Skip to content
Cart (0) Free shipping over $35*
Buybacks (0) Free shipping on buybacks
loading
Help Contact
Return rental ›

Pro PHP Security

Best in textbook rentals since 2012!

ISBN-10: 1590595084

ISBN-13: 9781590595084

Edition: 2005

Authors: Chris Snyder, Michael Southwell

List price: $44.99
Blue ribbon 30 day, 100% satisfaction guarantee!
Marketplace
3 new & used from $7.41
what's this?
Rush Rewards U
Members Receive:
Carrot Coin icon
XP icon
You have reached 400 XP and carrot coins. That is the daily max!

Description:

"Pro PHP Security is one of the first books devoted solely to PHP security. It will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. (And the methods discussed are compatible with PHP versions 3, 4, and 5.) The knowledge you'll gain from this comprehensive guide will help you prevent attackers from potentially disrupting site operation or destroying data. And you'll learn about various security measures, for example, creating and deploying "captchas," validating e-mail, fending off SQL injection attacks, and preventing cross-site scripting attempts.
Customers also bought

Book details

List price: $44.99
Copyright year: 2005
Publisher: Apress L. P.
Publication date: 8/23/2006
Binding: Paperback
Pages: 528
Size: 7.00" wide x 9.25" long x 1.07" tall
Weight: 2.178
Language: English

Chris Snyder worked for superagent Iris Burton in Hollywood for many years. He lives in Los Angeles, CA.

About the Authors
About the Technical Reviewer
Acknowledgments
Introduction
The Importance of Security
Why Is Secure Programming a Concern?
What Is Computer Security?
Why Absolute Computer Security Is Impossible
What Kinds of Attacks Are Web Applications Vulnerable To?
Summary
Maintaining a Secure Environment
Dealing with Shared Hosts
What Are the Dangers of Shared Hosting?
An Inventory of Effects
Minimizing System-level Problems
A Reasonable Standard of Protection for Multiuser Hosts
Virtual Machines: A Safer Alternative to Traditional Virtual Hosting
Shared Hosts from a System Administrator's Point of View
Summary
Maintaining Separate Development and Production Environments
Why Separate Development and Production Servers?
Effective Production Server Security
Summary
Keeping Software Up to Date
Installing Programs
Updating Software
Summary
Using Encryption I: Theory
Encryption vs. Hashing
Recommended Encryption Algorithms
Recommended Hash Functions
Related Algorithms
Random Numbers
Blocks, Modes, and Initialization Vectors
US Government Restrictions on Exporting Encryption Algorithms
Summary
Using Encryption II: Practice
Protecting Passwords
Protecting Sensitive Data
Verifying Important or At-risk Data
Summary
Securing Network Connections I: SSL
Definitions
The SSL Protocols
Providing SSL on Your Servers
Connecting to SSL Servers Using PHP
Summary
Securing Network Connections II: SSH
Definitions
Using OpenSSH for Secure Shell
The Value of Secure Connections
Summary
Controlling Access I: Authentication
Authentication
HTTP Authentication
Two-factor Authentication
Single Sign-On Authentication
Summary
Controlling Access II: Permissions and Restrictions
Unix Filesystem Permissions
Protecting the System from Itself
Protecting Databases
PHP Safe Mode
Summary
Practicing Secure PHP Programming
Validating User Input
What to Look For
Strategies for Validating User Input in PHP
Testing Input Validation
Summary
Preventing SQL Injection
What SQL Injection Is
How SQL Injection Works
PHP and MySQL Injection
Preventing SQL Injection
Test Your Protection Against Injection
Summary
Preventing Cross-Site Scripting
How XSS Works
A Sampler of XSS Techniques
Preventing XSS
Test for Protection Against XSS Abuse
Summary
Preventing Remote Execution
How Remote Execution Works
The Dangers of Remote Execution
Strategies for Preventing Remote Execution
Testing for Remote Execution Vulnerabilities
Summary
Enforcing Security for Temporary Files
The Functions of Temporary Files
Characteristics of Temporary Files
Preventing Temporary File Abuse
Test Your Protection Against Hijacking
Summary
Preventing Session Hijacking
How Persistent Sessions Work
Abuse of Sessions
Preventing Session Abuse
Test for Protection Against Session Abuse
Summary
Practicing Secure Operations
Allowing Only Human Users
Background
Kinds of Captchas
Creating an Effective Captcha Test Using PHP
Attacks on Captcha Challenges
Potential Problems in Using Captchas
Summary
Verifying Your Users' Identities
Identity Verification
Who Are the Abusers?
Using a Working Email Address for Identity Verification
When a Working Mailbox Isn't Enough
Summary
Using Roles to Authorize Actions
Application Access Control Strategies
Roles-based Access Control
Authorization Based on Roles
Making RBAC Work
Summary
Adding Accountability to Track Your Users
A Review of System-level Accountability
Basic Application Logging
Specialized Application Logging
Generating Usage Reports
Summary
Preventing Data Loss
Preventing Accidental Corruption
Avoiding Record Deletion
Versioning
Creating a Versioned Database Filestore
Summary
Safely Executing System Commands
Dangerous Operations
Making Dangerous Operations Safe
Implementation Strategies
Summary
Handling Remote Procedure Calls Safely
RPC and Web Services
Keeping a Web Services Interface Secure
Making Subrequests Safely
Summary
Taking Advantage of Peer Review
The Bazaar Model for Software Development
Security Benefits of Open Source Code
Open Source Practicalities
Effective Bug Reporting
Applying Open Source Principles to This Book
Index
  • TextbookRush.com BBB Business Review
  • Trustpilot
Like TextbookRush on Facebook Follow TextbookRush on X Follow TextbookRush on Instagram Subscribe to TextbookRush on YouTube Follow TextbookRush on Pinterest Add TextbookRush on Snapchat Add TextbookRush on TikTok
© 2002-2024 TextbookRush
Subscribe