Domain: phpsecurity.org
Stories and comments across the archive that link to phpsecurity.org.
Comments · 7
-
Re:Please be more forthcoming
Nearly there.
Always treat code as hostile.
Defense in depth, capabilities, least privilege, fail closed, scrub inputs, escape everything
... I think there have been a few books written on this.In PHP's case this fellow's slender volume is quite helpful: http://phpsecurity.org/ . And http://noscript.net/
g'luck! . -
Re:Be Prepared?
Essential PHP Security is what you are looking for. The book covers a wide range of attacks and how to deal with them. In addition, the website has a couple of sample chapters so you can take a look and see if you like it.
-
Re:Rule #1
The author specifically deals with this issue in Chapter 8. -
Re:Chris Shiflett
You're welcome to read the reviews and the (very thorough) errata yourself:
http://phpsecurity.org/reviews
http://phpsecurity.org/errata
You'll be hard-pressed to find anything beyond simple typos and unclear sentences, I think, and the reviews have been very positive. :-) -
Re:Chris Shiflett
You're welcome to read the reviews and the (very thorough) errata yourself:
http://phpsecurity.org/reviews
http://phpsecurity.org/errata
You'll be hard-pressed to find anything beyond simple typos and unclear sentences, I think, and the reviews have been very positive. :-) -
Support the Author
If you want to save some money and also support the author (me), please use this link:
http://phpsecurity.org/buy
You get the book for less than $20. :-) -
Re:What about security?
There are a few books on PHP security, one of which has a nice web site and code repository: