O'Reilly logo

Real-World Solutions for Developing High-Quality PHP Frameworks and Applications by Stefan Priebsch, Sebastian Bergmann

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 16. Security

Arne Blankerts

WHAT'S IN THIS CHAPTER?

  • Security defined

  • The Secure by Design paradigm

  • The Open Web Application Security Project's top 10 security risks

WHAT IS SECURITY?

When addressing the topic of security in the IT world, the first thing to do is define what the term "security" means and how customers as well as colleagues interpret it. If we were to ask politicians, security basically comes down to surveillance. And, of course, monitoring servers and infrastructure is a vital component, yet getting an alarm shows only one thing—that an attack has happened (and most likely was successful). Any type of surveillance or monitoring, by its very nature, triggers the alert but has no means to actually protect against it or the flaw in the application that made it possible. By this definition, monitoring is only one of many elements in a holistic security concept.

If we ask administrative IT staff what security means for them, the answer most probably goes in the direction of user accounting and permissions. It also covers the requirement to disable and remove unneeded services—so-called "hardening"—as well as applying strict firewall rules. Again, these answers are correct. But as already identified with surveillance, a secure infrastructure is not enough. Of course, it is of vital importance that the application, once developed, is executed in an environment that is trusted and relied upon. But even the best web application can't be secure if the database it connects ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required