Securing PHP: Core Concepts
Minimum price
Suggested price

Securing PHP: Core Concepts

About the Book

Securing PHP: Core Concepts acts as a guide to some of the most common security terms and provides some examples of them in every day PHP. Anything's easier to learn when you're all speaking the same language. This book starts you in the right direction, providing directions on the path to more secure development. Your users deserve a better level of privacy and security in the services they use.

This book looks at topics like:

  • Confidentiality, Integrity and Availability
  • Defense in Depth
  • Failing securely
  • Keeping security simple
  • Threat modeling
  • Attack patterns

...and many more. You'll learn about some of the essential foundations to writing secure software and see how they fit into the over all picture of the Secure Software Development Lifecycle.There's lots of books and articles out there about secure development and secure coding practices, but there's a distinct lack of PHP-targeted resources. The ones that are out there are years old and contain outdated information about things like register_globals or other deprecated features. 

I've been studying secure coding practices and general development for a few years now and I can safely say that this kind of information is in dire need in the PHP community. There's been some efforts in the past to inform developers how to defeat the typical OWASP Top 10 but application securing goes much beyond this. There's a whole ecosystem of terms and techniques around it that PHP developers need to know about.

This book introduces those concepts in an easy and accessible way and provides you with a good jumping off point towards future secure development.

Feedback for Securing PHP: Core Concepts

“I took tremendous value from Securing PHP, rather than a long list of examples of how to implement secure practices; I found this book forced me to really think about some of the decisions I was making in my own code. Writing secure code is more than just taking and implementing specific strategies and more about knowing and understanding all the ways in which your application may be vulnerable and addressing them in a manner that makes the most sense for your application. Even as I was reading, specific examples were coming to mind and giving me a list of things I needed to investigate. Securing PHP did a wonderful job of explaining some common security exploits. This is a must read for any PHP developer.” - Matt Frost

"I finally found the time to read 'Securing PHP: Core Concepts' and it has been a very good reading. I really enjoyed the writing style and the way the CIA approach was presented and the other security concerns. [...] Thanks for writing this book and I look forward to read your next 'Securing PHP: The Usual Suspects'." - Enrico Zimuel

About the Author

Chris Cornutt
Chris Cornutt

Chris has been involved in the PHP community for over a decade. His contributions include curating the PHP news site, writing articles for his PHP-focused security site and speaking at web technology conferences all around the world. He's also written for several major PHP publications and is a co-organizer for both the Dallas PHP user group and the Lone Star PHP Conference. He currently works as an application security developer for Pardot, a division of Salesforce.

You can find him online at

Table of Contents

  • First, a few thanks
  • Introduction
    • Why should you read this book?
    • The Secure Development Lifecycle
    • Where this book fits
  • The CIA (No, not that CIA)
    • Availability
    • Integrity
    • Confidentiality
    • Is that all?
  • A Few “Quick Hits”
    • Threat
    • Vulnerability
    • Risk
    • Exploit
    • Countermeasure
    • Attack Surface
    • Non-repudiation
    • Attack Pattern
    • Attack Surface
    • Trust
    • And finally…
  • Keeping It Simple
    • Going Agile
    • A quick word on architecture
    • Getting down to it
    • Overkill
  • Defense in Depth
    • Information Assurance
    • When it’s not in depth
  • Fail Securely
    • “Fail Secure” versus “Fail Safe”
    • A code example
    • Architected to fail
    • Failure types
  • Least Privilege
    • But what about attacks?
    • Planning to fail
  • Access Control
    • Authentication versus Authorization
    • Types of Controls
    • Planning for Proxy
  • Threat Modeling
    • Switching Perspectives
    • The Process
    • Using STRIDE
    • Using DREAD
  • Learn, Learn and Learn Some More
    • The Importance of Learning (and Teaching!)
  • Appendix
    • Introduction
    • The CIA (No, not that CIA)
    • A Few “Quick Hits”
    • Fail Securely
    • Access Control
    • Threat Modeling

The Leanpub 60-day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

See full terms

80% Royalties. Earn $16 on a $20 book.

We pay 80% royalties. That's not a typo: you earn $16 on a $20 sale. If we sell 5000 non-refunded copies of your book or course for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earnedover $12 millionwriting, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub