When writing a PHP enabled web application, most of us focus on every other thing but the vulnerability of our apps or websites to blackhat hackers, unauthorized user or bot access and more generally, Insecurity.
User privacy, data security and authorized access to information are one of the most discussed topics amongst developers today, but they are also the most difficult to implement.
This book, Building Secure PHP Applications by Ben Edmumds explains what it really means to have and build a secure web application using the best practices available in the PHP programming language. It explains the pros and cons of various techniques used in the security industry, and uses concise, easy to read, object oriented PHP code samples to illustrate every discussed idea.
After going through the various chapters of the book, and the in-depth explanations of key security concepts and the best ways to implement them, I began to wish I had come across this book earlier on, when I started learning about the subject of security and how important they are.
One more thing that caught by attention about this book is that; it is one of the few books that have really kept on their promise of ‘Absolute Beginner Assumed’, most books says this but as soon as you dive in, you find out it’s a whole new thing entirely, this one is an exception. It introduces every concepts in way that its easy to grasp by the ‘absolute beginner’ and useful as a reference to the advanced developers.
The author began the book by telling us why our users can never be trusted, he started by narrating a humorous incident in chapter 1 that could arise due to insecurity. He listed ways an application can be open to penetration or unauthorized access and also gave ways to prevent this.
Chapter 2 introduced the major terminologies used in the security industry, the author told us what they are and why we should care about them. The parts that caught my attention the most were the HTTPS sections: ‘What is HTTPS’ and ‘Implementing HTTPS’. HTTPS is the least most used security concept amongst PHP developers for reasons that were explicitly explained in this chapter, which also provides solutions and guidelines on how to implement it.
Chapters 3 and 4 talked about how to keep every relevant data such as passwords, files and pages of a web application encrypted, safe and unavailable to unauthorized users, thereby creating a secure environment and application. Concepts such as Hashing, Encryption, Authorization, Authentication and numerous others were concisely laid down in these chapters, code samples and use cases were given to aid comprehension.
Lastly, Chapter 5 explains most of the various ways blackhats penetrates an application and how those applications may be vulnerable, and also provided solutions and suggestions on how to prevent these instances from happening. Most of the common open doors, penetration techniques and security bugs were discussed in this chapter.
This book really went beyond the line to explain the concept of security and what it means to develop a secure PHP application.
I recommend it to every beginners looking into how to make their applications less vulnerable to blackhats, spammers and malicious bots. It shall also appeal to intermediate and advanced PHP developers as a reference to the broad subject of security. Developers from other backgrounds would also find this book worth reading as the concepts taught in the book can easily be ported to other areas of software development.
Having a material such as this one that dives deep into the techniques of security and how to implement these techniques in a PHP environment, are not so easy to come by. This book is very comprehensive, easy to understand and best of all worth reading to anybody interested in the concept of security. Although, it was written for and based on the PHP programming language, developers from other language backgrounds would also find the techniques and concept explanation very useful.