 7 x 0.28 x 9.19 inches

Best Sellers Rank: #930,063 in Books (See Top 100 in Books)
- #519 in Privacy & Online Safety
- #654 in Computer Hacking
- #1,440 in Internet & Telecommunications

Customer Reviews:
4.3 54 ratings

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Videos

Help others learn more about this product by uploading a video!

Upload your video

About the author

Follow authors to get new release updates, plus improved recommendations.

Chris Shiflett

Brief content visible, double tap to read full content.

Full content visible, double tap to read brief content.

Discover more of the author’s books, see similar authors, read author blogs and more

Customer reviews

4.3 out of 5

54 global ratings

5 star		62%
4 star		18%
3 star		14%
2 star		2%
1 star		4%

How customer reviews and ratings work

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Glenn Hostetler

IT MAY BE SHORT, BUT SIZE DOESN'T MATTER!

Reviewed in the United States 🇺🇸 on October 7, 2009

Verified Purchase

The book is only 85 pages long (if you take out the Appendices and filler material). That alone gets it four out of five stars. Well... not really... but there's a lot to be said for producing a book that will actually get read. You can read the whole thing in one bathroom sitting, assuming you just returned from Mexico. By comparison, similar books like "Pro PHP Security" by Chris Snyder and Michael Southwell (also a very good book) are more along the lines of 500 pages and such books are intended as comprehensive reference books rather than tutorials. You'd have to eat at a restaurant in North Korea to get all the way through the Pro PHP Security book. Seriously though - the criticisms of this book primarily pretain to its lack of detail - but I'd rather actually finish a high level book than have a detailed book sit on my shelf unread.

Chris' book is great. It's chocked full of easy to understand explanations and little five line code fragments to demonstrate what he's explaining. Sure enough, if you read the whole thing, you'll understand the essentials of PHP Security. Hey - perhaps that explains the title?

Do I need this book if my company already uses web scanning security software? Yes - you won't understand the problems that those products identify if you don't understand PHP security basics. If you don't understand reported errors, You'll be tempted to ignore or suppress warnings that you don't understand. Chris' book will give you the knowledge that you need in a few easy to follow pages.

There are a few ommissions. They include:

OMISSION #1: The book should mention somewhere that many of the security vulnerabilities it describes are not unique to PHP - especially big ones like cross-site scripting and SQL injection. While PHP has some vulnerabilities that other languages do not (and vis-versa), Java, C#, Ruby, and all the other server-side languages can also be attacked with cross-site scripting, SQL injection, session spoofing, cookie theft, backdoor URLs, etc., etc.

OMISSION #2: The book would have benefited from the addition of a page of system administration best practices to improve security rather than confining itself only to coding best practices. For example, it's easy for developers to accidentally open security holes by making very small changes to the PHP.ini file. A good best practice is to use the operating system to restrict access to that file in the production environment. Or it would have good to see Chris distill role-based security administration policies, logging, or remote procedure call policies down to just the most important principles. He has a knack for filtering out the noise, and if he had added that additional 86th page, I swear I would have read it too.

OMISSION #3: It's worth mentioning how modular design has a very big impact on the number of vulnerabilities inside an application. This is especially important for PHP, because PHP code is often a little more haphazard than code written in other languages - primarily because of the culture that surrounds PHP but also for a few other reasons (we cover those reasons in the PHP Chapter of our own book on the strengths and weaknesses of various technologies).

Bottom line:

These criticisms are very minor. The book is short, easy-to-read, and filled with information that is absolutely essential to know if you are to responsibly deploy a server-side PHP application. Look at the table of contents. If you're not familiar with those terms, you'd better get the book.

Glenn Hostetler
Web Service and SOA Technologies

4 people found this helpful

Helpful

Nate Klaiber

Essential for the Beginner or Advanced PHP developer

Reviewed in the United States 🇺🇸 on April 11, 2006

Verified Purchase

As a very security conscious developer, I found this book to be a GREAT resource to my library. Though the book is short in length, it is very rich in content. Chris does a GREAT job of presenting the problem (citing specific examples of the exploits), showing the pitfalls, and then presenting the solutions.

He is very thorough in his descriptions, and his easy to understand writing and use of analogies made this a very simple concept to grasp. If you are a seasoned PHP developer, or just beginning programming PHP - his writing style helps you to understand the underlying attack, visuals to see it in action, and how to prevent being attacked - it is very simple, yet deep.

Reading this book has helped me to see where my applications may fall short, and what I can do to protect them. Especially in the realm of PHP developers, there are MANY Open Source options out there, and many of them lack the security that is mentioned in the chapters of this book. Don't let yourself get caught!

I recommend this book, and performing an audit of your own work. Excellent book!

3 people found this helpful

Helpful

S. Hickey

Okay for Novices

Reviewed in the United States 🇺🇸 on November 23, 2005

Verified Purchase

As far as technical books go, I liked this one. It really does get right to the point, and doesn't waste any time. But I do want to warn potential buyers that the book doesn't contain anything new to those who've been around the block a couple times. I'd say this book would only be informative to novice PHP programmers.

I've been programming with PHP for a few years now, and even when I read a book aimed at novices I usually learn something, or I'm at least reminded of some issues that I hadn't thought about in a while. I can't say the same about this book. I read it front to back within an hour, and didn't learn anything new, nor will it provide any kind of reference for future projects.

Overall I was disappointed, but that isn't necessarily the author's fault. I was just expecting something more in-depth.

17 people found this helpful

Helpful

Darius

Loved it!

Reviewed in the United States 🇺🇸 on October 17, 2011

Verified Purchase

There were some very good best practices in this book that I immediately adopted. I'm sure most people who would be interested in this book (experienced to advanced developers) have heard many of the best practice concepts in this book before from various sources, however I've yet to see someone develop a method to handling these ideas.

It was a shorter book than I was expecting (yes, that's my goof for not noticing the page count when I purchased it) however I'm glad that I didn't notice that fact before purchasing otherwise I might have overlooked it as more of a reference book rather than a teaching book. I was very happy with the book and would recommend it to anyone interested in some solid best practices for PHP security.

Helpful

Moses

good php security book but not clear at times

Reviewed in the United States 🇺🇸 on May 16, 2010

Verified Purchase

It is a good book, in mu opinion, but not a great one. The author was not clear at times at all and/or was much too terse. One may have to use this book in conjunction with some internet research in order to go over the concepts that were not so well explained. Overall, the book does serve its purpose, which is, i believe, to give a very good overview of the PHP and PHP related security issues, as well as to provide recommendations how to make a PHp application 'more secure'.

Helpful

Top reviews from other countries

Translate all reviews to English

Kristcr

Very quick!

Reviewed in the United Kingdom 🇬🇧 on March 18, 2021

Verified Purchase

Exactly what I needed!

Kate

Security advice that is useful for non-PHP programers too

Reviewed in the United Kingdom 🇬🇧 on October 24, 2009

Verified Purchase

I've found this book useful because it explained to me how certain vulnerabilities can arise. That is handy to know whatever language you are writing in. The solutions the author suggests can also be employed outside of PHP.

I agree with most of the comments of the other reviewers so I won't bore you by repeating them.

It may only be 100 pages but it's well worth the price if you need educating about web security.

Darren

An essential checklist, but there is more ...

Reviewed in the United Kingdom 🇬🇧 on October 31, 2011

Verified Purchase

This book is by no means a tome and was probably written for kindle first.

That said, it highlights a lot of the important concepts of filter input and escape output. If you do that, you've probably covered 85% of the problems.

The book also covers cookie interception and SQL injection, but the Internet will also give the same.

It won't take long to read the book, but perhaps as long as your code is written with 'security in depth' again you're most of the way there.

Given four stars for what's in the book, but more guidance and examples would have been welcome.

Heather

compact but perfect

Reviewed in the United Kingdom 🇬🇧 on February 24, 2011

Verified Purchase

One of the problems with computing books tends to be they ramble on, and on and on.... But not this one. It short, very short. But perfect for that. It doesn't tell you about the history of PHP, it doesn't sell PHP as a scripting language, it tells shows you how to protect your site from being attacked. It's not an in depth security book, it's a very practical guide to help you a developer build (and maintain) a site in a secure way. Nothing more nothing less, if you ever use PHP buy this book, and spend an afternoon reading it, then the next week fixing the holes in what you thought was a secure site.

Marco

piccolo ma ricco di spunti

Reviewed in Italy 🇮🇹 on August 5, 2017

Verified Purchase

Il libro non ha moltissime pagine, tuttavia illustra in pochi semplici passi gli errori più comuni legati alla sicurezza e propone esempi di codice PHP per rendere più sicure le nostre pagine.
Se partiamo dal concetto che la sicurezza non è un optional, questo libro pone le basi per iniziare a proteggere i nostri siti dagli attacchi più ricorrenti.
Molto illuminante!
Lo consiglio a tutti i programmatori che utilizzano PHP per programmare i propri siti.

Translate review to English

See all reviews

Amazon Music Stream millions of songs	Amazon Advertising Find, attract, and engage customers	6pm Score deals on fashion brands	AbeBooks Books, art & collectibles	ACX Audiobook Publishing Made Easy	Sell on Amazon Start a Selling Account

Amazon Business Everything For Your Business	Amazon Fresh Groceries & More Right To Your Door	AmazonGlobal Ship Orders Internationally	Home Services Experienced Pros Happiness Guarantee	Amazon Ignite Sell your original Digital Educational Resources	Amazon Web Services Scalable Cloud Computing Services

Audible Listen to Books & Original Audio Performances	Book Depository Books With Free Delivery Worldwide	Box Office Mojo Find Movie Box Office Data	ComiXology Thousands of Digital Comics	DPReview Digital Photography	Fabric Sewing, Quilting & Knitting

Goodreads Book reviews & recommendations	IMDb Movies, TV & Celebrities	IMDbPro Get Info Entertainment Professionals Need	Kindle Direct Publishing Indie Digital & Print Publishing Made Easy	Amazon Photos Unlimited Photo Storage Free With Prime	Prime Video Direct Video Distribution Made Easy

Shopbop Designer Fashion Brands	Amazon Warehouse Great Deals on Quality Used Products	Whole Foods Market America’s Healthiest Grocery Store	Woot! Deals and Shenanigans	Zappos Shoes & Clothing	Ring Smart Home Security Systems

eero WiFi Stream 4K Video in Every Room	Blink Smart Security for Every Home	Neighbors App Real-Time Crime & Safety Alerts	Amazon Subscription Boxes Top subscription boxes – right to your door	PillPack Pharmacy Simplified	Amazon Renewed Like-new products you can trust

Amazon Prime includes:

Buy new: $16.49$16.49 FREE delivery: Wednesday, June 7 on orders over $25.00 shipped by Amazon. Ships from: Amazon.com Sold by: Amazon.com

Buy used: $10.99

Other Sellers on Amazon

Follow the Author

Essential PHP Security 1st Edition

Purchase options and add-ons

Frequently bought together

Customers who viewed this item also viewed

Editorial Reviews

About the Author

Product details

Videos

About the author

Chris Shiflett

Customer reviews

Top reviews from the United States

There was a problem filtering reviews right now. Please try again later.

Top reviews from other countries

Buy new:

$16.49

FREE delivery: Wednesday, June 7 on orders over $25.00 shipped by Amazon.

Ships from: Amazon.com

Sold by: Amazon.com

Buy used:

$10.99