Essential PHP Security Book Cover
Essential PHP Security by Chris Shiflett
About | Contents | Buy Now | Reviews | Errata | Code
  1. Foreword
  2. Preface
  1. Introduction
  2. Forms and URLs
  3. Databases and SQL
  4. Sessions and Cookies
  5. Includes
  6. Files and Commands
  7. Authentication and Authorization
  8. Shared Hosting
  1. Configuration Directives
  2. Functions
  3. Cryptography
  4. Index

Table of Contents

Essential PHP Security is organized into chapters that address specific topics related to PHP development. Each chapter is further divided into sections that cover the most common attacks related to a particular topic, and you are shown both how the attacks are initiated as well as how to protect your applications from them.

Chapter 1, Introduction

Gives an overview of security principles and best practices. This chapter provides the foundation for the rest of the book.

Chapter 2, Forms and URLs

Covers form processing and attacks such as cross-site scripting and cross-site request forgeries.

Read this chapter for free: ch02.pdf

Chapter 3, Databases and SQL

Focuses on using databases and attacks such as SQL injection.

Chapter 4, Sessions and Cookies

Explains PHP's session support and shows you how to protect your applications from attacks such as session fixation and session hijacking.

Read this chapter for free: ch04.pdf

Chapter 5, Includes

Covers the risks associated with the use of includes, such as backdoor URLs and code injection.

Chapter 6, Files and Commands

Discusses attacks such as filesystem traversal and command injection.

Chapter 7, Authentication and Authorization

Helps you create secure authentication and authorization mechanisms and protect your applications from things like brute force attacks and replay attacks.

Chapter 8, Shared Hosting

Explains the inherent risks associated with a shared hosting environment. You are shown how to avoid the exposure of your source code and session data, as well as how to protect your applications from attacks such as session injection.

Appendix A, Configuration Directives

Provides a short and focused list of configuration directives that deserve particular attention.

Appendix B, Functions

Offers a brief list of functions with which you should be concerned.

Appendix C, Cryptography

Focuses on symmetric cryptography and shows you how to safely store passwords and encrypt data in a database or session data store.