Review: Essential PHP Security

phpseccover

Even having being published in 2005, the book “Essential PHP Security” addresses a very up-to-date topic even today. Written by Chris Shiflett the book goes through various security aspects associated with a PHP application, for that reason even to today its content can be considered updated and applicable to various day to day situations faced by developers.

The book has a very easy going and exemplified approach to expose the various aspects presented. Aspects which are very clearly exposed and separated in chapters, going all the way from forms to includes and security in shared hosting environments. Each topic is analyzed in detail and internally divided into exploits and attack strategies for that security flaw, that way the book also becomes a easy to access reference book where its possible to go directly to the chapter that addresses the specific aspect you are coding right now, allowing you to know which flaws to look for. Further the introduction chapter presents Principles and Practice os Security which can be applied in any application and any language, like for example “Defense in Depth”, allowing you to glimpse the fact that security is much bigger than analyzing specific points of you application.

Even having a few years on it, the book addresses topic like XSS that play a important role in the AJAX driven web we observe nowadays. Also old friends like Session Hijacking and SQL Injection are analyzed from various points of view, aligned to the various segments of an application. This structure makes for a very light and enjoyable reading experience which can easily fit into these moments of relaxation or in the waiting room of the occasional visit to the doctor’s office (it worked for me anyway).

This book deserves to be part of any developers history (or shelf), at least to serve as a reminder and inspiration for reflection, even in a world where more and more Frameworks internalize all aspects of security, but as I always say, we developers should always know what goes on behind the curtains.

Essential PHP Security A Guide to Building Secure Web Applications

By Chris Shiflett October 2005 Pages: 124 ISBN 10: 0-596-00656-X | ISBN 13: 9780596006563

Tags:
comments powered by Disqus
PHP Magazine #6
Análise: Essential PHP Security

Related Posts

OpenAds - Gerenciamento de Banners OpenSource

OpenAds - Gerenciamento de Banners OpenSource

  • July 24, 2007

OpenAdsEu sou o tipo de pessoa que não ganha nem sorteio marcado de festa junina, então foi uma tremenda surpresa para mim receber um email da equipe OpenAds, dizendo que eu havia ganho uma camiseta.

Mas tudo indica que foi mais um golpe do destino do que apenas sorte. Acontece que quando recebi o contato do Oliver George da equipe OpenAds ele realizou uma pequena entrevista e acabamos por conversar além do que apenas sobre o sorteio.

Read More
Buscando Águias

Buscando Águias

  • August 21, 2006

Nesta Sexta-feira finalizei minha semana com um pouco de “iluminação”, participei de um Seminário extremamente interessante chamado “Buscando Águias” formulado por John Maxwell e apresentada por John Vereecken. Presidente da empresa Lidere a missão de Vereecken é promover a cultura de liderança na America latina, e é exatamente sobre este assunto que o seminário tratou. E seguindo a recomendação de John ao final da palestra, irei “espalhar o conhecimento e buscar águias”, por isso vou tenta relatar um pouco mais sobre como foi esta palestra.

Read More
HipHop for PHP: First look

HipHop for PHP: First look

  • February 6, 2010

Just this tuesday Facebook announced a ambitious project called “HipHop for PHP”, if you missed it general opinion says you have been coding PHP in a cave.

Read More