Essential PHP Security
The PHP scripting language works beautifully with other open source tools, such as
the MySQL database and Apache web server software, to build interactive web applications.
But security is still an issue that developers need to address, given the frequency
of attacks on web sites. Essential PHP Security explains the types of attacks that
hackers use on web sites and how to correctly configure Apache and PHP to guard against
them. The author of Essential PHP Security, Chris Shiflett, is an internationally
recognized expert in the field of PHP security and this book shows developers how
to guard against attacks by writing secure PHP code.
|
![]() |
Foreword
Preface
1. Introduction
PHP Features
Principles
Practices
2. Forms and URLs
Forms and Data
Semantic URL Attacks
File Upload Attacks
Cross-Site Scripting
Cross-Site Request Forgeries
Spoofed Form Submissions
Spoofed HTTP Requests
3. Databases and SQL
Exposed Access Credentials
SQL Injection
Exposed Data
4. Sessions and Cookies
Cookie Theft
Exposed Session Data
Session Fixation
Session Hijacking
5. Includes
Exposed Source Code
Backdoor URLs
Filename Manipulation
Code Injection
6. Files and Commands
Traversing the Filesystem
Remote File Risks
Command Injection
7. Authentication and Authorization
Brute Force Attacks
Password Sniffing
Replay Attacks
Persistent Logins
8. Shared Hosting
Exposed Source Code
Exposed Session Data
Session Injection
Filesystem Browsing
Safe Mode
A. Configuration Directives
B. Functions
C. Cryptography
Index
См. также: