Search
 Advanced SearchView Cart   Checkout   
 Location:  Home » Books » Internet Security » Essential PHP SecurityJanuary 9, 2009  
Browse
Books
Computers
Electronics
Related Categories
• Internet Security
O'Reilly
By Publisher
Custom Stores
Specialty Stores
• General
Programming
O'Reilly
By Publisher
Custom Stores
• Web Programming
Programming
O'Reilly
By Publisher
Custom Stores
• Hacking
Business & Culture
Computers & Internet
Subjects
Books
• Privacy
Business & Culture
Computers & Internet
Subjects
Books
• Security
Business & Culture
Computers & Internet
Subjects
Books
• Security+
Exams
Certification Central
Computers & Internet
Subjects
• MySQL & mSQL
Specific Databases
Databases
Computers & Internet
Subjects
• Network Security
Networking
Computers & Internet
Subjects
Books
• General
Programming
Computers & Internet
Subjects
Books
• General AAS
Programming
Computers & Internet
Subjects
Books
• PHP
Programming
Web Development
Computers & Internet
Subjects
• General
Programming
Web Development
Computers & Internet
Subjects
• General AAS
Programming
Web Development
Computers & Internet
Subjects
• General
Computers & Internet
Subjects
Books
• General AAS
Computers & Internet
Subjects
Books
• Illustrated
Edition (format)
Refinements
Books
• Paperback
Binding (binding)
Refinements
Books
• Printed Books
Format (feature_browse-bin)
Refinements
Books
Essential PHP Security
Essential PHP Security
Author: Chris Shiflett
Publisher: O'Reilly Media, Inc.
Category: Book

List Price: $29.95
Buy New: $16.75
You Save: $13.20 (44%)
Buy New/Used from $16.00

Avg. Customer Rating: 4.0 out of 5 stars(16 reviews)
Sales Rank: 196302

Format: Illustrated
Languages: German (Original Language), English (Unknown), English (Published)
Media: Paperback
Edition: 1
Number Of Items: 1
Pages: 124
Shipping Weight (lbs): 0.5
Dimensions (in): 9.1 x 6.8 x 0.5

ISBN: 059600656X
Dewey Decimal Number: 005.8
EAN: 9780596006563
ASIN: 059600656X

Publication Date: October 13, 2005
Availability: Usually ships in 1-2 business days
Similar Items:

  • PHP Hacks: Tips & Tools For Creating Dynamic Websites
  • PHP Cookbook (Cookbooks (O'Reilly))
  • Pro PHP Security
  • Apache Security
  • php|architect's Guide to PHP Security|
Editorial Reviews:

Product Description
Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

  • Preventing cross-site scripting (XSS) vulnerabilities
  • Protecting against SQL injection attacks
  • Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.



Customer Reviews:   Read 11 more reviews...

2 out of 5 stars I wanted so much to love this book   December 31, 2008
I really wanted to write a glowing review of Mr. Shiflett's book, Essential PHP Security, but I can't help but dissapointed by the weaknesses.

The author's blog (http://shiflett.org/) and PHP security website (http://phpsec.org/) are good sources of information on PHP security and web creation in general. With the wisdom hinted at via his websites, I looked forward to more in depth insights and specifics in his book. Unfortunately for Mr. Shiflett, writing a book is not like writing 'bites' for a blog or marketing yourself as experienced and knowledgable. This book reads like an anthology of blog articles and seminar presentations and that weakness kills what should otherwise really be an essential text.

As another helpful reviewer pointed out, this book is a not appropriate for new PHP programmers. That reviewer also noted that it is precisely new initiates to PHP that need these lessons the most. The protective measures suggested in the book are presented superficially. The author highlights the vulnerability, but then only hints at a protective measure by providing a code snip-it which totally lacks context. Most novice readers expect examples of how to apply and integrate the suggested technique effectively and efficiently within the basics they already know.

Mr. Shiflett writes in his acknowledgements, "Written during one of the busiest years of my life ... [the people at O'reilly] have gone out of their way to make the entire process fit around my writing style and busy schedule."

Smoking gun?

For a full price book, the author had room, but perhaps not the desire to provide more substance. Concise does not have to be superficial. The book's main content is 85 pages -- followed by three appendices between pages 87 and 103. The index runs between pages 105 and 109. Substantive implementation details are missing and should have been included.

For example, in chapter 1 and later in chapter 2, the author recommends filtering input by identifying input, filtering the input, and distinguishing between filtered and unfiltered (tainted) data. This recommendation is explicitly explained twice in the book and repeated throughout. If you expect any examples demonstrating this in practical use, there are none. If you expect a class that exemplifies a way you might integrate this technique with your exsisting code, there is none. In other words, if you want to learn even remotely by example, you may be disappointed by this book.

As a last note, Appendix C talks briefly about cryptography in PHP. Based on this book, cryptography does not appear to be one of the author's strong areas of knowledge. For new PHP programmers who also work with SQL, Mr. Shiflett gives you just enough information to frustrate you (at best -- or hang yourself at worst). The author lists a number of other books and websites about cryptography on the first page of the Appendix. That is his best advice. Also take a look at http://www.openssl.org/ as an information resource.

In sum, I don't argue with the value of the hints Mr. Shiflett provides in his book, but this book is weak on substance and does not provide the examples necessary to teach the reader that the suggestions are practical for real implementation. Perhaps instead of this book, the many authors of the "How to PHP and MySQL" clone books need to integrate and implement these protective measures in their texts right from the start. Unfortunately, Mr. Shiflett's book does not bridge the existing gap. If you buy this book, expect to be searching other books and the web for ways to effectively and efficiently perform the tasks the author recommends. If you already know how to implement the measures, you probably did not need this book in the first place.



4 out of 5 stars Opened my eyes!   November 16, 2007
  1 out of 2 found this review helpful

While smaller than many O'Reilly titles the author wastes no time in helping the new PHP programmer write more secure code. Once you get the best practices in the first chapter down, the other seven chapters each deal with a specific class of vulnerability. You can read chapters 2-8 in any order, and you'll also spend some time with the appendices.

I confess, this book made me want to go back over my code and refactor it from the ground up! Chris gives really easy ways to prevent the more common attacks. A day to a day and a half to read this book and then build your habit library will take you far in building more secure PHP code.


1 out of 5 stars Overpriced   January 3, 2007
  3 out of 6 found this review helpful

Of the 103 pages in the book there are probably only 13 of unique information and 90 pages of saying the same exact thing over and over again. Worse yet, I found the author had already released the 13 pages of useful information online for free.

Definitely wish I had browsed this one in a store before I blew $30.



3 out of 5 stars Alright - not very meaty though   December 26, 2006
  2 out of 4 found this review helpful

Alright - not very meaty. Overall I'm glad I read it though, as I picked up some useful nuggets.

==========
Update 2006-12-30 - I'd like to bump this up to four stars. The book came in handy today - I used some code in it regarding session variables.


5 out of 5 stars PHP Security is a HUGE topic   September 27, 2006
  3 out of 6 found this review helpful

This book is essential for anyone starting out in PHP, but not only for them. It offers tips for almost any skill level, maybe you know some of the ways to keep your site secure but Chris really goes in depth on some of them.

The code snippets are short, simple, but convey the point exactly as intended... and I also like Chris's method for validating tainted data, similar to a fisherman. If the fish is bad throw it back and the same goes for user input.

I still have this book for reference and have lent it to a few people which resulted in them picking their own copies... all around a great resource.

Powered by: Dknc, inc. and Amazon.com


For your safety and security, orders are processed through amazon.com