Monday, July 16, 2007

Essential.PHP.Security

Essential PHP Security is organized into chapters that address specific topics related to PHP development. Each chapter is further divided into sections that cover the most common attacks related to a particular topic, and you are shown both how the attacks are initiated as well as how to protect your applications from them.

Chapter 1, Introduction

Gives an overview of security principles and best practices. This chapter provides the foundation for the rest of the book.

  • PHP Features
  • Principles
  • Practices

Chapter 2, Forms and URLs

Covers form processing and attacks such as cross-site scripting and cross-site request forgeries.

  • Forms and Data
  • Semantic URL Attacks
  • File Upload Attacks
  • Cross-Site Scripting
  • Cross-Site Request Forgeries
  • Spoofed Form Submissions
  • Spoofed HTTP Requests

Read this chapter for free: ch02.pdf

Chapter 3, Databases and SQL

Focuses on using databases and attacks such as SQL injection.

  • Exposed Access Credentials
  • SQL Injection
  • Exposed Data

Chapter 4, Sessions and Cookies

Explains PHP’s session support and shows you how to protect your applications from attacks such as session fixation and session hijacking.

  • Cookie Theft
  • Exposed Session Data
  • Session Fixation
  • Session Hijacking

Read this chapter for free: ch04.pdf

Chapter 5, Includes

Covers the risks associated with the use of includes, such as backdoor URLs and code injection.

  • Exposed Source Code
  • Backdoor URLs
  • Filename Manipulation
  • Code Injection

Chapter 6, Files and Commands

Discusses attacks such as filesystem traversal and command injection.

  • Traversing the Filesystem
  • Remote File Risks
  • Command Injection

Chapter 7, Authentication and Authorization

Helps you create secure authentication and authorization mechanisms and protect your applications from things like brute force attacks and replay attacks.

  • Brute Force Attacks
  • Password Sniffing
  • Replay Attacks
  • Persistent Logins

Chapter 8, Shared Hosting

Explains the inherent risks associated with a shared hosting environment. You are shown how to avoid the exposure of your source code and session data, as well as how to protect your applications from attacks such as session injection.

  • Exposed Source Code
  • Exposed Session Data
  • Session Injection
  • Filesystem Browsing
  • Safe Mode

Appendix A, Configuration Directives

Provides a short and focused list of configuration directives that deserve particular attention.

Appendix B, Functions

Offers a brief list of functions with which you should be concerned.

Appendix C, Cryptography

Focuses on symmetric cryptography and shows you how to safely store passwords and encrypt data in a database or session data store.

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)