Educause Security Discussion mailing list archives

Re: PHP Security

From: Brian Reilly <reillyb () GEORGETOWN EDU>
Date: Wed, 23 Nov 2005 09:30:11 -0500

On 11/23/05, Tim Lane <tlane () scu edu au> wrote:

 Hi,

 just wondering if anyone is aware of recommended guides for PHP security,
or good free PHP vulnerability scanners?


Tim,

I can recommend this book:

Pro PHP Security
Chris Snyder, Michael Southwell
Apress, Paperback, Published August 2005, 528 pages, ISBN 1590595084
http://www.bookpool.com/sm/1590595084

In addition to covering several classes  of PHP attacks, the authors
also walk through a few public vulnerabilities in various PHP
applications.  The book also provides good coverage to general web
application vulnerabilities (SQL injection, XSS, unvalidated user
input, etc.), which could be used as a security guide for other web
application languages.  Based entirely on a "gut-feeling" comparison
after skimming both of them, I recently ordered this book over the
O'Reilly PHP security book.  YMMV.

--Brian

Current thread:

PHP Security Tim Lane (Nov 22)
- <Possible follow-ups>
- Re: PHP Security Jim Loter (Nov 22)
- Re: PHP Security H. Morrow Long (Nov 23)
- Re: PHP Security Gary Flynn (Nov 23)
- Re: PHP Security Anthony Maszeroski (Nov 23)
- Re: PHP Security Brian Reilly (Nov 23)