Essential PHP Security
A guide to building secure web applications
Samenvatting
Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.
Security is an issue that demands attention, given the growing frequency of attacks on web sites. 'Essential PHP Security' explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.
In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.
Topics covered include:
- Preventing cross-site scripting (XSS) vulnerabilities
- Protecting against SQL injection attacks
- Complicating session hijacking attempts
You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.
Specificaties
Inhoudsopgave
1. Introduction
PHP Features
Principles
Practices
2. Forms and URLs
Forms and Data
Semantic URL Attacks
File Upload Attacks
Cross-Site Scripting
Cross-Site Request Forgeries
Spoofed Form Submissions
Spoofed HTTP Requests
3. Databases and SQL
Exposed Access Credentials
SQL Injection
Exposed Data
4. Sessions and Cookies
Cookie Theft
Exposed Session Data
Session Fixation
Session Hijacking
5. Includes
Exposed Source Code
Backdoor URLs
Filename Manipulation
Code Injection
6. Files and Commands
Traversing the Filesystem
Remote File Risks
Command Injection
7. Authentication and Authorization
Brute Force Attacks
Password Sniffing
Replay Attacks
Persistent Logins
8. Shared Hosting
Exposed Source Code
Exposed Session Data
Session Injection
Filesystem Browsing
Safe Mode
A. Configuration Directives
B. Functions
C. Cryptography
Index
Anderen die dit boek kochten, kochten ook
-
Dieter Möckelmann€ 16,95 -
Remko van der Pols€ 49,00
-
Jeanne Boyarsky€ 59,10
-
Kim Pot€ 23,50
-
Willem Leijnse€ 72,95
-
Yvette Backer€ 49,00
Net verschenen
Rubrieken
- aanbestedingsrecht
- aansprakelijkheids- en verzekeringsrecht
- accountancy
- algemeen juridisch
- arbeidsrecht
- bank- en effectenrecht
- bestuursrecht
- bouwrecht
- burgerlijk recht en procesrecht
- europees-internationaal recht
- fiscaal recht
- gezondheidsrecht
- insolventierecht
- intellectuele eigendom en ict-recht
- management
- mens en maatschappij
- milieu- en omgevingsrecht
- notarieel recht
- ondernemingsrecht
- pensioenrecht
- personen- en familierecht
- sociale zekerheidsrecht
- staatsrecht
- strafrecht en criminologie
- vastgoed- en huurrecht
- vreemdelingenrecht
