Essential PHP Security By: Chris Shiflett Published by O'Reilly
I have a lot of respect for Chris, the author of this book, so much that I pre-ordered this book after first hearing about it on his blog. I couldn't help but think to myself "finally, a non-beginners PHP book that'll teach me all sorts of cool hacks! I can't wait to find out how vulnerable my personal website is so I can have an excuse to start working on it again!"
After reading, I can't decide if I am disappointed or flattered... In other words, should I be disappointed that I really only learned ONE thing, or should I be flattered that I am apparently a very security conscious individual? Any PHP book you buy will tell you "don't trust user input" and Chris' book basically seems to say the same thing only in a much longer in-depth explanation as to why with examples provided. All of the information provided in the book is good, definately "must know" information for any serious web developer, but it wasn't really ground-breaking in terms of other books already on the market as I expected it would be. The only things I really learned were how to spoof an HTTP_REFERER, and a slight variation on an SQL injection attack. Overall I don't feel that my personal website needs a single update to prevent any of the attacks described in the book.
Since I know not everyone is as uber 1337 as me, I'd recommending checking this book out. At 8 chapters and a total of 109 pages I don't think it's worth the $29.95(US)/$41.95(CAN) although I've seen enough vulnerable applications to know that this book will mean a lot to a lot of people.
DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.