Essential PHP Security

While only a small book (fortunately) it covers all of the major areas of security and presents you with techniques for blocking (or at least minimizing the effects of) an attack against your code. A must have book for any PHP programmer.

My Rating: yesyesyesyesyes

Pros

Cons

Description

Review

As this book says right at the start, it is not PHP itself that is insecure, it is the way that people write their PHP applications that make their script more or less secure. In this book the author discusses PHP coding and security with respect to a number of areas, each having its own chapter.

Each chapter discusses a number of ways in which your code could be potentially vulnerable to attack and then presents you with methods of writing that code which will block all (or at least most) such attacks while minimizing the impact that the security code has on the use of your script by your legitimate visitors. Sample code snippets are provided in the book to demonstrate how to apply many of the techniques being discussed. Of course the exact implementation in your particular script is dependent on the requirements of the script and so the actual implementation of the security suggestions into your script are left to you.

There is no plug and play solution when it comes to security. Sure you can find pieces of PHP code on the internet which can be plugged into your script to protect against specific attacks but the author does not advocate this approach. Instead the book presents a selection of defensive coding techniques that should dramatically improve the security of your script in the first place and make the use of such plug and play code completely unnecessary as your code will already block not only the specific exploit covered by the code but also many possible variations on that method of attack.

This book presents much more than just a way to secure your code against a list of known and potential exploits. It presents an approach to writing your scripts where security is an integral part of the script design process rather than being tacked on as an afterthought.

More Information from the Publisher

 

This article written by Stephen Chapman, Felgall Pty Ltd.

go to top

FaceBook Follow
Twitter Follow
Donate