Skip to main content
main-content

Über dieses Buch

Secure your PHP-based web applications with this compact handbook. You'll get clear, practical and actionable details on how to secure various parts of your PHP web application. You'll also find scenarios to handle and improve existing legacy issues.

Is your PHP app truly secure? Let's make sure you get home on time and sleep well at night. Learn the security basics that a senior developer usually acquires over years of experience, all condensed down into one quick and easy handbook. Do you ever wonder how vulnerable you are to being hacked? Do you feel confident about storing your users' sensitive information? Imagine feeling confident in the integrity of your software when you store your users' sensitive data. No more fighting fires with lost data, no more late nights, your application is secure.

Well, this short book will answer your questions and give you confidence in being able to secure your and other PHP web apps.

What You'll Learn

Never trust your users - escape all inputHTTPS/SSL/BCA/JWH/SHA and other random letters: some of them actually matterHow to handle password encryption and storage for everyoneWhat are authentication, access control, and safe file handing and how to implement themWhat are safe defaults, cross site scripting and other popular hacks Who This Book Is For

This book is for experienced PHP coders, programmers, developers.

Inhaltsverzeichnis

Frontmatter

Chapter 1. Never Trust Your Users. Sanitize ALL Input!

Learn how to properly sanitize user input, safely output to the browser and command line, protect against SQL injection, and typecast your variables.

Ben Edmunds

Chapter 2. HTTPS/SSL/BCA/JWH/SHA and Other Random Letters; Some of Them Actually Matter

Once again, it’s time for a little story. In October 2010, Eric Butler released a Firefox extension named Firesheep to highlight a huge problem on the Web that most people hadn’t been paying enough attention to. Firesheep allowed any regular ol’ user to watch the nonencrypted traffic on their local network and then hijack other users’ sessions. Firesheep exploits a type of man-in-the-middle attack called sidejacking. Sound scary? It should, because it is. Maybe you’re thinking, well this is conjecture. Alright fine, facts in. Let’s walk through an illustration to make the point.

Ben Edmunds

Chapter 3. Password Encryption and Storage for Everyone

You should know how this works by now—first, a story. Chris is a junior developer working for Marvel Comics web team. It’s an abnormally hot summer in Burbank. He has just been tasked with building the login functionality for the new web/tablet comic portal his team is building. His “team” really means Chris and the other developer. Chris might have forgotten to wear deodorant today, why is it so hot?.

Ben Edmunds

Chapter 4. Authentication, Access Control, and Safe File Handling

Authenticating users, role-based access control, safe file handling, and more.

Ben Edmunds

Chapter 5. Safe Defaults, Cross-Site Scripting, and Other Popular Hacks

Overview of best practices and protecting against popular hacks including safe defaults, cross site scripting (XSS), and cross site request forgery (CSRF).

Ben Edmunds

Backmatter

Weitere Informationen

Premium Partner

Neuer Inhalt

BranchenIndex Online

Die B2B-Firmensuche für Industrie und Wirtschaft: Kostenfrei in Firmenprofilen nach Lieferanten, Herstellern, Dienstleistern und Händlern recherchieren.

Whitepaper

- ANZEIGE -

Best Practices für die Mitarbeiter-Partizipation in der Produktentwicklung

Unternehmen haben das Innovationspotenzial der eigenen Mitarbeiter auch außerhalb der F&E-Abteilung erkannt. Viele Initiativen zur Partizipation scheitern in der Praxis jedoch häufig. Lesen Sie hier  - basierend auf einer qualitativ-explorativen Expertenstudie - mehr über die wesentlichen Problemfelder der mitarbeiterzentrierten Produktentwicklung und profitieren Sie von konkreten Handlungsempfehlungen aus der Praxis.
Jetzt gratis downloaden!

Bildnachweise