Securing PHP web applications

Securing PHP web applications

Easy, Powerful Code Security Techniques for Every PHP Developer Hackers specifically target PHP Web applications. Why? Because they know many of these apps are written by programmers with little or no experience or training in software security. Don’t be victimized. Securing PHP Web Applications wil...

Descripción completa

Detalles Bibliográficos
Autor principal: Ballad, Tricia (-)
Otros Autores: Ballad, Bill
Formato: Libro electrónico
Idioma:Inglés
Publicado: Upper Saddle River, NJ : Addison-Wesley c2009.
Edición:1st edition
Materias:
PHP (Computer program language)
Web services > Security measures.
Internet > Computer programs > Security measures.
Application software > Development.
PHP (Computer program language) > Security measures
Web services > Security measures > Computer programs
Internet > Development
Application software
Engineering & Applied Sciences
Computer Science
Ver en Biblioteca Universitat Ramon Llull:https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009627464906719
Tabla de Contenidos:
  • Cover
  • Contents
  • Acknowledgments
  • About the Authors
  • Part I: Web Development Is a Blood Sport-Don't Wander onto the Field Without a Helmet
  • Chapter 1 Security Is a Server Issue and Other Myths
  • Reality Check
  • Security Is a Server Issue
  • Security Through Obscurity
  • Native Session Management Provides Plenty of Security
  • My Application Isn't Major Enough to Get Hacked"
  • The "Barbarians at the Gate" Syndrome
  • Wrapping It Up
  • Part II: Is That Hole Really Big Enough to Drive a Truck Through?
  • Chapter 2 Error Handling
  • The Guestbook Application
  • Users Do the Darnedest Things . . .
  • Building an Error-Handling Mechanism
  • Wrapping It Up
  • Chapter 3 System Calls
  • Navigating the Dangerous Waters of exec(), system(), and Backticks
  • Using escapeshellcmd() and escapeshellarg() to Secure System Calls
  • Create an API to Handle All System Calls
  • Patch the Guestbook Application
  • Wrapping It Up
  • Part III: What's In a Name? More Than You Expect
  • Chapter 4 Buffer Overflows and Variable Sanitation
  • What Is a Buffer, How Does It Overflow, and Why Should You Care?
  • Prevent Buffer Overflows by Sanitizing Variables
  • Patch the Application
  • Wrapping It Up
  • Chapter 5 Input Validation
  • New Feature: Allow Users to Sign Their Guestbook Comments
  • The Problem: Users Who Give You More Than You Asked For
  • Assumptions: You Know What Your Data Looks Like
  • The Solution: Regular Expressions to Validate Input
  • Wrapping It Up
  • Chapter 6 Filesystem Access: Accessing the Filesystem for Fun and Profit
  • Opening Files
  • Creating and Storing Files
  • Changing File Properties Safely
  • Patching the Application to Allow User-Uploaded Image Files
  • Wrapping It Up
  • Part IV: "Aw come on man, you can trust me"
  • Chapter 7 Authentication
  • What Is User Authentication?
  • Privileges
  • How to Authenticate Users.
  • Storing Usernames and Passwords
  • Patching the Application to Authenticate Users
  • Wrapping It Up
  • Chapter 8 Encryption
  • What Is Encryption?
  • Choosing an Encryption Type
  • Password Security
  • Patching the Application to Encrypt Passwords
  • Wrapping It Up
  • Chapter 9 Session Security
  • What Is a Session Variable?
  • Major Types of Session Attacks
  • Patching the Application to Secure the Session
  • Wrapping It Up
  • Chapter 10 Cross-Site Scripting
  • What Is XSS?
  • Reflected XSS
  • Stored XSS
  • Patching the Application to Prevent XSS Attacks
  • Wrapping It Up
  • Part V: Locking Up for the Night
  • Chapter 11 Securing Apache and MySQL
  • Programming Languages, Web Servers, and Operating Systems Are Inherently Insecure
  • Securing a UNIX, Linux, or Mac OS X Environment
  • Securing Apache
  • Securing MySQL
  • Wrapping It Up
  • Chapter 12 Securing IIS and SQL Server
  • Securing a Windows Server Environment
  • Securing IIS
  • Securing SQL Server
  • Wrapping It Up
  • Chapter 13 Securing PHP on the Server
  • Using the Latest Version of PHP
  • Using the Security Features Built into PHP and Apache
  • Using ModSecurity
  • Hardening php.ini
  • Wrapping It Up
  • Chapter 14 Introduction to Automated Testing
  • Why Are We Talking About Testing in a Security Book?
  • Testing Framework
  • Types of Tests
  • Choosing Solid Test Data
  • Wrapping It Up
  • Chapter 15 Introduction to Exploit Testing
  • What Is Exploit Testing?
  • Fuzzing
  • Testing Toolkits
  • Proprietary Test Suites
  • Wrapping It Up
  • Part VI: "Don't Get Hacked" Is Not a Viable Security Policy
  • Chapter 16 Plan A: Designing a Secure Application from the Beginning
  • Before You Sit Down at the Keyboard . . .
  • Identifying Points of Failure
  • Wrapping It Up
  • Chapter 17 Plan B: Plugging the Holes in Your Existing Application
  • Set Up Your Environment
  • Application Hardening Checklist.
  • Wrapping It Up
  • Epilogue: Security Is a Lifestyle Choice: Becoming a Better Programmer
  • Avoid Feature Creep
  • Write Self-Documenting Code
  • Use the Right Tools for the Job
  • Have Your Code Peer-Reviewed
  • Wrapping It Up
  • Appendix: Additional Resources
  • PEAR
  • Books
  • Web Sites
  • Tools
  • Integrated Development Environments (IDE) and Frameworks
  • Exploit Testing Tools
  • Automated Testing Tools
  • Glossary.

Ejemplares similares