Chris Shiflett

Essential PHP Security

• Broschiertes Buch

Produktbeschreibung

PHP is one of the most popular web development tools in use today--this is partially due to the language having high levels of flexibility in building dynamic, database-driven sites. As more and more websites are being developed in PHP, they become targets for malicious hackers.
The PHP scripting language works beautifully with other open source tools, such as the MySQL database and Apache web server software, to build interactive web applications. But security is still an issue that developers need to address, given the frequency of attacks on web sites. Essential PHP Security explains the types of attacks that hackers use on web sites and how to correctly configure Apache and PHP to guard against them. It also shows developers how to write PHPprograms that aren't susceptible to those attacks.
Within this much-needed (and much-requested) guide, each aspect of a web application (server configuration, form processing, database programming, external files, libraries of PHP code, ses

---

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.Topics covered include: Preventing cross-site scripting (XSS) vulnerabilities Protecting against SQL injection attacks Complicating sessionhijacking attemptsYou are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

Produktdetails

• Verlag: O'Reilly Media
• Seitenzahl: 109
• Erscheinungstermin: 22. November 2005
• Englisch
• Abmessung: 235mm x 177mm x 12mm
• Gewicht: 185g
• ISBN-13: 9780596006563
• ISBN-10: 059600656X
• Artikelnr.: 13151170

Autorenporträt

Chris Shiflett, an internationally recognized expert in the field of PHP security, is the founder and President of Brain Bulb, a PHP consultancy. Chris has been developing web applications with PHP for several years and regularly speaks at OSCON, ApacheCon, and PHP users conferences in North America. He is the author of the HTTP Developer's Handbook (Sams) and writes frequently about web application security. As an open source advocate, he maintains several open source projects and is a member of the PHP development team.

Inhaltsangabe

Foreword
Preface
What's Inside
Style Conventions
Comments and Questions
Safari Enabled
Acknowledgments
Chapter 1: Introduction
1.1 PHP Features
1.2 Principles
1.3 Practices
Chapter 2: Forms and URLs
2.1 Forms and Data
2.2 Semantic URL Attacks
2.3 File Upload Attacks
2.4 Cross-Site Scripting
2.5 Cross-Site Request Forgeries
2.6 Spoofed Form Submissions
2.7 Spoofed HTTP Requests
Chapter 3: Databases and SQL
3.1 Exposed Access Credentials
3.2 SQL Injection
3.3 Exposed Data
Chapter 4: Sessions and Cookies
4.1 Cookie Theft
4.2 Exposed Session Data
4.3 Session Fixation
4.4 Session Hijacking
Chapter 5: Includes
5.1 Exposed Source Code
5.2 Backdoor URLs
5.3 Filename Manipulation
5.4 Code Injection
Chapter 6: Files and Commands
6.1 Traversing the Filesystem
6.2 Remote File Risks
6.3 Command Injection
Chapter 7: Authentication and Authorization
7.1 Brute Force Attacks
7.2 Password Sniffing
7.3 Replay Attacks
7.4 Persistent Logins
Chapter 8: Shared Hosting
8.1 Exposed Source Code
8.2 Exposed Session Data
8.3 Session Injection
8.4 Filesystem Browsing
8.5 Safe Mode
Appendix A: Configuration Directives
A.1 allow_url_fopen
A.2 disable_functions
A.3 display_errors
A.4 enable_dl
A.5 error_reporting
A.6 file_uploads
A.7 log_errors
A.8 magic_quotes_gpc
A.9 memory_limit
A.10 open_basedir
A.11 register_globals
A.12 safe_mode
Appendix B: Functions
B.1 eval()
B.2 exec()
B.3 file()
B.4 file_get_contents()
B.5 fopen()
B.6 include
B.7 passthru()
B.8 phpinfo()
B.9 popen()
B.10 preg_replace()
B.11 proc_open()
B.12 readfile()
B.13 require
B.14 shell_exec()
B.15 system()
Appendix C: Cryptography
C.1 Storing Passwords
C.2 Using mcrypt
C.3 Storing Credit Card Numbers
C.4 Encrypting Session Data
About the Author
Colophon

Rezensionen

"Das Buch beschränkt sich klar auf mit PHP im Zusammenhang stehende Gefahren im Anwendungsentwurf. Dies ermöglicht ein kompaktes Buch, welches sich [...] auf das Essentielle beschränkt. Seine Programmbeispiele sind kurz, sauber strukturiert , folgen den üblichen Konventionen und lassen erkennen, warum bei sicherem Programmieren 'simple is beauty' gilt. [...] Wer vorhat, eine auf PHP basierte Webapplikation zu entwickeln und nicht weiß wie 'cross-site scripting', 'SQL injection' und 'session hijacking' funktioniert, bekommt in Chris Shifletts Essential PHP Security sowohl Funktionsweise als auch die Verteidigung kurz und präzise erklärt." - Bernd Pommerehne, Linux Usergroup der Studentensiedlung Freiburg, März 2006

"Dieser Band sollte letztlich in keinem Regal eines PHP-Programmierers fehlen - und von ebendiesen natürlich auch gelesen und beherzigt werden." - Christian Kahle, blog.de.internet.com, Dezember 2005