Securing PHP Web Applications (Paperback)

Easy, Powerful Code Security Techniques for Every PHP Developer

Hackers specifically target PHP Web applications. Why? Because they know many of these apps are written by programmers with little or no experience or training in software security. Don’t be victimized. Securing PHP Web Applications will help you master the specific techniques, skills, and best practices you need to write rock-solid PHP code and harden the PHP software you’re already using.

Drawing on more than fifteen years of experience in Web development, security, and training, Tricia and William Ballad show how security flaws can find their way into PHP code, and they identify the most common security mistakes made by PHP developers. The authors present practical, specific solutions–techniques that are surprisingly easy to understand and use, no matter what level of PHP programming expertise you have.

Securing PHP Web Applications covers the most important aspects of PHP code security, from error handling and buffer overflows to input validation and filesystem access. The authors explode the myths that discourage PHP programmers from attempting to secure their code and teach you how to instinctively write more secure code without compromising your software’s performance or your own productivity.

Coverage includes

• Designing secure applications from the very beginning–and plugging holes in applications you can’t rewrite from scratch
• Defending against session hijacking, fixation, and poisoning attacks that PHP can’t resist on its own
• Securing the servers your PHP code runs on, including specific guidance for Apache, MySQL, IIS/SQL Server, and more
• Enforcing strict authentication and making the most of encryption
• Preventing dangerous cross-site scripting (XSS) attacks
• Systematically testing yourapplications for security, including detailed discussions of exploit testing and PHP test automation
• Addressing known vulnerabilities in the third-party applications you’re already running

Tricia and William Ballad demystify PHP security by presenting realistic scenarios and code examples, practical checklists, detailed visuals, and more. Whether you write Web applications professionally or casually, or simply use someone else’s PHP scripts, you need this book–and you need it now, before the hackers find you!

《Securing PHP Web Applications》是一本針對每位PHP開發者的易學且強大的程式碼安全技巧指南。

駭客專門針對PHP網絡應用進行攻擊。為什麼呢？因為他們知道許多這些應用是由缺乏軟體安全經驗或培訓的程式設計師撰寫的。《Securing PHP Web Applications》將幫助您掌握撰寫堅固PHP程式碼和加固您已使用的PHP軟體所需的特定技巧、技能和最佳實踐。

作者Tricia和William Ballad憑藉超過15年的網絡開發、安全和培訓經驗，展示了安全漏洞如何進入PHP程式碼，並指出PHP開發者最常犯的安全錯誤。作者提供實用的具體解決方案，這些技巧非常容易理解和使用，無論您在PHP編程方面的專業程度如何。

《Securing PHP Web Applications》涵蓋了PHP程式碼安全的最重要方面，從錯誤處理和緩衝區溢出到輸入驗證和檔案系統訪問。作者揭示了阻止PHP程式設計師嘗試保護其程式碼的迷思，並教您如何本能地撰寫更安全的程式碼，同時不損害軟體的性能或您自己的生產力。

內容包括：
- 從一開始設計安全的應用程式，以及修補無法從頭開始重寫的應用程式中的漏洞
- 防範PHP無法自行抵抗的會話劫持、固定和污染攻擊
- 保護運行PHP程式碼的伺服器，包括Apache、MySQL、IIS/SQL Server等的具體指導
- 強制執行嚴格的身份驗證並充分利用加密
- 預防危險的跨站腳本攻擊（XSS）
- 系統性地測試您的應用程式的安全性，包括詳細討論利用測試和PHP測試自動化
- 解決您已運行的第三方應用程式中已知的漏洞

Tricia和William Ballad通過呈現實際情境和程式碼示例、實用的檢查清單、詳細的視覺效果等，使PHP安全變得易於理解。無論您是專業或業餘編寫網絡應用程式，還是僅使用他人的PHP腳本，您都需要這本書，而且需要現在就讀，以免駭客找到您！