Pro PHP Security ■ ■ ■ Chris Snyder and Michael Southwell iii Contents at a Glance About the Authors ... xvii About the Technical Reviewer ... xix Acknowledgments ... xxi Introduction ... xxiii PART 1 ■ ■ ■ The Importance of Security CHAPTER 1 Why Is Secure Programming a Concern? ... 3 PART 2 ■ ■ ■ Maintaining a Secure Environment CHAPTER 2 Dealing with Shared Hosts ... 13 CHAPTER 3 Maintaining Separate Development and Production Environments ... 25 CHAPTER 4 Keeping Software Up to Date ... 41 CHAPTER 5 Using Encryption I: Theory ... 55 CHAPTER 6 Using Encryption II: Practice ... 75 CHAPTER 7 Securing Network Connections I: SSL ... 109 CHAPTER 8 Securing Network Connections II: SSH ... 139 CHAPTER 9 Controlling Access I: Authentication ... 175 CHAPTER 10 Controlling Access II: Permissions and Restrictions ... 209 PART 3 ■ ■ ■ Practicing Secure PHP Programming CHAPTER 11 Validating User Input ... 229 CHAPTER 12 Preventing SQL Injection ... 249 CHAPTER 13 Preventing Cross-Site Scripting ... 263 CHAPTER 14 Preventing Remote Execution... 281 CHAPTER 15 Enforcing Security for Temporary Files ... 303 CHAPTER 16 Preventing Session Hijacking ... 315 iv ■CONTENTS AT A GLANCE PART 4 ■ ■ ■ Practicing Secure Operations CHAPTER 17 Allowing Only Human Users ... 331 CHAPTER 18 Verifying Your Users Identities ... 347 CHAPTER 19 Using Roles to Authorize Actions ... 359 CHAPTER 20 Adding Accountability to Track Your Users... 377 CHAPTER 21 Preventing Data Loss... 399 CHAPTER 22 Safely Executing System Commands ... 419 CHAPTER 23 Handling Remote Procedure Calls Safely ... 455 CHAPTER 24 Taking Advantage of Peer Review... 467 INDEX... 479
Chris Snyder is a software engineer at the Fund for the City of New York, where he helps develop next-generation websites and services for nonprofit organizations. He is a member of the executive board of New York PHP, and has been looking for new ways to build scriptable, linked, multimedia content since he saw his first Hypercard stack in 1988.
 |
Ask a Question About this Product More... |
|
