Publisher’s Description
PHP is one of the most popular programming languages in use today. It is highly flexible in building dynamic, database-driven web applications. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.
Essential PHP Security explains the most common types of attacks and how to write code that isn’t susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you deploy.
In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.
Topics covered include:
- Preventing cross-site scripting (XSS) vulnerabilities
- Protecting against SQL injection attacks
- Complicating session hijacking attempts
Praise
This is nothing short of a seminal work on web application security as it applies specifically to PHP.
If you want to write secure apps in PHP, you need this book.
Chris Shiflett has definitely created a masterpiece that I personally believe only he is capable of.
Overall, for PHP developers, I give this a solid 10.
Visit the companion web site for sample chapters and more reviews.