Essential PHP Security Book Cover
Essential PHP Security by Chris Shiflett
About | Contents | Buy Now | Reviews | Errata | Code
  1. Foreword
  2. Preface
  1. Introduction
  2. Forms and URLs
  3. Databases and SQL
  4. Sessions and Cookies
  5. Includes
  6. Files and Commands
  7. Authentication and Authorization
  8. Shared Hosting
  1. Configuration Directives
  2. Functions
  3. Cryptography
  4. Index

Reader Reviews

Chris Shiflett has definitely created a masterpiece that I personally believe only he is capable of. His experience and precise, easy-to-read manner of writing are unparalleled when it comes to PHP security.

This book will definitely be a long-term desktop reference for me and mandatory reading for all the PHP developers in my work place.

Davey Shafik, Pixelated Dreams

This is nothing short of a seminal work on web application security as it applies specifically to PHP. I intend to make it required reading in my department and recommend it highly to colleagues in other companies developing web applications in PHP.

Robert Peake, Robert Peake's Blog

This long-awaited work from whom many refer to as the guru of PHP security is finally out.

Sam Keen,

Chris very clearly presents the most common styles of web application attacks and explains how they work, what you should look out for, and how to defend against them.

Wez Furlong, Evil, as in Dr.

Chris has created a very concise and easy-to-read guide to web application security.

For anyone who's ever attended one of Chris's talks on PHP security, this is the ultimate companion. For those who haven't had the privilege of sitting in on his talks, this book is everything that you're missing.

Ben Ramsey, Ben Ramsey's Blog

This is the first technical book that I have read that doesn't obscure the topic with trivial details or complicated sentence structures with phrasing that is hard to follow.

Justin Koivisto,

If you want to write secure apps in PHP, you need this book.

Andrew van der Stock, Cat Slave Diary

For me, the book shed a huge light on a subject that is often talked about, but most of the time not really understood, and often deliberately and completely ignored. Now if you'll excuse me, I've got some glaring security holes to fix.

Rich Rodecker, FlashApe

It's a must-have for anyone looking to develop serious PHP applications.

Chris Cornutt,

Got my copy yesterday. Stopped writing PHP until I've read it front to end. Simply great!

Daniel Nielsen, Pixelated Dreams

This book is well written, and even difficult topics are explained in an easy-to-understand way. So, if you want to get a deeper understanding of PHP and security, this book is what you need to get your hands on.

Tim Van Wassenhove, Tim Van Wassenhove's Blog

What is most useful about this book is the aggregation in one place of descriptions of all of these security attacks and vulnerabilities in PHP code, along with suggestions on dealing with them.

John Suda,

I found this book very helpful. The language is easy to understand and the examples are clear and concise.

Karen Haman,

Of late, there have been numerous instances of attacks on PHP applications because of the use of insecure code. This is where Essential PHP Security comes in.

Using simple language, the book comes to the point directly without wasting your time and obscuring details. It is pretty evident to the reader on what applies to him and what does not. There are code examples to explain how attacks can be carried out and how to protect against them.

It is a recommended read for developers starting in PHP programming.

Palisade Security Team, Paladion Networks

Overall, for PHP developers, I give this a solid 10. It's helpful, steps through the various problems, why they happen, and how to fix them... what could be better?

Keith Casey, Keith Casey's Blog

Worth buying? Definitely. This book should be on every serious PHP programmer's bookshelf.

Kathy Patterson,

I would definitely reccomend this book to aspiring PHP developers and think it would also benefit some of the more experienced folks out there.

David Marshall, DaveDevelopment

If you write PHP code, and want to make any pretence at security, read this book. Clear enough?

Richard George,

A must have book for any PHP programmer.

Stephen Chapman, Felgall Pty Ltd

I discovered a couple of new tricks and gained some further insight on securing web applications in general.

The bottom line is that this book gives a very good overview on how to make your PHP applications more secure and provides some interesting examples of different types of potential attacks against your web application.

Gom Jabbar, Beyond the Wall of Sleep

If I had a star rating on my blog, I would give this book a 5/5 for covering exactly what it said it would and doing so in a very clear manner.

Nate Klaiber, Nate's Blog

It's quite good and chock full of information.

Michael Guo,

If you write PHP scripts, get a copy.

Alain Williams, UKUUG

If you are programming in PHP, I feel this is a must. It is a stripped down, straight to the point book on PHP security.

CityEndz, The CityEndz Blog

Bottom line, if you are remotely interested in PHP, this book is a must, period. Anyone who wants to touch PHP has to read this book first!

Ayman Hourieh, Ayman Hourieh's Blog

It was a good, quick read, and for me it was mostly a review of principles I had previously read on Chris's blog.

Richard Miller, Richard Miller's Blog

This book is the essential reading for all PHP developers, professional and hobbyist alike. It is one of those books that will not get outdated and will be referenced on a daily basis.

Miha Hribar, Miha Hribar's Blog

This little book is an excellent way to learn about the security pitfalls one may encounter.

If you use PHP, I highly recommend that you get this book, read it, and adhere to the suggestions found within it.

Rik Farrow, ;login: The USENIX Magazine

As a site administrator, I find the book very useful for the security of the site as a whole.

Roger Walker, Edmonton Linux User Group

Without a doubt this has changed how I view security.

After reading this book, some might say that Chris teaches you to be paranoid, but I would argue that he teaches you to be thorough.

Evan Broder, O'Reilly Online Reviews

The structure is cleverly thought out, dealing chapter by chapter with specific types of activity (e.g. forms, databases, sessions etc).

Stephen Hampshire,

This book is very good, and absolutely recommendable.

Rene Gundersen,

If anyone is well-suited to writing such a work, it is Chris Shiflett, a well-known authority on PHP security, a respected contributor to the PHP community, founder and spokesman of the PHP Security Consortium, and founder and President of Brain Bulb, a PHP consulting firm.

Any PHP developer would be wise to begin with this book as a first step towards PHP security mastery.

Michael Ross,

Even though it was published in 2005, the issues that Essential PHP Security addresses is still very relevant today.

Rafael Dohms, SwatBlog