Zum Hauptinhalt springen
Dekorationsartikel gehören nicht zum Leistungsumfang.
Essential PHP Security
Taschenbuch von Chris Shiflett
Sprache: Englisch

29,35 €*

inkl. MwSt.

Versandkostenfrei per Post / DHL

auf Lager, Lieferzeit 2-4 Werktage

Kategorien:
Beschreibung

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

  • Preventing cross-site scripting (XSS) vulnerabilities
  • Protecting against SQL injection attacks
  • Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

Being highly flexible in building dynamic, database-driven web applications makes the PHP programming language one of the most popular web development tools in use today. It also works beautifully with other open source tools, such as the MySQL database and the Apache web server. However, as more web sites are developed in PHP, they become targets for malicious attackers, and developers need to prepare for the attacks.

Security is an issue that demands attention, given the growing frequency of attacks on web sites. Essential PHP Security explains the most common types of attacks and how to write code that isn't susceptible to them. By examining specific attacks and the techniques used to protect against them, you will have a deeper understanding and appreciation of the safeguards you are about to learn in this book.

In the much-needed (and highly-requested) Essential PHP Security, each chapter covers an aspect of a web application (such as form processing, database programming, session management, and authentication). Chapters describe potential attacks with examples and then explain techniques to help you prevent those attacks.

Topics covered include:

  • Preventing cross-site scripting (XSS) vulnerabilities
  • Protecting against SQL injection attacks
  • Complicating session hijacking attempts

You are in good hands with author Chris Shiflett, an internationally-recognized expert in the field of PHP security. Shiflett is also the founder and President of Brain Bulb, a PHP consultancy that offers a variety of services to clients around the world.

Über den Autor

Chris Shiflett, an internationally recognized expert in the field of PHP security, is the founder and President of Brain Bulb, a PHP consultancy. Chris has been developing web applications with PHP for several years and regularly speaks at OSCON, ApacheCon, and PHP users conferences in North America. He is the author of the HTTP Developer's Handbook (Sams) and writes frequently about web application security. As an open source advocate, he maintains several open source projects and is a member of the PHP development team.

Inhaltsverzeichnis
Foreword;
Preface;
What's Inside;
Style Conventions;
Comments and Questions;
Safari Enabled;
Acknowledgments;
Chapter 1: Introduction;
1.1 PHP Features;
1.2 Principles;
1.3 Practices;
Chapter 2: Forms and URLs;
2.1 Forms and Data;
2.2 Semantic URL Attacks;
2.3 File Upload Attacks;
2.4 Cross-Site Scripting;
2.5 Cross-Site Request Forgeries;
2.6 Spoofed Form Submissions;
2.7 Spoofed HTTP Requests;
Chapter 3: Databases and SQL;
3.1 Exposed Access Credentials;
3.2 SQL Injection;
3.3 Exposed Data;
Chapter 4: Sessions and Cookies;
4.1 Cookie Theft;
4.2 Exposed Session Data;
4.3 Session Fixation;
4.4 Session Hijacking;
Chapter 5: Includes;
5.1 Exposed Source Code;
5.2 Backdoor URLs;
5.3 Filename Manipulation;
5.4 Code Injection;
Chapter 6: Files and Commands;
6.1 Traversing the Filesystem;
6.2 Remote File Risks;
6.3 Command Injection;
Chapter 7: Authentication and Authorization;
7.1 Brute Force Attacks;
7.2 Password Sniffing;
7.3 Replay Attacks;
7.4 Persistent Logins;
Chapter 8: Shared Hosting;
8.1 Exposed Source Code;
8.2 Exposed Session Data;
8.3 Session Injection;
8.4 Filesystem Browsing;
8.5 Safe Mode;
Appendix A: Configuration Directives;
A.1 allow_url_fopen;
A.2 disable_functions;
A.3 display_errors;
A.4 enable_dl;
A.5 error_reporting;
A.6 file_uploads;
A.7 log_errors;
A.8 magic_quotes_gpc;
A.9 memory_limit;
A.10 open_basedir;
A.11 register_globals;
A.12 safe_mode;
Appendix B: Functions;
B.1 eval();
B.2 exec();
B.3 file();
B.4 file_get_contents();
B.5 fopen();
B.6 include;
B.7 passthru();
B.8 phpinfo();
B.9 popen();
B.10 preg_replace();
B.11 proc_open();
B.12 readfile();
B.13 require;
B.14 shell_exec();
B.15 system();
Appendix C: Cryptography;
C.1 Storing Passwords;
C.2 Using mcrypt;
C.3 Storing Credit Card Numbers;
C.4 Encrypting Session Data;
About the Author;
Colophon;
Details
Erscheinungsjahr: 2005
Fachbereich: Programmiersprachen
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: XXII
111 S.
ISBN-13: 9780596006563
ISBN-10: 059600656X
UPC: 636920006565
EAN: 0636920006565
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Shiflett, Chris
Hersteller: O'Reilly Media
O'Reilly and Associates
Verantwortliche Person für die EU: dpunkt.verlag GmbH, Vanessa Niethammer, Wieblinger Weg 17, D-69123 Heidelberg, hallo@dpunkt.de
Maße: 235 x 177 x 12 mm
Von/Mit: Chris Shiflett
Erscheinungsdatum: 22.11.2005
Gewicht: 0,222 kg
Artikel-ID: 102442367
Über den Autor

Chris Shiflett, an internationally recognized expert in the field of PHP security, is the founder and President of Brain Bulb, a PHP consultancy. Chris has been developing web applications with PHP for several years and regularly speaks at OSCON, ApacheCon, and PHP users conferences in North America. He is the author of the HTTP Developer's Handbook (Sams) and writes frequently about web application security. As an open source advocate, he maintains several open source projects and is a member of the PHP development team.

Inhaltsverzeichnis
Foreword;
Preface;
What's Inside;
Style Conventions;
Comments and Questions;
Safari Enabled;
Acknowledgments;
Chapter 1: Introduction;
1.1 PHP Features;
1.2 Principles;
1.3 Practices;
Chapter 2: Forms and URLs;
2.1 Forms and Data;
2.2 Semantic URL Attacks;
2.3 File Upload Attacks;
2.4 Cross-Site Scripting;
2.5 Cross-Site Request Forgeries;
2.6 Spoofed Form Submissions;
2.7 Spoofed HTTP Requests;
Chapter 3: Databases and SQL;
3.1 Exposed Access Credentials;
3.2 SQL Injection;
3.3 Exposed Data;
Chapter 4: Sessions and Cookies;
4.1 Cookie Theft;
4.2 Exposed Session Data;
4.3 Session Fixation;
4.4 Session Hijacking;
Chapter 5: Includes;
5.1 Exposed Source Code;
5.2 Backdoor URLs;
5.3 Filename Manipulation;
5.4 Code Injection;
Chapter 6: Files and Commands;
6.1 Traversing the Filesystem;
6.2 Remote File Risks;
6.3 Command Injection;
Chapter 7: Authentication and Authorization;
7.1 Brute Force Attacks;
7.2 Password Sniffing;
7.3 Replay Attacks;
7.4 Persistent Logins;
Chapter 8: Shared Hosting;
8.1 Exposed Source Code;
8.2 Exposed Session Data;
8.3 Session Injection;
8.4 Filesystem Browsing;
8.5 Safe Mode;
Appendix A: Configuration Directives;
A.1 allow_url_fopen;
A.2 disable_functions;
A.3 display_errors;
A.4 enable_dl;
A.5 error_reporting;
A.6 file_uploads;
A.7 log_errors;
A.8 magic_quotes_gpc;
A.9 memory_limit;
A.10 open_basedir;
A.11 register_globals;
A.12 safe_mode;
Appendix B: Functions;
B.1 eval();
B.2 exec();
B.3 file();
B.4 file_get_contents();
B.5 fopen();
B.6 include;
B.7 passthru();
B.8 phpinfo();
B.9 popen();
B.10 preg_replace();
B.11 proc_open();
B.12 readfile();
B.13 require;
B.14 shell_exec();
B.15 system();
Appendix C: Cryptography;
C.1 Storing Passwords;
C.2 Using mcrypt;
C.3 Storing Credit Card Numbers;
C.4 Encrypting Session Data;
About the Author;
Colophon;
Details
Erscheinungsjahr: 2005
Fachbereich: Programmiersprachen
Genre: Importe, Informatik
Rubrik: Naturwissenschaften & Technik
Medium: Taschenbuch
Inhalt: XXII
111 S.
ISBN-13: 9780596006563
ISBN-10: 059600656X
UPC: 636920006565
EAN: 0636920006565
Sprache: Englisch
Einband: Kartoniert / Broschiert
Autor: Shiflett, Chris
Hersteller: O'Reilly Media
O'Reilly and Associates
Verantwortliche Person für die EU: dpunkt.verlag GmbH, Vanessa Niethammer, Wieblinger Weg 17, D-69123 Heidelberg, hallo@dpunkt.de
Maße: 235 x 177 x 12 mm
Von/Mit: Chris Shiflett
Erscheinungsdatum: 22.11.2005
Gewicht: 0,222 kg
Artikel-ID: 102442367
Sicherheitshinweis