O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Web Security 2016

Book Description

This anthology collects articles first published in php[architec magazine. Each one touches on a security topic to help you harden and secure your PHP and web applications.

Table of Contents

  1. Introduction
  2. 1 Is Your Website Secure from Hackers?
    1. 1.1 Authentication and Authorization
    2. 1.2 Database Interaction
    3. 1.3 Files and Resources
    4. 1.4 CMS, Framework, and Other Components
    5. 1.5 Final Note
    6. 1.6 Additional resources
  3. 2 Basic Intrusion Detection with Expose
    1. 2.1 What Is an IDS and Why You Should Use One
    2. 2.2 Advantages, Limitations, and Disadvantages of Expose
    3. 2.3 Expose Installation Run Through
    4. 2.4 Logging, Alerting, and Thresholds
    5. 2.5 Next Steps
    6. 2.6 Conclusion
  4. 3 Leveling Up: DeLoreans, Data, and Hacking Sites
    1. 3.1 Introduction
    2. 3.2 What Is SQLi?
    3. 3.3 Identifying Potential SQL Injection
    4. 3.4 Hacking Your Own Sites
    5. 3.5 Prepared Statements
    6. 3.6 Conclusion
  5. 4 Drupal Security: How Open Source Strengths Manage Software Vulnerabilities
    1. 4.1 Drupal 8
    2. 4.2 Keeping a Drupal Site Secure
    3. 4.3 Drupal Security Team
    4. 4.4 Software Vulnerabilities
    5. 4.5 Reporting a Drupal Security Issue
    6. 4.6 Handling Drupal Security Issues
    7. 4.7 Security Advisory
    8. 4.8 The Drupal Security Team Welcomes New Members
    9. 4.9 Open Source
  6. 5 Mastering OAuth 2.0
    1. 5.1 Let’s Jump In
    2. 5.2 Preparing for OAuth
    3. 5.3 Integrating with Instagram
    4. 5.4 A Brief History of Web Authorization
    5. 5.5 What is OAuth 2.0?
    6. 5.6 Toward a More Secure Web
  7. 6 Keep Your Passwords Hashed and Salted
    1. 6.1 Introduction
    2. 6.2 Rule One: No Plain Text
    3. 6.3 What is Hashing?
    4. 6.4 How to Use Hashes
    5. 6.5 Techniques Crackers Employ to Break Hashes
    6. 6.6 Salting Passwords
    7. 6.7 Use Proper Salt
    8. 6.8 Hashing Algorithms
    9. 6.9 Better Algorithms
    10. 6.10 Hashing in PHP
    11. 6.11 Password-Related Functions in Modern PHP
    12. 6.12 Summary
  8. 7 Learn from the Enemy: Securing Your Web Services, Part One
    1. 7.1 It Happens
    2. 7.2 Web Services are Different
    3. 7.3 Learn from the Master
    4. 7.4 Looking Forward
    5. 7.5 Additional Reading
  9. 8 Security Architecture: Securing your Web Services, Part Two
    1. 8.1 Web Service Security
    2. 8.2 Your Security Architecture
    3. 8.3 Security Implementation
  10. 9 Implementing Cryptography
    1. 9.1 Use the Encryption Library
    2. 9.2 Randomness
    3. 9.3 Using Randomness
    4. 9.4 The Session Token
    5. 9.5 Encrypting and Decrypting a String
    6. 9.6 Involving Experts
    7. 9.7 Additional Reading
  11. Contributors
  12. Permissions
  13. Credits