на главную поиск contacts

Essential PHP Security

Опубликовано на портале: 15-11-2006
Изд-во: O'Reilly Media, 2005, 124 с.
The PHP scripting language works beautifully with other open source tools, such as the MySQL database and Apache web server software, to build interactive web applications. But security is still an issue that developers need to address, given the frequency of attacks on web sites. Essential PHP Security explains the types of attacks that hackers use on web sites and how to correctly configure Apache and PHP to guard against them. The author of Essential PHP Security, Chris Shiflett, is an internationally recognized expert in the field of PHP security and this book shows developers how to guard against attacks by writing secure PHP code.



1. Introduction
     PHP Features

2. Forms and URLs
     Forms and Data
     Semantic URL Attacks
     File Upload Attacks
     Cross-Site Scripting
     Cross-Site Request Forgeries
     Spoofed Form Submissions
     Spoofed HTTP Requests

3. Databases and SQL
     Exposed Access Credentials
     SQL Injection
     Exposed Data

4. Sessions and Cookies
     Cookie Theft
     Exposed Session Data
     Session Fixation
     Session Hijacking

5. Includes
     Exposed Source Code
     Backdoor URLs
     Filename Manipulation
     Code Injection

6. Files and Commands
     Traversing the Filesystem
     Remote File Risks
     Command Injection

7. Authentication and Authorization
     Brute Force Attacks
     Password Sniffing
     Replay Attacks
     Persistent Logins

8. Shared Hosting
     Exposed Source Code
     Exposed Session Data
     Session Injection
     Filesystem Browsing
     Safe Mode

A. Configuration Directives

B. Functions

C. Cryptography


Ключевые слова

См. также:
Adam Trachtenberg, David Sklar
Jesse Liberty
Tim Patrick, John Clark Craig
Jesse Liberty
Jesse Liberty
Ray Lischner
Jeff Cogswell, Jonathan Turkanis, Christopher Diggins, Ryan Stephens