«
»

02/2/09

Review: Essential PHP Security

by Rafael Dohms

phpseccover

Even though it was published in 2005, the issues that “Essential PHP Security” addresses is still very relevant today. Written by Chris Shiflett, the book goes through various security aspects associated with a PHP application, and for that reason its content can be considered up to date and applicable to various day-to- day situations faced by developers.

The book has a very easy going approach to exposing the various aspects of security it addresses. These aspects are very clearly exposed and separated into differenct chapters, covering everything from forms to includes and security in shared hosting environments. Each topic is analyzed in detail and internally divided into exploits and attack strategies for that security flaw. In this way the book becomes an easy to access reference book where its possible to go directly to the chapter that addresses the specific aspect you are coding for right now and allowing you to know which flaws to look out for. The introductory chapter presents Principles and Practice of Security which can be applied in any application and any language, for example “Defense in Depth”, which demonstrates the fact that security is much bigger than merely analyzing specific points of you application.

Even thought is has been published a few years ago, the book addresses topics like XSS that play a important role in the AJAX driven web we observe nowadays. Old friends like Session Hijacking and SQL Injection are analyzed from various points of view, aligned to the various segments of an application. This structure makes for a very light and enjoyable reading experience which can easily be fit into a few spare moments, or even in the waiting room of the occasional visit to the doctor’s office (it worked for me anyway).

This book deserves to be part of any developer’s bookshelf, at least to serve as a reminder and inspiration for reflection, even in a world where more and more Frameworks internalize all aspects of security – but as I always say, we developers should always know what is going on behind the curtains.

Essential PHP Security A Guide to Building Secure Web Applications

By Chris Shiflett
October 2005
Pages: 124
ISBN 10: 0-596-00656-X | ISBN 13: 9780596006563

You can buy the book from Amazon

Related posts:

  1. Book Review: Guide to Date and Time Programming
  2. Security: Are you thinking about it?
  3. Book Review: The Art of Community by Jono Bacon
  4. ZendCon 2009 PHP Conference – Review

Leave a Reply