Building Secure PHP Apps
Building Secure PHP Apps
is your PHP app truly secure? Let's make sure you get home on time and sleep well at night.
About the Book
Do you ever wonder how vulnerable you are to being hacked? Do you feel confident about storing your users sensitive information? Imagine feeling confident in the integrity of your software when you store your user's sensitive data. No more fighting fires with lost data, no more late nights, your application is secure. In this short book I'll give you clear, actionable details on how to secure various parts of your web application. You will also find scenarios to handle and improve existing legacy issues.
Several years ago I was writing a web application for a client in the CodeIgniter PHP framework, *shudder*, but CodeIgniter didn't include any type of authentication system built in. I of course did what any good/lazy developer would do and went on the hunt for a well made library to supply authentication capabilities. To my chagrin I discovered that there weren't any clean, concise libraries that fit my needs for authentication in CodeIgniter. Thus began my journey of creating Ion Auth, a simple authentication library for CodeIgniter, and a career long crusade for securing web applications as well as helping other developers do the same.
Here we are years later, a lot of us have moved on to other frameworks or languages, but I still repeatedly see basic security being overlooked. So let's fix that. I want to make sure that you'll never have to live the horror of leaking user passwords, or have someone inject malicious SQL into your database, or the suite of other "hacks" that could have been easily avoided. Let's make sure we all get home on time and sleep well at night.
This is a quick read, at just over 100 pages. This is a handbook style guide to specific items you can act on. The following sections will be covered:
- Never trust your users - escape all input
- HTTPS/SSL/BCA/JWH/SHA and other random letters, some of them actually matter
- Password Encryption and Storage for Everyone
- Authentication, Access Control, and Safe File Handing
- Safe Defaults, Cross Site Scripting and other Popular Hacks
All code examples are written in PHP with accompanying source code on GitHub.
This book is now 100% complete and ready to school you. There will be occasional releases for errata and to keep things up to date.
Eric "Aken" Roberts is the Director of Application Development at Swarming Technology in Milwaukee, Wisconsin. You can often find him helping out in #Laravel and pinging people on Twitter. Outside of a text editor, he writes and reviews various publications (okay, that's may happen in a text editor, too), plays tennis and drums, collects Hot Wheels, torments his cats, and drinks too much Mountain Dew. And he's getting married in October!
Tech Reviewer & Grammar Freak
- Sample Code
- About the Author
Chapter 1 - Never Trust Your Users. Sanitize ALL Input!
- SQL Injection
- Mass Assignment
- Sanitizing Output
Chapter Two - HTTPS/SSL/BCA/JWH/SHA and Other Random Letters; Some of Them Actually Matter.
- What is HTTPS
- When to use HTTPS
- Implementing HTTPS
Chapter 3 - Password Encryption and Storage for Everyone
- The Small Print
- What is a Hash?
- Popular Attacks
- A Pinch of Salt
- Hashing Algorithms
- Putting It All Together
- Brute Force Protection
- Upgrading Legacy Systems
Chapter 4 - Authentication, Access Control, and Safe File Handing
- Access Control
- Validating Redirects
- Safe File Handing
Chapter 5 - Safe Defaults, Cross Site Scripting, and Other Popular Hacks
- Never Trust Yourself - Use Safe Defaults
- Never Trust Dynamic Typing. It’s Not Your Friend.
- Cross Site Scripting
- Attack Entry Points
- Cross Site Request Forgery
- Multiple Form Submits
- Race Conditions
- Outdated Libraries / External Programs
- About the Author
- Security Audit / Consulting
The Leanpub 45-day 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
C++20 is the next big C++ standard after C++11. As C++11 did it, C++20 changes the way we program modern C++. This change is, in particular, due to the big four of C++20: ranges, coroutines, concepts, and modules.
The book is almost daily updated. These incremental updates ease my interaction with the proofreaders.
A Guide to Artificial Intelligence in HealthcareDr. Bertalan Mesko
Can we stay human in the age of A.I.? To go even further, can we grow in humanity, can we shape a more humane, more equitable and sustainable healthcare? This e-book aims to prepare healthcare and medical professionals for the era of human-machine collaboration. Read our guide to understanding, anticipating and controlling artificial intelligence.
C++ Best PracticesJason Turner
Level up your C++, get the tools working for you, eliminate common problems, and move on to more exciting things!
Atomic KotlinBruce Eckel and Svetlana Isakova
For both beginning and experienced programmers! From the author of the multi-award-winning Thinking in C++ and Thinking in Java together with a member of the Kotlin language team comes a book that breaks the concepts into small, easy-to-digest "atoms," along with exercises supported by hints and solutions directly inside IntelliJ IDEA!
Sockets and PipesType Classes
Sockets and Pipes is not an introduction to Haskell; it is an introduction to writing software in Haskell. Using a handful of everyday Haskell libraries, this book walks through reading the HTTP specification and implementing it to create a web server.
Introducing EventStormingAlberto Brandolini
The deepest tutorial and explanation about EventStorming, straight from the inventor.
node-opcua by exampleEtienne Rossignon
Get the best out of node-opcua through a set of documented examples by the author himself that will allow you to create stunning OPCUA Servers or Clients.
Ansible for DevOpsJeff Geerling
Ansible is a simple, but powerful, server and configuration management tool. Learn to use Ansible effectively, whether you manage one server—or thousands.
Functional Design and ArchitectureAlexander Granin
Software Design in Functional Programming, Design Patterns and Practices, Methodologies and Application Architectures. How to build real software in Haskell with less efforts and low risks. The first complete source of knowledge.
Composing SoftwareEric Elliott
All software design is composition: the act of breaking complex problems down into smaller problems and composing those solutions. Most developers have a limited understanding of compositional techniques. It's time for that to change.
Software Architecture for Developers: Volumes 1 & 2 - Technical leadership and communication
2 Books"Software Architecture for Developers" is a practical and pragmatic guide to modern, lightweight software architecture, specifically aimed at developers. You'll learn:The essence of software architecture.Why the software architecture role should include coding, coaching and collaboration.The things that you really need to think about before...
All the Books of The Medical Futurist
6 BooksWe put together the most popular books from The Medical Futurist to provide a clear picture about the major trends shaping the future of medicine and healthcare. Digital health technologies, artificial intelligence, the future of 20 medical specialties, big pharma, data privacy, digital health investments and how technology giants such as Amazon...
3 BooksBuy every PowerShell book from Adam Bertram at a 20% discount!
Cisco CCNA 200-301 Complet
4 BooksCe lot comprend les quatre volumes du guide préparation à l'examen de certification Cisco CCNA 200-301.
Linux Administration Complet
4 BooksCe lot comprend les quatre volumes du Guide Linux Administration :Linux Administration, Volume 1, Administration fondamentale : Guide pratique de préparation aux examens de certification LPIC 1, Linux Essentials, RHCSA et LFCS. Administration fondamentale. Introduction à Linux. Le Shell. Traitement du texte. Arborescence de fichiers. Sécurité...
Modern C++ by Nicolai Josuttis
Django for Beginners/APIs/Professionals
Learn Git, Bash, and Terraform the Hard Way
3 BooksLearn Git, Bash and Terraform using the Hard Way method.These technologies are essential tools in the DevOps armoury. These books walk you through their features and subtleties in a simple, gradual way that reinforces learning rather than baffling you with theory.
Software Architecture and Beautiful APIs
2 BooksThere is no better way to learn how to design good APIs than to look at many existing examples, complementing the Software Architecture theory on API design.
Digital Future of Healthcare and Pharma
3 BooksThese three popular e-books from The Medical Futurist describes how digital health technologies will shape the future of health, healthcare, medicine and pharma with exciting infographics in a digestible format.