Hatem’s Diaries

I don’t know if the timing was choosen or simple coincidence, Ilia Alshanetsky announced his PHP Guide to Security published by php|architect NanoBooks. Some days after Chris Shiflett announced the Essential PHP Security published by O’Reilly.

PHP Guide to Security is available since September 5th, a 200 pages which cover almost all the security issues for PHP. The goal of the book is to introduce each type of vulnerability and to explain in greatest amount of detail possible what can lead to it and what are the possible consequences.

Rather than drowning you in overlong explanations, this book focuses on providing you with accurate information on proper security techniques, and showing you a step-by-step approach to writing applications that are stable, secure and reliable.

Essential PHP Security (aff link) will be available on November 1, about 130 pages focused on Apache and MySQL, but the principles apply to any platform. Each chapter focuses on a specific category of PHP development, and you are shown the most common and dangerous attacks associated with that particular category.

Within this much-needed (and much-requested) guide, each aspect of a web application (server configuration, form processing, database programming, external files, libraries of PHP code, sessions and cookies) has its own chapter. And within each chapter, potential attacks are explained with examples, and the correct code or configuration to avoid those attacks is given and explained. The book also includes convenient checklists of dangerous commands and configuration directives to secure. This is must for those who use PHP.

I think I’ll get the PHP Guide to Security cause the Essential PHP Security looks very general for me, while Ilia’s book talk in details about some precise security issues. Even that I didn’t finish reading the Zend certification guide that I bought months ago.

Tags: No Tags