Essential PHP Security

€ 27,99
Lieferbar innert 2 Wochen
Oktober 2005



Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.Topics covered include: Preventing cross-site scripting (XSS) vulnerabilities Protecting against SQL injection attacks Complicating sessionhijacking attemptsYou are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.


Foreword Preface 1. Introduction PHP Features Principles Practices 2. Forms and URLs Forms and Data Semantic URL Attacks File Upload Attacks Cross-Site Scripting Cross-Site Request Forgeries Spoofed Form Submissions Spoofed HTTP Requests 3. Databases and SQL Exposed Access Credentials SQL Injection Exposed Data 4. Sessions and Cookies Cookie Theft Exposed Session Data Session Fixation Session Hijacking 5. Includes Exposed Source Code Backdoor URLs Filename Manipulation Code Injection 6. Files and Commands Traversing the Filesystem Remote File Risks Command Injection 7. Authentication and Authorization Brute Force Attacks Password Sniffing Replay Attacks Persistent Logins 8. Shared Hosting Exposed Source Code Exposed Session Data Session Injection Filesystem Browsing Safe Mode A. Configuration Directives B. Functions C. Cryptography Index


Chris Shiflett is a creative web developer who loves making web sites. He is a thought leader in the PHP and web application security communities¿-¿a widely-read blogger at shiflett.org, a popular speaker at industry conferences worldwide, and the founder of the PHP Security Consortium.
His books include the critically-acclaimed Essential PHP Security (O'Reilly) and HTTP Developer's Handbook (Sams). His writing has also appeared in a number of other popular books including Programming PHP (O'Reilly), PHP Cookbook (O'Reilly), and PHP in Action (Manning).


"Das Buch beschränkt sich klar auf mit PHP im Zusammenhang stehende Gefahren im Anwendungsentwurf. Dies ermöglicht ein kompaktes Buch, welches sich [...] auf das Essentielle beschränkt. Seine Programmbeispiele sind kurz, sauber strukturiert , folgen den üblichen Konventionen und lassen erkennen, warum bei sicherem Programmieren 'simple is beauty' gilt. [...] Wer vorhat, eine auf PHP basierte Webapplikation zu entwickeln und nicht weiß wie 'cross-site scripting', 'SQL injection' und 'session hijacking' funktioniert, bekommt in Chris Shifletts Essential PHP Security sowohl Funktionsweise als auch die Verteidigung kurz und präzise erklärt." - Bernd Pommerehne, Linux Usergroup der Studentensiedlung Freiburg, März 2006
Lesen Sie die ausführliche Rezension unter: http://linux.studentensiedlung.de/books/php_security.php
"Dieser Band sollte letztlich in keinem Regal eines PHP-Programmierers fehlen - und von ebendiesen natürlich auch gelesen und beherzigt werden." - Christian Kahle, blog.de.internet.com, Dezember 2005
EAN: 9780596006563
ISBN: 059600656X
Untertitel: 1, black & white illustrations. Sprache: Englisch.
Verlag: O'Reilly Media, Inc, USA
Erscheinungsdatum: Oktober 2005
Seitenanzahl: 124 Seiten
Format: kartoniert
Es gibt zu diesem Artikel noch keine Bewertungen.Kundenbewertung schreiben