Amazon no longer offers textbook rentals. We do!

Securing Php Web Applications

by: Ballad, Tricia; Ballad, William

Securing Php Web Applications

by: Ballad, Tricia; Ballad, William

ISBN 13:
9780321534347
ISBN 10:
0321534344
Edition: 1st
Format: Paperback
Copyright: 12/16/2008
Publisher: Addison-Wesley Professional

Rent

Sorry, this item is currently unavailable on Knetbooks.com

Click the link below to purchase this eBook from our trusted partner, eCampus.com.

View eBook

Note: Supplemental materials are not guaranteed with Rental or Used book purchases.

Extend or Purchase Your Rental at Any Time

Need to keep your rental past your due date? At any time before your due date you can extend or purchase your rental through your account.

Summary

Easy, Powerful Code Security Techniques for Every PHP Developer Hackers specifically target PHP Web applications. Why? Because they know many of these apps are written by programmers with little or no experience or training in software security.Donrs"t be victimized.Securing PHP Web Applicationswill help you master the specific techniques, skills, and best practices you need to write rock-solid PHP code and harden the PHP software yours"re already using. Drawing on more than fifteen years of experience in Web development, security, and training, Tricia and William Ballad show how security flaws can find their way into PHP code, and they identify the most common security mistakes made by PHP developers. The authors present practical, specific solutionstechniques that are surprisingly easy to understand and use, no matter what level of PHP programming expertise you have. Securing PHP Web Applicationscovers the most important aspects of PHP code security, from error handling and buffer overflows to input validation and filesystem access. The authors explode the myths that discourage PHP programmers from attempting to secure their code and teach you how to instinctively write more secure code without compromising your softwarers"s performance or your own productivity. Coverage includes Designing secure applications from the very beginningand plugging holes in applications you canrs"t rewrite from scratch Defending against session hijacking, fixation, and poisoning attacks that PHP canrs"t resist on its own Securing the servers your PHP code runs on, including specific guidance for Apache, MySQL, IIS/SQL Server, and more Enforcing strict authentication and making the most of encryption Preventing dangerous cross-site scripting (XSS) attacks Systematically testing yourapplications for security, including detailed discussions of exploit testing and PHP test automation Addressing known vulnerabilities in the third-party applications yours"re already running Tricia and William Ballad demystify PHP security by presenting realistic scenarios and code examples, practical checklists, detailed visuals, and more. Whether you write Web applications professionally or casually, or simply use someone elsers"s PHP scripts, you need this bookand you need it now, before the hackers find you!

Acknowledgments	p. xiii
About the Authors	p. xv
Web Development Is a Blood Sport-Don't Wander onto the Field Without a Helmet	p. 1
Security Is a Server Issue and Other Myths	p. 3
Reality Check	p. 3
Security Is a Server Issue	p. 5
Security Through Obscurity	p. 7
Native Session Management Provides Plenty of Security	p. 9
"My Application Isn't Major Enough to Get Hacked"
The "Barbarians at the Gate"
Syndrome	p. 10
Wrapping It Up	p. 10
Is That Hole Really Big Enough to Drive a Truck Through?	p. 11
Error Handling	p. 13
The Guestbook Application	p. 13
Users Do the Darnedest Things	p. 15
Building an Error-Handling Mechanism	p. 19
Wrapping It Up	p. 26
System Calls	p. 27
Navigating the Dangerous Waters of exec(), system(), and Backticks	p. 27
Using escapeshellcmd() and escapeshellarg() to Secure System Calls	p. 30
Create an API to Handle All System Calls	p. 31
Patch the Guestbook Application	p. 32
Wrapping It Up	p. 34
What's In a Name? More Than You Expect	p. 35
Buffer Overflows and Variable Sanitation	p. 37
What Is a Buffer, How Does It Overflow, and Why Should You Care?	p. 37
Prevent Buffer Overflows by Sanitizing Variables	p. 46
Patch the Application	p. 49
Wrapping It Up	p. 52
Input Validation	p. 53
New Feature: Allow Users to Sign Their Guestbook Comments	p. 53
The Problem: Users Who Give You More Than You Asked For	p. 54
Assumptions: You Know What Your Data Looks Like	p. 55
The Solution: Regular Expressions to Validate Input	p. 57
Wrapping It Up	p. 67
Filesystem Access: Accessing the Filesystem for Fun and Profit	p. 69
Opening Files	p. 69
Creating and Storing Files	p. 73
Changing File Properties Safely	p. 76
Patching the Application to Allow User-Uploaded Image Files	p. 88
Wrapping It Up	p. 90
"Aw come on man, you can trust me"	p. l93
Authentication	p. 95
What Is User Authentication?	p. 95
Privileges	p. 100
How to Authenticate Users	p. 101
Storing Usernames and Passwords	p. 115
Patching the Application to Authenticate Users	p. 117
Wrapping It Up	p. 120
Encryption	p. 121
What Is Encryption?	p. 121
Choosing an Encryption Type	p. 123
Password Security	p. 125
Patching the Application to Encrypt Passwords	p. 125
Wrapping It Up	p. 128
Session Security	p. 129
What Is a Session Variable?	p. 129
Major Types of Session Attacks	p. 129
Patching the Application to Secure the Session	p. 133
Wrapping It Up	p. 136
Cross-Site Scripting	p. 137
What Is XSS?	p. 137
Reflected XSS	p. 137
Stored XSS	p. 138
Patching the Application to Prevent XSS Attacks	p. 138
Wrapping It Up	p. 139
Locking Up for the Night	p. 141
Securing Apache and MySQL	p. 143
Programming Languages, Web Servers, and Operating Systems Are Inherently Insecure	p. 143
Securing a UNIX, Linux, or Mac OS X Environment	p. 144
Securing Apache	p. 147
Securing MySQL	p. 159
Wrapping It Up	p. 166
Securing IIS and SQL Server	p. 167
Securing a Windows Server Environment	p. 167
Securing IIS	p. 177
Securing SQL Server	p. 187
Wrapping It Up	p. 205
Securing PHP on the Server	p. 207
Using the Latest Version of PHP	p. 207
Using the Security Features Built into PHP and Apache	p. 213
Using ModSecurity	p. 215
Hardening php.ini	p. 216
Wrapping It Up	p. 218
Introduction to Automated Testing	p. 219
Why Are We Talking About Testing in a Security Book?	p. 219
Testing Framework	p. 220
Types of Tests	p. 222
Choosing Solid Test Data	p. 223
Wrapping It Up	p. 224
Introduction to Exploit Testing	p. 225
What Is Exploit Testing?	p. 225
Fuzzing	p. 226
Testing Toolkits	p. 233
Proprietary Test Suites	p. 246
Wrapping It Up	p. 254
"Don't Get Hacked"
Is Not a Viable Security Policy	p. 255
Plan A: Designing a Secure Application from the Beginning	p. 257
Before You Sit Down at the Keyboard	p. 257
Identifying Points of Failure	p. 269
Wrapping It Up	p. 271
Plan B: Plugging the Holes in Your Existing Application	p. 273
Set Up Your Environment	p. 273
Application Hardening Checklist	p. 276
Wrapping It Up	p. 278
Epilogue: Security Is a Lifestyle Choice: Becoming a Better Programmer	p. 279
Avoid Feature Creep	p. 279
Write Self-Documenting Code	p. 280
Use the Right Tools for the Job	p. 282
Have Your Code Peer-Reviewed	p. 283
Wrapping It Up	p. 284
Appendix: Additional Resources	p. 285
PEAR	p. 285
Books	p. 286
Web Sites	p. 287
Tools	p. 288
Glossary	p. 289
Index	p. 293
Table of Contents provided by Publisher. All Rights Reserved.

Amazon no longer offers textbook rentals. We do!

Securing Php Web Applications

Securing Php Web Applications

9780321534347

0321534344

Summary

Author Biography

Table of Contents

Supplemental Materials

Write a Review