Categories
Go Back
Essential PHP Security
Author: Chris Shiflett

Publisher: O'reilly
ISBN: 9788184040241
Pages: 148
Add to Booklist
Bookmark and Share
"Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:Preventing cross-site scripting (XSS) vulnerabilities
Protecting against SQL injection attacks
Complicating session hijacking attempts


You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

About the Author
Chris Shiflett has been developing Web applications with PHP for a number of years. He is the author of the HTTP Developer's Handbook and frequently writes about Web application security. As an open source advocate, he maintains several open source projects and is a member of the PHP development team. Chris is currently writing the PHP Security Handbook to be published by O'Reilly Media, Inc.

Table of Contents
Chapter 1 Introduction


PHP Features
Principles
Practices


Chapter 2 Forms and URLs


Forms and Data
Semantic URL Attacks
File Upload Attacks
Cross-Site Scripting
Cross-Site Request Forgeries
Spoofed Form Submissions
Spoofed HTTP Requests


Chapter 3 Databases and SQL


Exposed Access Credentials
SQL Injection
Exposed Data


Chapter 4 Sessions and Cookies


Cookie Theft
Exposed Session Data
Session Fixation
Session Hijacking


Chapter 5 Includes


Exposed Source Code
Backdoor URLs
Filename Manipulation
Code Injection


Chapter 6 Files and Commands


Traversing the Filesystem
Remote File Risks
Command Injection


Chapter 7 Authentication and Authorization


Brute Force Attacks
Password Sniffing
Replay Attacks
Persistent Logins


Chapter 8 Shared Hosting


Exposed Source Code
Exposed Session Data
Session Injection
Filesystem Browsing
Safe Mode
Appendix A Configuration Directives
allow_url_fopen
disable_functions
display_errors
enable_dl
error_reporting
file_uploads
log_errors
magic_quotes_gpc
memory_limit
open_basedir
register_globals
safe_mode
Appendix B Functions
eval()
exec()
file()
file_get_contents()
fopen()
include
passthru()
phpinfo()
popen()
preg_replace()
proc_open()
readfile()
require
shell_exec()
system()
Appendix C Cryptography
Storing Passwords
Using mcrypt
Storing Credit Card Numbers
Encrypting Session Data
Colophon"