Security Principles for PHP Applications: A php[architect] guide
Authors: Eric Mann
ISBN-10: 1940111617
ISBN-13: 9781940111612
Publication Date 出版日期: 2017-12-18
Print Length 页数: 204 pages
Book Description
By finelybook
Security is an ongoing process not something to add right before your app launches. In this book,you’ll learn how to write secure PHP applications from first principles. Why wait until your site is attacked or your data is breached? Prevent your exposure by being aware of the ways a malicious user might hijack your web site or API.
Security Principles for PHP Applications is a comprehensive guide. This book contains examples of vulnerable code side-by-side with solutions to harden it. Organized around the 2017 OWASP Top Ten list,topics cover include:
Injection Attacks
Authentication and Session Management
Sensitive Data Exposure
Access Control and Password Handling
PHP Security Settings
Cross-Site Scripting
Logging and Monitoring
API Protection
Cross-Site Request Forgery
…and more.
Written by PHP professional Eric Mann,this book builds on his experience in building secure,web applications with PHP.
Dedication
Application Security From First Principles
About This Book
OWASP
ASR1: Injection
ASR2: Broken Authentication and Session Management
ASR3: Sensitive Data Exposure
ASR4: XML External Entities(XXE)
ASR5: Broken Access Control
ASR6: Security Misconfiguration
ASR7: Cross-Site Scripting (XSS)
ASR8: Insecure Deserialization
ASR9: Using Components With Known Vulnerabilities
ASR10: Insufficient Logging and Monitoring
Keeping Ahead of the Trends
Insufficient Attack Prevention
Underprotected APIs
Cross-Site Request Forgery (CSRF)
Unvalidated Redirects and Forwards
Peer Code Review
Further Reading and Resources
Responsible Disclosure
Credits
