|All reviews||Building Secure PHP Apps||Latest reviews||Best sellers ranking|
Building Secure PHP Apps
May 4, 2014
Week: 13 All time: 374
samshal.github.ioWhen writing a PHP enabled Web application, many of us like to focus on every other thing but the vulnerability of our apps or Web sites to black hat hackers, unauthorized user or bot access or generally speaking insecurity.
User privacy, data security and authorized access to information are some of the most discussed topics among developers today, but they are also the most difficult to implement.
This book, Building Secure PHP Applications by Ben Edmunds explains what it really means to have and build a secure Web application using the best practices available to the PHP programming language. It explains the pros and cons of various techniques used in the security industry, and uses concise, easy to read, object oriented PHP code samples to illustrate every discussed idea.
After going through the various chapters of the book, and the in-depth explanations of key security concepts and the best ways to implement them, I began to wish I had come across this book earlier on, when I started learning about the subject of security and how important they are.
One more thing that caught my attention about this book is that it is one of the few books that have really assume the reader can be an absolute beginner.
Most books say this but as soon as you dive in, you find out it’s a entirely a different thing. This one is an exception. It introduces every concept in ways that its easy to grasp by the ‘absolute beginner’ and useful as a reference to the advanced developers.
The author began the book by telling us why our users can never be trusted, he started by narrating a humorous incident in chapter 1 that could arise due to lack of security. He listed ways an application can be open to penetration or unauthorized access and also explained mean to prevent this.
Chapter 2 introduced the major terminologies used in the security industry. The author tells us what they are and why we should care about them.
The parts that caught my attention the most were the HTTPS sections: ‘What is HTTPS’ and ‘Implementing HTTPS’. HTTPS is the most used security concept among PHP developers for reasons that were explicitly explained in this chapter, which also provides solutions and guidelines on how to implement it.
Chapters 3 and 4 talked about how to keep every relevant data item such as passwords, files and pages of a web application encrypted, safe and unavailable to unauthorized users, thereby creating a secure environment and application. Concepts such as hashing, encryption, authorization, authentication and numerous others were concisely laid down in these chapters, code samples and use cases were given to aid comprehension.
Lastly, chapter 5 explains most of the various ways black hat hackers penetrate an application and how those applications may be vulnerable, and also provided solutions and suggestions on how to prevent these instances from happening. Most of the common open doors, penetration techniques and security bugs were discussed in this chapter.
This book really went beyond the line to explain the concept of security and what it means to develop a secure PHP application.
Having a material such as this one that dives deep into the techniques of security and how to implement these techniques in a PHP environment, are not so easy to come by.
This book is very comprehensive, easy to understand and best of all worth reading to anybody interested in the concept of security. Although, it was written for and based on the PHP programming language, developers from other language backgrounds would also find the techniques and concept explanation very useful.
I recommend it to every beginner looking into how to make their applications less vulnerable to black hat attacks, spammers and malicious bots.
It also appeals to intermediate and advanced PHP developers as a reference to the broad subject of security. Developers from other backgrounds would also find this book worth reading as the concepts taught in the book can easily be applied to other areas of software development.
No comments were submitted yet.