Pro PHP Security is arguably the most comprehensive PHP security book available, and is highly recommended to any developer or administrator of a PHP-based Web site.
— Michael J. Ross, Web developer/Slashdot contributor
Pro PHP Security is one of the first books devoted solely to PHP security. It will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. (And the methods discussed are compatible with PHP versions 3, 4, and 5.)
The knowledge you'll gain from this comprehensive guide will help you prevent attackers from potentially disrupting site operation or destroying data. And you'll learn about various security measures, for example, creating and deploying 'captchas,' validating e-mail, fending off SQL injection attacks, and preventing cross-site scripting attempts.
Customer Reviews
Average Rating:
Rating: - Securing systems & Securing code
I found Pro PHP Security a very informative book. I received this book around the same time that I began developing online financial software. This book lived up to the name and answered a lot of my questions.
I found the chapter on encryption and hashing very interesting. I knew what each system of protection accomplished but not how. Next the authors proceeded to discuss Secure Sockets Layer (SSL) and how certificates are created. It was fun to be able to create my own certificate ... Read More
Rating: - Good info, not many solutions
Like the title states this book tells you about a lot of security issues you should be aware of, but doesn't go in depth for many solutions. Especially xss which is the only reason i bought the book. For how much the book costs i figured it would include some really good php solutions. I mean the thing is in black and white, what's with the price tag that doesn't tell me anything that i can't find on the web.
Rating: - Very little about PHP security at all
The book is entitled PHP security. But the actual content covers very little PHP at
all: less than 20 percent. It tries to cover everything from UNIX permission,SSH
and all other security issues, but really doesn't have much to do with PHP. So I
think the title is highly misleading. For someone interested in the general
security issues, it might be a fine book. But not for programmers want to know
the security about PHP.
Rating: - Unless you're already well-versed in the topic ...
Unless you're already very well-versed in the subject matter, ( sql injection, cross-site scripting, session hijacking, remote execution, sanitizing user data/input, ssh, encryption, ssl, dangers of shared-host scenarios, bulletproofing db installations, user verification, captchas, remote procedure calls ) this material is relatively comprehensive and valuable. Well-organized, well thought out, I won't hesitate to recommend this one.
Rating: - Finally a good book on PHP security issues
PHP applications written without a concern for security risk cross-site scripting, SQL injection, session hijacking, and a multitude of other potential problems. This book examines how to setup a secure environment including encryption, hashing, SSL and using PHP to connect to SSL servers. The authors also examine how to install and configure OpenSSH and using it with PHP applications. Of course they also deal with the usual concerns of user authentication, permissions, restrictions, validating input, ... Read More
- Good info, not many solutions
- Very little about PHP security at all
- Finally a good book on PHP security issues
