Essential PHP Security Book Review

A Guide to building secure web applications

Essential PHP Security explains the most common types of PHP attacks and how to write effective PHP code that can withstand those attacks. Essential PHP Security is broken down into eight chapters covering the following topics – Forms, Databases, Sessions, Cookies, Files, Authentication and Shared Hosting.

All areas of PHP security are covered in this book, it also contains a good number of code examples to use on your own website. Such important basics as filtering input from POST or GET commands is covered along with escaping output – that is escaping or encoding special characters so that there original meaning is preserved.

Other important PHP security such as not naming your include files with the ending of ‘.inc’ but label them with ‘.php’ or store them in a location outside of your web folder so that no-one can see your important data in your include files.

Essential PHP Security provides you with food for thought when writing your PHP code in order to make sure you have made your scripts or applications as secure as possible.

Essential PHP Security is not a long book at around 100 pages, but it does cover all known security areas that need to be covered such as session injection, password sniffing, command injection and spoofed form or http requests.

Essential PHP Security is a good PHP security book that needed to be written and a definite book worth reading and using for reference in order to keep all the PHP security topics in the back of your mind when you are coding.