Secure your PHP-based web applications with this compact handbook. You'll get clear, practical and actionable details on how to secure various parts of your PHP web application. You'll also find scenarios to handle and improve existing legacy issues.Is your PHP app truly secure? Let's make sure you get home on time and sleep well at night. Learn the security basics that a senior developer usually acquires over years of experience, all condensed down into one quick and easy handbook. Do you ever wonder how vulnerable you are to being hacked? Do you feel confident about storing your users' sensitive information? Imagine feeling confident in the integrity of your software when you store your users' sensitive data. No more fighting fires with lost data, no more late nights, your application is secure.Well, this short book will answer your questions and give you confidence in being able to secure your and other PHP web apps. What You'll Learn Never trust your users - escape all inputHTTPS/SSL/BCA/JWH/SHA and other random letters: some of them actually matterHow to handle password encryption and storage for everyoneWhat are authentication, access control, and safe file handing and how to implement themWhat are safe defaults, cross site scripting and other popular hacks Who This Book Is For Experienced PHP coders, programmers, developers.
Most applications these days are at least somewhat network aware, but how do you protect those applications against common network security threats? Many developers are turning to OpenSSL, an open source version of SSL/TLS, which is the most widely used protocol for secure network communications. The OpenSSL library is seeing widespread adoption for web sites that require cryptographic functions to protect a broad range of sensitive information, such as credit card numbers and other financial transactions. The library is the only free, full-featured SSL implementation for C and C++, and it can be used programmatically or from the command line to secure most TCP-based network protocols. Network Security with OpenSSL enables developers to use this protocol much more effectively. Traditionally, getting something simple done in OpenSSL could easily take weeks. This concise book gives you the guidance you need to avoid pitfalls, while allowing you to take advantage of the library?s advanced features. And, instead of bogging you down in the technical details of how SSL works under the hood, this book provides only the information that is necessary to use OpenSSL safely and effectively. In step-by-step fashion, the book details the challenges in securing network communications, and shows you how to use OpenSSL tools to best meet those challenges. As a system or network administrator, you will benefit from the thorough treatment of the OpenSSL command-line interface, as well as from step-by-step directions for obtaining certificates and setting up your own certification authority. As a developer, you will further benefit from the in-depth discussions and examples of how to use OpenSSL in your own programs. Although OpenSSL is written in C, information on how to use OpenSSL with Perl, Python and PHP is also included. OpenSSL may well answer your need to protect sensitive data. If that?s the case, Network Security with OpenSSL is the only guide available on the subject.