PHP Book Reviews
  Home arrow PHP Book Reviews arrow Pro PHP Security
IBM Developerworks
Codewalker Forums 
  Tutorials  
Database Articles  
Miscellaneous  
Navigation Usability  
PEAR Articles  
Programming Basics  
Server Administration  
XML Tutorials  
  Reviews  
Database Book Reviews  
Linux Book Reviews  
Miscellaneous Reviews  
PHP Book Reviews  
PHP Software Reviews  
Server Admin Reviews  
SQL Tool Reviews  
  Code Gallery  
Content Management Code  
Contest Code  
Counters Code  
Database Code  
Date Time Code  
Discussion Board Code  
Email Code  
File Manipulation Code  
GUI Code  
Link Farm Code  
Miscellaneous Code  
Search Code  
Site Navigation Code  
User Management Code  
Forums Sitemap 
Dedicated Servers  
Download TestComplete 
IBM® developerWorks
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
PHP BOOK REVIEWS

Pro PHP Security
By: notepad
  • Search For More Articles!
  • Disclaimer
  • Author Terms
  • Rating: 5 stars5 stars5 stars5 stars5 stars / 3
    2005-11-19

    Table of Contents:

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
     
     
     
    ADVERTISEMENT

    Stay one step ahead of the competition. Evaluate and give feedback on some of the hottest web development tools on the market today. Make your opinion heard! Click Here

    Pro PHP Security
    By: Chris Snyder and Michael Southwell
    Published by Apress

    The entire first half of this book, and even partial sections of the second half appear to be more geared towards system administration (which I don't really have any interest in). With that said, I don't feel that I have much authority to criticize this book aside from the fact that overall it's not a very "fun" book to read (I did skim through a couple chapters), but rather one of the more serious ones.

    On the other hand there were several parts I found extremely interesting, such as topics on encryption and hashing, using hashing to verify integrity of files, creating application level user roles, as well as the chapter on XSS (cross site scripting). The authors are without any doubt very paranoid and security conscious individuals; several discussions I believe could even easily be considered a little too paranoid.

    As opposed to a how-to/reference guide, the book in my mind is lot more "general information" which gives a good solid background on topics one might be interested in, plenty of web addresses to further educate yourself, theoretical approach's and what not. Therefore, and overall I feel this book was written specifically for sysadmins and/or anyone up for some good discussion on security. If you're more the type to follow along with in-depth examples, or expand upon existing code, then this book probably won't interest you.

    The pre-mentioned topics of interest made it worth it for me. No regrets.


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

    More PHP Book Reviews Articles
    More By notepad

     

    IBM® developerWorks developerWorks - FREE Tools!


    Check out the new Jazz space on developerWorks

    <a href="http://zeus.developershed.com/shonuff.php?blackbird=3853&zoneid=442&source=&dest=http%3A%2F%2Fwww.ibm.com%2Fdeveloperworks%2Fspaces%2Fjazz%3FS_TACT%3D105AGY31%26S_CMP%3DDEVSHED&ismap="><img src="http://images.devshed.com/corp/img/news/jazz01.gif" alt="developerWorks Jazz space" align="left"></a>You've heard the buzz about Jazz... want to know more about it from a developer's perspective? Check out the Jazz space on developerWorks. This space is an up-to-date resource for developers, including technical information about Jazz and products built on Jazz, like Rational Team Concert Express. The Jazz space includes content from a wide variety of sources, including links, feeds, and comments from experts.
    FREE! Go There Now!


    NEW! Cook up Web sites fast with CakePHP, Part 4: Use CakePHP&apos;s Session and Request Handler components

    CakePHP is a stable production-ready, rapid-development aid for building Web sites in PHP. This "Cook up Web sites fast with CakePHP" series shows you how to build an online product catalog using CakePHP.
    FREE! Go There Now!


    NEW! Demystifying the automation of custom controls: Part 2. A step-by-step example of using IBM Rational Functional Tester to automate custom controls

    This tutorial applies the concepts that were covered in the first part of this two-part series to a real-world example.
    FREE! Go There Now!


    NEW! Implement new security capabilities in DB2 9.5, Part 1: Understanding roles in DB2 9.5

    IBM DB2 9.5 provides new options for tighter security, and allows for more granularity and flexibility in administration of the database. This tutorial is the first of two tutorials that cover roles and trusted contexts. Follow the exercises in this tutorial, and learn how to take advantage of the new DB2 feature roles in combination with other essential e-business technologies such as Web services, Web application server, and DB2 database server.
    FREE! Go There Now!


    NEW! Kick-start your Java apps

    To create, test, and deploy a Web-based application or Web service rapidly, you need a proven relational database, a standards-compliant Web application server, and a flexible IDE. Ideally, all these software packages are production-tested, simple to obtain, easy to use, and well integrated with one another. This tutorial shows you how to use IBM-backed open source and free software to kick-start your Java Web-based application development. You'll learn exactly where to download such components, install them, and get them working for you today.
    FREE! Go There Now!


    NEW! Push RSS to new limits

    This tutorial presents an innovative use of the well-known Really Simple Syndication (RSS) format's associative properties to emulate the functionality of a simple relational database. It demonstrates using RSS channels to store contact information and meeting information -- much as a personal address book and calendar does. It uses RSS elements and attributes such as items and guids to create a neural-network-like mesh of related data.
    FREE! Go There Now!


    NEW! The role of integrated requirements management in software delivery

    This paper is about the critical role that a discipline called integrated require­ments management can play in helping to ensure that your business goals and IT investments are continuously aligned—whether you are sourcing, integrat­ing, building or maintaining software. It also looks at ways that automated IBM Rational® products can work together to help you use requirements in the very best way.
    FREE! Go There Now!


    NEW! Webcast: Application security testing and Web compliance

    Join the IBM Watchfire team for an informative discussion on techniques and best practices to proactively manage Web application security and how to effectively build application security testing into the software development lifecycle (SDLC). In this Software Delivery Platform webcast you will learn: How to better understand potential web application security vulnerabilities, best practices and how to effectively integrate application security testing into the software development lifecycle, the importance of detecting and removing software vulnerabilities during application development.
    FREE! Go There Now!


    NEW! Webcast: Calling All Testers! Find Application Vulnerabilities Early in the Development Process Where they are Easier to Fix and Less Risky to your Business

    In this webcast, IBM Rational will discuss the importance of Web application security and will share techniques and best practices to introduce application security testing into current QA processes including: understanding common security vulnerabilities and techniques to integrate security testing with defect tracking and remediation systems in an effort to safeguard sensitive online information.
    FREE! Go There Now!


    NEW! Webcast: What is new in Viper 2 for developers?

    Viper 2 brings a great value to developer communities including SQL, XML, PHP, Ruby, .NET and Java. You probably already know that DB2 Express-C is free for developers to develop, deploy and distribute. Viper 2 provides a variety of means that help move your application from the development stage to deployment more rapidly. This webcast shows how to best utilize the latest tools available for developing DB2 applications.
    FREE! Go There Now!



    All FREE IBM® developerWorks Tools!

    PHP BOOK REVIEWS ARTICLES

    - PHP 5 Objects, Patterns, and Practice
    - Pro PHP-GTK
    - Programming PHP, 2nd Edition
    - Pro PHP XML and Web Services
    - PHP Unleashed
    - Pro PHP Security
    - Essential PHP Security
    - Beginning PHP 5 and MySQL: From Novice to Pr...
    - Advanced PHP Programming
    - The Zend PHP Certification Practice Test Book
    - Essential PHP Tools
    - Web Database Applications with PHP & MySQL
    - O'Reilly's PHP Security Collection
    - Core PHP Programming - 3rd Edition
    - PHP and MySQL Web Development - Second Editi...


     
    Accelerating Trading Partner Performance
     
    Competing on Analytics
     
    Cost Effective Scaling with Virtualization and Coyote Point Systems
     
    Five Checkpoints to Implementing IP Telephony
     
    Hosted Email Security: Staying Ahead of New Threats
     




    © 2003-2008 by Developer Shed. All rights reserved. DS Cluster 5 hosted by Hostway