Archive for March 2014


Securing PHP: The Usual Suspects Released

March 31st, 2014 — 2:49pm

I’m happy to announce that the next book in the popular “Securing PHP” ebook series has been released – “Securing PHP: The Usual Suspects”!

You are the developer, you hold the power in your hands to protect your users and their information. They trust you with it, shouldn’t you do everything you can to keep that trust?

Let me guide you through a look at some of the most common issues with web applications and suggest ways to correct them along the way. Even if you’re a novice to security or to PHP, this book can help you get started down a more secure path. The OWASP Top 10 is a great guide to the common vulnerabilities, but it doesn’t provide the useful, concrete examples you need to be a more effective and secure developer. I’ll provide this foundation on topics like:

  • Cross-site scripting, what it is and how to prevent it
  • Poor authentication and authorization practices
  • Preventing several types of injection
  • Auditing potentially vulnerable components
  • Protecting your users’ sensitive data

This book will help you sleep better at night knowing you’ve put in the time and work to protect your applications and the users that trust it.

You can grab a copy of it over on LeanPub right now for just $19.99 USD. The book is on an incremental rollout schedule, so right now just the first two chapters are included. The first covers various injection types (including SQL injection, one of the most widespread) and how to prevent them in your applications. The second chapter covers some of the common problems around authentication and authorization.

Comment » | PHP, Securing PHP, security, websec.io

Back to top