Pro PHP Security
By: Chris Snyder and Michael Southwell
Published by Apress
The entire first half of this book, and even partial sections of the second half appear to be more geared towards system administration (which I don't really have any interest in). With that said, I don't feel that I have much authority to criticize this book aside from the fact that overall it's not a very "fun" book to read (I did skim through a couple chapters), but rather one of the more serious ones. On the other hand there were several parts I found extremely interesting, such as topics on encryption and hashing, using hashing to verify integrity of files, creating application level user roles, as well as the chapter on XSS (cross site scripting). The authors are without any doubt very paranoid and security conscious individuals; several discussions I believe could even easily be considered a little too paranoid. As opposed to a how-to/reference guide, the book in my mind is lot more "general information" which gives a good solid background on topics one might be interested in, plenty of web addresses to further educate yourself, theoretical approach's and what not. Therefore, and overall I feel this book was written specifically for sysadmins and/or anyone up for some good discussion on security. If you're more the type to follow along with in-depth examples, or expand upon existing code, then this book probably won't interest you. The pre-mentioned topics of interest made it worth it for me. No regrets. | DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More PHP Book Reviews Articles
More By notepad  developerWorks - FREE Tools!
|
<a href="http://zeus.developershed.com/shonuff.php?blackbird=3853&zoneid=442&source=&dest=http%3A%2F%2Fwww.ibm.com%2Fdeveloperworks%2Fspaces%2Fjazz%3FS_TACT%3D105AGY31%26S_CMP%3DDEVSHED&ismap="><img src="http://images.devshed.com/corp/img/news/jazz01.gif" alt="developerWorks Jazz space" align="left"></a>You've heard the buzz about Jazz... want to know more about it from a developer's perspective? Check out the Jazz space on developerWorks. This space is an up-to-date resource for developers, including technical information about Jazz and products built on Jazz, like Rational Team Concert Express. The Jazz space includes content from a wide variety of sources, including links, feeds, and comments from experts.
FREE! Go There Now!
| | | |
CakePHP is a stable production-ready, rapid-development aid for building Web sites in PHP. This "Cook up Web sites fast with CakePHP" series shows you how to build an online product catalog using CakePHP.
FREE! Go There Now!
| | | |
This tutorial applies the concepts that were covered in the first part of this two-part series to a real-world example.
FREE! Go There Now!
| | | |
IBM DB2 9.5 provides new options for tighter security, and allows for more granularity and flexibility in administration of the database. This tutorial is the first of two tutorials that cover roles and trusted contexts. Follow the exercises in this tutorial, and learn how to take advantage of the new DB2 feature roles in combination with other essential e-business technologies such as Web services, Web application server, and DB2 database server.
FREE! Go There Now!
| | | |
To create, test, and deploy a Web-based application or Web service rapidly, you need a proven relational database, a standards-compliant Web application server, and a flexible IDE. Ideally, all these software packages are production-tested, simple to obtain, easy to use, and well integrated with one another. This tutorial shows you how to use IBM-backed open source and free software to kick-start your Java Web-based application development. You'll learn exactly where to download such components, install them, and get them working for you today.
FREE! Go There Now!
| | | |
This tutorial presents an innovative use of the well-known Really Simple Syndication (RSS) format's associative properties to emulate the functionality of a simple relational database. It demonstrates using RSS channels to store contact information and meeting information -- much as a personal address book and calendar does. It uses RSS elements and attributes such as items and guids to create a neural-network-like mesh of related data.
FREE! Go There Now!
| | | |
This paper is about the critical role that a discipline called integrated requirements management can play in helping to ensure that your business goals and IT investments are continuously aligned—whether you are sourcing, integrating, building or maintaining software. It also looks at ways that automated IBM Rational® products can work together to help you use requirements in the very best way.
FREE! Go There Now!
| | | |
Join the IBM Watchfire team for an informative discussion on techniques and best practices to proactively manage Web application security and how to effectively build application security testing into the software development lifecycle (SDLC). In this Software Delivery Platform webcast you will learn: How to better understand potential web application security vulnerabilities, best practices and how to effectively integrate application security testing into the software development lifecycle, the importance of detecting and removing software vulnerabilities during application development.
FREE! Go There Now!
| | | |
In this webcast, IBM Rational will discuss the importance of Web application security and will share techniques and best practices to introduce application security testing into current QA processes including: understanding common security vulnerabilities and techniques to integrate security testing with defect tracking and remediation systems in an effort to safeguard sensitive online information.
FREE! Go There Now!
| | | |
Viper 2 brings a great value to developer communities including SQL, XML, PHP, Ruby, .NET and Java. You probably already know that DB2 Express-C is free for developers to develop, deploy and distribute. Viper 2 provides a variety of means that help move your application from the development stage to deployment more rapidly. This webcast shows how to best utilize the latest tools available for developing DB2 applications.
FREE! Go There Now!
| | | |
All FREE IBM® developerWorks Tools!
| |
