Pro PHP Security – Review

3rd July 2009 Rui Miguel Feio Books
Author: Chris Snyder
Author: Chris Snyder

PHP being such a popular and versatile scripting language it’s natural that security is not to be taken lightly.

There are thousands of web sites in the internet dedicated to this subject as well as dozens of books. Finding the right one… now that’s a challenge!

Pro PHP Security” is probably one of the best. I warn you however, that sometimes it can be a tiresome book if you intend to read it from page 1 to the last one.

I say this because it details encryption methods, secure network connections and the likes that for a PHP developer it can be boring.

Lets face it, there are already encryption functions available and the need to know exactly and in detail how each encryption method works can be questionable.

However, no one forces you to read the entire book. You can skip the not so interesting parts and go directly to the good stuff.

The last two parts of this book (part 3 – Practicing Secure PHP Programming and part 4 – Practicing Secure Operations) are the crown jewels of this book, with lots of tips and PHP examples.

This book has the following Parts and Chapters:

  1. PART 1 – The Importance of Security
    • Chapter 1 – Why Is Secure Programming a Concern?
  2. PART 2 – Maintaining a Secure Environment
    • Chapter 2 – Dealing with Shared Hosts
    • Chapter 3 – Maintaining Separate Development and Production Environments
    • Chapter 4 – Keeping Software Up to Date
    • Chapter 5 – Using Encryption I: Theory
    • Chapter 6 – Using Encryption II: Practice
    • Chapter 7 – Securing Network Connections I: SSL
    • Chapter 8 – Securing Network Connections II: SSH
    • Chapter 9 – Controlling Access I: Authentication
    • Chapter 10 – Controlling Access II: Permissions and Restrictions
  3. PART 3 – Practicing Secure PHP Programming
    • Chapter 11 – Validating User Input
    • Chapter 12 – Preventing SQL Injection
    • Chapter 13 – Preventing Cross-Site Scripting
    • Chapter 14 – Preventing Remote Execution
    • Chapter 15 – Enforcing Security for Temporary Files
    • Chapter 16 – Preventing Session Hijacking
  4. PART 4 – Practicing Secure Operations
    • Chapter 17 – Allowing Only Human Users
    • Chapter 18 – Verifying Your Users’ Identities
    • Chapter 19 – Using Roles to Authorize Actions
    • Chapter 20 – Adding Accountability to Track Your Users
    • Chapter 21 – Preventing Data Loss
    • Chapter 22 – Safely Executing System Commands
    • Chapter 23 – Handling Remote Procedure Calls Safely
    • Chapter 24 – Taking Advantage of Peer Review

Pro PHP Security” should be one of the books in your bookshelf if you want to develop Secure PHP scripts.