Educause Security Discussion mailing list archives
Re: PHP Security
From: Brian Reilly <reillyb () GEORGETOWN EDU>
Date: Wed, 23 Nov 2005 09:30:11 -0500
On 11/23/05, Tim Lane <tlane () scu edu au> wrote:
Hi, just wondering if anyone is aware of recommended guides for PHP security, or good free PHP vulnerability scanners?
Tim, I can recommend this book: Pro PHP Security Chris Snyder, Michael Southwell Apress, Paperback, Published August 2005, 528 pages, ISBN 1590595084 http://www.bookpool.com/sm/1590595084 In addition to covering several classes of PHP attacks, the authors also walk through a few public vulnerabilities in various PHP applications. The book also provides good coverage to general web application vulnerabilities (SQL injection, XSS, unvalidated user input, etc.), which could be used as a security guide for other web application languages. Based entirely on a "gut-feeling" comparison after skimming both of them, I recently ordered this book over the O'Reilly PHP security book. YMMV. --Brian
Current thread:
- PHP Security Tim Lane (Nov 22)
- <Possible follow-ups>
- Re: PHP Security Jim Loter (Nov 22)
- Re: PHP Security H. Morrow Long (Nov 23)
- Re: PHP Security Gary Flynn (Nov 23)
- Re: PHP Security Anthony Maszeroski (Nov 23)
- Re: PHP Security Brian Reilly (Nov 23)