Securing PHP Web Applications (For Mere Mortals)
Tricia Ballad, William Balladقیمت نهایی
۴۰٬۰۰۰ تومان۴۹٬۰۰۰ تومان۱۸٪ تخفیف
- تخفیف زماندار−۹٬۰۰۰ تومان
۹٬۰۰۰ تومان صرفهجویی نسبت به قیمت اصلی
نسخه اصلی و اورجینال
بلافاصله پس از خرید، فایل کتاب روی دستگاه شما آمادهٔ دانلود است.
تحویل فوری
پرداخت امن
ضمانت فایل
پشتیبانی
مشخصات کتاب
- سال انتشار
- ۲۰۰۸
- فرمت
- زبان
- انگلیسی
- حجم فایل
- ۱۳٫۷ مگابایت
دربارهٔ کتاب
**Easy, Powerful Code Security Techniques for Every PHP Developer** Hackers specifically target PHP Web applications. Why? Because they know many of these apps are written by programmers with little or no experience or training in software security. __Don’t be victimized. **Securing PHP Web Applications**__ will help you master the specific techniques, skills, and best practices you need to write rock-solid PHP code and harden the PHP software you’re already using. Drawing on more than fifteen years of experience in Web development, security, and training, Tricia and William Ballad show how security flaws can find their way into PHP code, and they identify the most common security mistakes made by PHP developers. The authors present practical, specific solutions–techniques that are surprisingly easy to understand and use, no matter what level of PHP programming expertise you have. **__Securing PHP Web Applications__** covers the most important aspects of PHP code security, from error handling and buffer overflows to input validation and filesystem access. The authors explode the myths that discourage PHP programmers from attempting to secure their code and teach you how to instinctively write more secure code without compromising your software’s performance or your own productivity. Coverage includes * Designing secure applications from the very beginning–and plugging holes in applications you can’t rewrite from scratch * Defending against session hijacking, fixation, and poisoning attacks that PHP can’t resist on its own * Securing the servers your PHP code runs on, including specific guidance for Apache, MySQL, IIS/SQL Server, and more * Enforcing strict authentication and making the most of encryption * Preventing dangerous cross-site scripting (XSS) attacks * Systematically testing yourapplications for security, including detailed discussions of exploit testing and PHP test automation * Addressing known vulnerabilities in the third-party applications you’re already running Tricia and William Ballad demystify PHP security by presenting realistic scenarios and code examples, practical checklists, detailed visuals, and more. Whether you write Web applications professionally or casually, or simply use someone else’s PHP scripts, you need this book–and you need it now, before the hackers find you! Contents......Page 6 Acknowledgments......Page 14 About the Authors......Page 16 Part I: Web Development Is a Blood Sport—Don't Wander onto the Field Without a Helmet......Page 18 Reality Check......Page 20 Security Is a Server Issue......Page 22 Security Through Obscurity......Page 24 "My Application Isn’t Major Enough to Get Hacked”......Page 26 Wrapping It Up......Page 27 Part II: Is That Hole Really Big Enough to Drive a Truck Through?......Page 28 The Guestbook Application......Page 30 Users Do the Darnedest Things . . .......Page 32 Building an Error-Handling Mechanism......Page 36 Wrapping It Up......Page 43 Navigating the Dangerous Waters of exec(), system(), and Backticks......Page 44 Using escapeshellcmd() and escapeshellarg() to Secure System Calls......Page 47 Create an API to Handle All System Calls......Page 48 Patch the Guestbook Application......Page 49 Wrapping It Up......Page 51 Part III: What's In a Name? More Than You Expect......Page 52 What Is a Buffer, How Does It Overflow, and Why Should You Care?......Page 54 Prevent Buffer Overflows by Sanitizing Variables......Page 63 Patch the Application......Page 66 Wrapping It Up......Page 69 New Feature: Allow Users to Sign Their Guestbook Comments......Page 70 The Problem: Users Who Give You More Than You Asked For......Page 71 Assumptions: You Know What Your Data Looks Like......Page 72 The Solution: Regular Expressions to Validate Input......Page 74 Wrapping It Up......Page 84 Opening Files......Page 86 Creating and Storing Files......Page 90 Changing File Properties Safely......Page 93 Patching the Application to Allow User-Uploaded Image Files......Page 105 Wrapping It Up......Page 107 Part IV: “Aw come on man, you can trust me”......Page 110 What Is User Authentication?......Page 112 Privileges......Page 117 How to Authenticate Users......Page 118 Storing Usernames and Passwords......Page 132 Patching the Application to Authenticate Users......Page 134 Wrapping It Up......Page 137 What Is Encryption?......Page 138 Choosing an Encryption Type......Page 140 Patching the Application to Encrypt Passwords......Page 142 Wrapping It Up......Page 145 Major Types of Session Attacks......Page 146 Patching the Application to Secure the Session......Page 150 Wrapping It Up......Page 153 Reflected XSS......Page 154 Patching the Application to Prevent XSS Attacks......Page 155 Wrapping It Up......Page 156 Part V: Locking Up for the Night......Page 158 Programming Languages, Web Servers, and Operating Systems Are Inherently Insecure......Page 160 Securing a UNIX, Linux, or Mac OS X Environment......Page 161 Securing Apache......Page 164 Securing MySQL......Page 176 Wrapping It Up......Page 183 Securing a Windows Server Environment......Page 184 Securing IIS......Page 194 Securing SQL Server......Page 204 Wrapping It Up......Page 222 Using the Latest Version of PHP......Page 224 Using the Security Features Built into PHP and Apache......Page 230 Using ModSecurity......Page 232 Hardening php.ini......Page 233 Wrapping It Up......Page 235 Why Are We Talking About Testing in a Security Book?......Page 236 Testing Framework......Page 237 Types of Tests......Page 239 Choosing Solid Test Data......Page 240 Wrapping It Up......Page 241 What Is Exploit Testing?......Page 242 Fuzzing......Page 243 Testing Toolkits......Page 250 Proprietary Test Suites......Page 263 Wrapping It Up......Page 271 Part VI: “Don’t Get Hacked” Is Not a Viable Security Policy......Page 272 Before You Sit Down at the Keyboard . . .......Page 274 Identifying Points of Failure......Page 286 Wrapping It Up......Page 288 Set Up Your Environment......Page 290 Application Hardening Checklist......Page 293 Wrapping It Up......Page 295 Avoid Feature Creep......Page 296 Write Self-Documenting Code......Page 297 Use the Right Tools for the Job......Page 299 Have Your Code Peer-Reviewed......Page 300 Wrapping It Up......Page 301 PEAR......Page 302 Books......Page 303 Web Sites......Page 304 Automated Testing Tools......Page 305 C......Page 306 P......Page 307 S......Page 308 W......Page 309 A......Page 310 C......Page 312 D......Page 313 F......Page 314 H......Page 315 I......Page 316 M......Page 317 P......Page 318 S......Page 320 T......Page 322 U......Page 323 W......Page 324 Z......Page 325 This is the eBook version of the printed book. If the print book includes a CD-ROM, this content is not included within the eBook version. Easy, Powerful Code Security Techniques for Every PHP Developer Hackers specifically target PHP Web applications. Why? Because they know many of these apps are written by programmers with little or no experience or training in software security. Don't be victimized. Securing PHP Web Applications will help you master the specific techniques, skills, and best practices you need to write rock-solid PHP code and harden the PHP software you're already using. Drawing on more than fifteen years of experience in Web development, security, and training, Tricia and William Ballad show how security flaws can find their way into PHP code, and they identify the most common security mistakes made by PHP developers. The authors present practical, specific solutions–techniques that are surprisingly easy to understand and use, no matter what level of PHP programming expertise you have. Securing PHP Web Applications covers the most important aspects of PHP code security, from error handling and buffer overflows to input validation and filesystem access. The authors explode the myths that discourage PHP programmers from attempting to secure their code and teach you how to instinctively write more secure code without compromising your software's performance or your own productivity. Coverage includes Designing secure applications from the very beginning–and plugging holes in applications you can't rewrite from scratch Defending against session hijacking, fixation, and poisoning attacks that PHP can't resist on its own Securing the servers your PHP code runs on, including specific guidance for Apache, MySQL, IIS/SQL Server, and more Enforcing strict authentication and making the most of encryption Preventing dangerous cross-site scripting (XSS) attacks Systematically testing yourapplications for security, including detailed discussions of exploit testing and PHP test automation Addressing known vulnerabilities in the third-party applications you're already running Tricia and William Ballad demystify PHP security by presenting realistic scenarios and code examples, practical checklists, detailed visuals, and more. Whether you write Web applications professionally or casually, or simply use someone else's PHP scripts, you need this book–and you need it now, before the hackers find you! Hackers Specifically Target Php Web Applications. Why? Because They Know Many Of These Apps Are Written By Programmers With Little Or No Experience Or Training In Software Security. Don't Be Victimized. Securing Php Web Applications Will Help You Master The Specific Techniques, Skills, And Best Practices You Need To Write Rock-solid Php Code And Harden The Php Software You're Already Using. Drawing On More Than Fifteen Years Of Experience In Web Development, Security, And Training, Tricia And William Ballad Show How Security Flaws Can Find Their Way Into Php Code, And They Identify The Most Common Security Mistakes Made By Php Developers. The Authors Present Practical, Specific Solutions-techniques That Are Surprisingly Easy To Understand And Use, No Matter What Level Of Php Programming Expertise You Have. Securing Php Web Applications Covers The Most Important Aspects Of Php Code Security, From Error Handling And Buffer Overflows To Input Validation And Filesystem Access. The Authors Explode The Myths That Discourage Php Programmers From Attempting To Secure Their Code And Teach You How To Instinctively Write More Secure Code Without Compromising Your Software's Performance Or Your Own Productivity.--book Jacket. Part I: Web Development Is A Blood Sport--don't Wander Onto The Field Without A Helmet Chapter 1: Security Is A Server Issue And Other Myths Part Ii: Is That Hole Really Big Enough To Drive A Truck Through? Chapter 2: Error Handlingchapter 3: System Calls Part Iii: What's In A Name? More Than You Expect Chapter 4: Buffer Overflows And Variable Sanitation Chapter 5: Input Validation Chapter 6: Filesystem Access: Accessing The Filesystem For Fun And Profit Part Iv: Aw, Come On, Man, You Can Trust Me Chapter 7: Authentication Chapter 8: Encryption Chapter 9: Session Security Chapter 10: Cross-site Scripting Part V: Locking Up For The Night Chapter 11: Securing Apache And Mysql Chapter 12: Securing Iis And Sql Server Chapter 13: Securing Php On The Server Chapter 14: Introduction To Automated Testing Chapter 15: Introduction To Exploit Testing Part Vi: Don't Get Hacked Is Not A Viable Security Policy Chapter 16: Plan A: Designing A Secure Application From The Beginning Chapter 17: Plan B: Plugging The Holes In Your Existing Application Epilogue Appendix A Glossary Index. Tricia Ballad, William Ballad. Includes Bibliographical References (p. 285-288) And Index. Easy, Powerful Code Security Techniques for Every PHP Developer Hackers specifically target PHP Web applications. Why? Because they know many of these apps are written by programmers with little or no experience or training in software security. Don’t be victimized. Securing PHP Web Applications will help you master the specific techniques, skills, and best practises you need to write rock-solid PHP code and harden the PHP software you’re already using. Drawing on more than fifteen years of experience in Web development, security, and training, Tricia and William Ballad show how security flaws can find their way into PHP code, and they identify the most common security mistakes made by PHP developers. The authors present practical, specific solutions–techniques that are surprisingly easy to understand and use, no matter what level of PHP programming expertise you have. Securing PHP Web Applications covers the most important aspects of PHP code security, from error handling and buffer overflows to input validation and filesystem access. The authors explode the myths that discourage PHP programmers from attempting to secure their code and teach you how to instinctively write more secure code without compromising your software’s performance or your own productivity. Coverage includes * Designing secure applications from the very beginning–and plugging holes in applications you can’t rewrite from scratch * Defending against session hijacking, fixation, and poisoning attacks that PHP can’t resist on its own * Securing the servers your PHP code runs on, including specific guidance for Apache, MySQL, IIS/SQL Server, and more * Enforcing strict authentication and making the most of encryption * Preventing dangerous cross-site The author doesn't get into the intestines of PHP security breaches. This book has some good examples for beginners with very pristine knowledge of PHP security at all. If you plan to maintain a better security system or even to gain knowledge on more elaborate, extensive infringements, this book will not deliver the goods. Technically, for a book on PHP, the author focuses way too much on IIS server-security, which is 90% irrelevant to PHP programmers. The book guides you through building and strengthening a guest-book for a website. Now in spite of guest-books being almost extinct, this is a very simple example of PHP code, which plausibly doesn't require any intricate security mechanism. Hence the author almost excuses herself for not having gone TOO DEEP on security. Nevertheless, the author does not spare the reader when she verbosely describes general security topics. If the author had indeed chosen to focus on a more implementable example and demonstrate viable security through and through, this would've been a really great book. So, if you're looking for more than Guest-Book intricacy, find something else.
کتابهای مشابه
Securing PHP Web Applications (For Mere Mortals)
۴۹٬۰۰۰ تومان

Securing PHP Web Applications (For Mere Mortals)
۴۹٬۰۰۰ تومان
Securing PHP Web Applications (For Mere Mortals)
۴۹٬۰۰۰ تومان
Securing PHP Web Applications (For Mere Mortals)
۴۹٬۰۰۰ تومان
Mere Mortals,
۴۹٬۰۰۰ تومان
Mere Mortals
۴۹٬۰۰۰ تومان
Mere Mortals
۴۹٬۰۰۰ تومان
Merely Mortal
۴۹٬۰۰۰ تومان
Mere Mortals
۴۹٬۰۰۰ تومان

UML برای افراد عادی (برای افراد عادی)
۴۹٬۰۰۰ تومان
Mere Mortals
۴۹٬۰۰۰ تومان
Mere Mortals
۴۹٬۰۰۰ تومان
قیمت نهایی
۴۰٬۰۰۰ تومان
