Skip to Content
Securing PHP Web Applications
book

Securing PHP Web Applications

by Tricia Ballad, William Ballad
December 2008
Intermediate to advanced
336 pages
6h 58m
English
Addison-Wesley Professional

Overview

Easy, Powerful Code Security Techniques for Every PHP Developer

Hackers specifically target PHP Web applications. Why? Because they know many of these apps are written by programmers with little or no experience or training in software security. Don’t be victimized. Securing PHP Web Applications will help you master the specific techniques, skills, and best practices you need to write rock-solid PHP code and harden the PHP software you’re already using.

Drawing on more than fifteen years of experience in Web development, security, and training, Tricia and William Ballad show how security flaws can find their way into PHP code, and they identify the most common security mistakes made by PHP developers. The authors present practical, specific solutions–techniques that are surprisingly easy to understand and use, no matter what level of PHP programming expertise you have.

Securing PHP Web Applications covers the most important aspects of PHP code security, from error handling and buffer overflows to input validation and filesystem access. The authors explode the myths that discourage PHP programmers from attempting to secure their code and teach you how to instinctively write more secure code without compromising your software’s performance or your own productivity.

Coverage includes

  • Designing secure applications from the very beginning–and plugging holes in applications you can’t rewrite from scratch

  • Defending against session hijacking, fixation, and poisoning attacks that PHP can’t resist on its own

  • Securing the servers your PHP code runs on, including specific guidance for Apache, MySQL, IIS/SQL Server, and more

  • Enforcing strict authentication and making the most of encryption

  • Preventing dangerous cross-site scripting (XSS) attacks

  • Systematically testing yourapplications for security, including detailed discussions of exploit testing and PHP test automation

  • Addressing known vulnerabilities in the third-party applications you’re already running

  • Tricia and William Ballad demystify PHP security by presenting realistic scenarios and code examples, practical checklists, detailed visuals, and more. Whether you write Web applications professionally or casually, or simply use someone else’s PHP scripts, you need this book–and you need it now, before the hackers find you!

    Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
    and much more.

    Read now

    Unlock full access

    More than 5,000 organizations count on O’Reilly

    AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

    QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
    Julian F.
    Head of Cybersecurity
    QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
    Addison B.
    Field Engineer
    QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
    Amir M.
    Data Platform Tech Lead
    QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
    Mark W.
    Embedded Software Engineer

    You might also like

    Securing PHP Apps

    Securing PHP Apps

    Ben Edmunds

    Publisher Resources

    ISBN: 9780321574312Purchase book