Securing PHP Web Applications (Paperback)
暫譯: 保護 PHP 網頁應用程式 (平裝本)

Tricia Ballad, William Ballad

Securing PHP Web Applications (Paperback)
  • 出版商: Addison Wesley
  • 出版日期: 2008-12-26
  • 售價: $1,575
  • 貴賓價: 9.5$1,496
  • 語言: 英文
  • 頁數: 336
  • 裝訂: Paperback
  • ISBN: 0321534344
  • ISBN-13: 9780321534347
  • 相關分類: PHP

    • 立即出貨(限量) (庫存=1)

買這商品的人也買了...

相關主題

商品描述

Easy, Powerful Code Security Techniques for Every PHP Developer

 

Hackers specifically target PHP Web applications. Why? Because they know many of these apps are written by programmers with little or no experience or training in software security. Don’t be victimized. Securing PHP Web Applications will help you master the specific techniques, skills, and best practices you need to write rock-solid PHP code and harden the PHP software you’re already using.

 

Drawing on more than fifteen years of experience in Web development, security, and training, Tricia and William Ballad show how security flaws can find their way into PHP code, and they identify the most common security mistakes made by PHP developers. The authors present practical, specific solutions–techniques that are surprisingly easy to understand and use, no matter what level of PHP programming expertise you have.

 

Securing PHP Web Applications covers the most important aspects of PHP code security, from error handling and buffer overflows to input validation and filesystem access. The authors explode the myths that discourage PHP programmers from attempting to secure their code and teach you how to instinctively write more secure code without compromising your software’s performance or your own productivity.

 

Coverage includes

  • Designing secure applications from the very beginning–and plugging holes in applications you can’t rewrite from scratch
  • Defending against session hijacking, fixation, and poisoning attacks that PHP can’t resist on its own
  • Securing the servers your PHP code runs on, including specific guidance for Apache, MySQL, IIS/SQL Server, and more
  • Enforcing strict authentication and making the most of encryption
  • Preventing dangerous cross-site scripting (XSS) attacks
  • Systematically testing yourapplications for security, including detailed discussions of exploit testing and PHP test automation
  • Addressing known vulnerabilities in the third-party applications you’re already running

Tricia and William Ballad demystify PHP security by presenting realistic scenarios and code examples, practical checklists, detailed visuals, and more. Whether you write Web applications professionally or casually, or simply use someone else’s PHP scripts, you need this book–and you need it now, before the hackers find you!

商品描述(中文翻譯)

《每位 PHP 開發者都能輕鬆掌握的強大程式碼安全技術》

駭客特別針對 PHP 網頁應用程式進行攻擊。為什麼?因為他們知道許多這些應用程式是由經驗不足或沒有接受過軟體安全訓練的程式設計師所撰寫的。不要成為受害者。保護 PHP 網頁應用程式 將幫助你掌握撰寫堅如磐石的 PHP 程式碼和加固你已經使用的 PHP 軟體所需的具體技術、技能和最佳實踐。

基於超過十五年的網頁開發、安全和培訓經驗,Tricia 和 William Ballad 展示了安全漏洞如何進入 PHP 程式碼,並指出 PHP 開發者最常犯的安全錯誤。作者提供實用且具體的解決方案——這些技術出乎意料地容易理解和使用,無論你擁有何種程度的 PHP 程式設計專業知識。

保護 PHP 網頁應用程式 涵蓋了 PHP 程式碼安全的最重要方面,從錯誤處理和緩衝區溢出到輸入驗證和檔案系統存取。作者揭穿了那些使 PHP 程式設計師不敢嘗試保護其程式碼的迷思,並教你如何本能地撰寫更安全的程式碼,而不會妨礙軟體的性能或你自己的生產力。

內容包括:
- 從一開始就設計安全的應用程式——以及修補無法從頭重寫的應用程式中的漏洞
- 防範 PHP 無法獨自抵擋的會話劫持、固定和中毒攻擊
- 確保你的 PHP 程式碼運行的伺服器安全,包括對 Apache、MySQL、IIS/SQL Server 等的具體指導
- 強制執行嚴格的身份驗證並充分利用加密
- 防止危險的跨站腳本 (XSS) 攻擊
- 系統性地測試你的應用程式的安全性,包括對漏洞測試和 PHP 測試自動化的詳細討論
- 解決你已經運行的第三方應用程式中的已知漏洞

Tricia 和 William Ballad 透過呈現現實場景和程式碼範例、實用的檢查清單、詳細的視覺圖示等,讓 PHP 安全變得不再神秘。無論你是專業還是隨意撰寫網頁應用程式,或僅僅使用他人的 PHP 腳本,你都需要這本書——而且你需要在駭客找到你之前,立即擁有它!

類似商品