Pro PHP Security and over 2 million other books are available for Amazon Kindle . Learn more

Sign in to turn on 1-Click ordering.
More Buying Choices
Have one to sell? Sell yours here
Sorry, this item is not available in
Image not available for
Image not available

Start reading Pro PHP Security on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Pro PHP Security [Paperback]

Chris Snyder , Michael Southwell
3.3 out of 5 stars  See all reviews (3 customer reviews)
RRP: £35.49
Price: £28.25 & FREE Delivery in the UK. Details
You Save: £7.24 (20%)
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In stock.
Dispatched from and sold by Amazon. Gift-wrap available.
Want it tomorrow, 22 Sep.? Choose Express delivery at checkout. Details


Amazon Price New from Used from
Kindle Edition £26.84  
Paperback £28.25  
There is a newer edition of this item:
Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses (Expert's Voice in Open Source) Pro PHP Security: From Application Security Principles to the Implementation of XSS Defenses (Expert's Voice in Open Source)
In stock.

Book Description

1 Aug 2005
Pro PHP Security is arguably the most comprehensive PHP security book available, and is highly recommended to any developer or administrator of a PHP-based Web site. - Michael J. Ross, Web developer/Slashdot contributor Pro PHP Security is one of the first books devoted solely to PHP security. It will serve as your complete guide for taking defensive and proactive security measures within your PHP applications. (And the methods discussed are compatible with PHP versions 3, 4, and 5.) The knowledge you'll gain from this comprehensive guide will help you prevent attackers from potentially disrupting site operation or destroying data. And you'll learn about various security measures, for example, creating and deploying "captchas," validating e-mail, fending off SQL injection attacks, and preventing cross-site scripting attempts.

Product details

  • Paperback: 532 pages
  • Publisher: Springer (1 Aug 2005)
  • Language: English
  • ISBN-10: 1590595084
  • ISBN-13: 978-1590595084
  • Product Dimensions: 23.4 x 17.9 x 2.7 cm
  • Average Customer Review: 3.3 out of 5 stars  See all reviews (3 customer reviews)
  • Amazon Bestsellers Rank: 1,129,993 in Books (See Top 100 in Books)
  • See Complete Table of Contents

Inside This Book (Learn More)
Explore More
Browse Sample Pages
Front Cover | Copyright | Table of Contents | Excerpt | Index
Search inside this book:

What Other Items Do Customers Buy After Viewing This Item?

Customer Reviews

5 star
3 star
1 star
3.3 out of 5 stars
3.3 out of 5 stars
Most Helpful Customer Reviews
5 of 5 people found the following review helpful
4.0 out of 5 stars An excellent introduction. 16 Jan 2006
By Michael
I am currently developing an e-commerce application for the first time. Shortly after starting I realised that I would need to know something about security in order to safely handle customers' details, including credit cards. This book provides an excellent introduction to the world of cryptography and security in general, and then specifically focusses on how to implement it in a PHP environment.
After reading the relevant chapters, I was able to build a robust and secure encryption/decryption routine, using both symmetric and asymmetric algorithms. As well as this I was able to generate my own SSL certificates and set up a SSL webserver on my dev machine. None of this would have been possible without the data I learned in this book.
On top of the practical help I got, the book is also well written and got me genuiunely interested in the background and theory behind all the various aspects of computer and internet security, from protecting sensitive data, to preventing malicious attacks such as XSS or SQL injection. Much of this has been implemented in my application, which should be pretty heavy-duty when I'm done.
Comment | 
Was this review helpful to you?
3 of 4 people found the following review helpful
4.0 out of 5 stars An excellent introduction. 17 Jan 2006
By Michael
I am currently developing an e-commerce application for a large UK company. As this is my first project of this kind, I had little experience when it came to securing my apps, which is obviously a very important consideration when dealing with thousands of credit cards.
After reading this book, and with a little help from the internet, I have built a solid encryption/decryption system using both symmetric and asymmetric algorithms. I was also able to set up an SSL server on my development system. I had no clue about any of this stuff previously.
The book also covers many other aspects of security, such as cross-site scripting (XSS) and SQL injection. I was able to use what I learned to successfully comprimise my own app - a little worrying, but preferable to getting in there first. Suffice to say, I have patched up everything that I found, and now security is at the front of my mind when I am writing new code.
On top of the practical benefits, the book also gives an interesting background to such things as cryptography and the history of hacks. I am giving it 4, not 5, simply because I found it sometimes a little too unix-centric for a windows user like me. This is fair enough, seeing as the majority of php sites will be running on a unix-based production server, but if you are relatively new to unix, then some parts of this book may baffle you.
Comment | 
Was this review helpful to you?
0 of 1 people found the following review helpful
2.0 out of 5 stars Unfocused and rambles a lot 11 Sep 2010
Format:Kindle Edition
This review is based only on the sample pages that I read on my Kindle and not on the entire book.

I felt that the content of the book was too unfocused and the style of writing very rambling. I chose not to buy the book.
Comment | 
Was this review helpful to you?
Most Helpful Customer Reviews on (beta) 3.9 out of 5 stars  8 reviews
23 of 24 people found the following review helpful
5.0 out of 5 stars Good information with lots of links to addtional resources 5 Nov 2005
By David L. Hickman - Published on
This book is great because it's thorough and on each topic it gives lots of links to additional resources. It's easy to read and it's organized well so you can find what you're looking for.

One of the main things I appreciate about this book is that it gives just the right amount of information. It focuses on practical usage of security techniques but I also like to know the high-level picture of how and why things got to be the way they are. This book tells me exactly what I want to know. A good example is the the section on hashing and encryption. It gives some simplified examples of how the algorithms work and talks about where they came from, which ones are better and why, and how to use them. But it doesn't dive too deeply into encryption theory which would only be interesting to someone wanting to code an encryption routine.

Some of the interesting things I learned from this book are:

1) I learned about the various hashing and encryption algorithms. Which ones are good and just how good are they. Before reading this book I couldn't have told you which is better between md5 and sha1.

2) I learned all about protecting against cross-site scripting and sql injection. I thought I had already taken enough precautions on my latest website,, but this section pointed out some attacks I wasn't aware of. It also had links to sites with sample hack attacks you can run against your own website to see if it's vulnerable.

3) I learned how to do captcha screening to make sure people registering for my site are real humans and not robots (I haven't actually implemented this yet but I will soon). The book also pointed out something I never thought of - a hacker with a popular site can proxy registrations from your site to real people trying to register on his site and defeat your captcha by tricking people who think they are answering a captcha for his site. As usual, the author provides lots of links to other sites for more resources on captcha.

I've never before focused on security as much as I should have. Probably because all the information was not readily available in a single easy-to-digest book until this one. I'm really glad I found this book.
14 of 15 people found the following review helpful
4.0 out of 5 stars Unless you're already well-versed in the topic ... 8 Mar 2006
By John R. Mcwade - Published on
Unless you're already very well-versed in the subject matter, ( sql injection, cross-site scripting, session hijacking, remote execution, sanitizing user data/input, ssh, encryption, ssl, dangers of shared-host scenarios, bulletproofing db installations, user verification, captchas, remote procedure calls ) this material is relatively comprehensive and valuable. Well-organized, well thought out, I won't hesitate to recommend this one.
16 of 18 people found the following review helpful
5.0 out of 5 stars Serious, well-written, should be on your reading list 24 Oct 2005
By David Powers - Published on
One of the great attractions of PHP is that it's easy to learn, and you can use it to build interactive websites in next to no time. Just like learning to drive a car, though, early success can lead to over-confidence. This book is a timely reminder of the pitfalls that lie in wait not only for the unwary, but also for the more experienced PHP programmer.

In keeping with the title, "Pro PHP Security", the authors address many issues that beginners may not regard as being on their immediate horizon. While some issues are advanced, it's a book that should be on the reading list of every PHP user. In addition to practical examples that deal with specific vulnerabilities, there's a clear exposition of the need to understand good application design. Chapter 19 ("Using Roles to Authorize Actions") is an object lesson in how a seemingly straightforward project can rapidly overwhelm you with complexity, and provides good advice on how to avoid this sort of problem.

I suspect that most readers will gravitate towards Part 3, which concentrates on practical solutions for specific security loopholes, such as validating user input, SQL injection, cross-site scripting, and preventing remote execution. Invaluable though these chapters are, the real value lies in making the reader aware of all aspects of security. Preventing accidental deletion of data, even by trusted members of a team, is just as much a security risk as the script kiddie trying to corrupt your data. This book takes a welcome, rounded viewpoint of security issues from a variety of angles. While not scare-mongering, it's a salutary wake-up call.
7 of 7 people found the following review helpful
3.0 out of 5 stars Good info, not many solutions 6 Nov 2007
By Jonny - Published on
Like the title states this book tells you about a lot of security issues you should be aware of, but doesn't go in depth for many solutions. Especially xss which is the only reason i bought the book. For how much the book costs i figured it would include some really good php solutions. I mean the thing is in black and white, what's with the price tag that doesn't tell me anything that i can't find on the web.
26 of 33 people found the following review helpful
1.0 out of 5 stars Very little about PHP security at all 31 Jan 2007
By Bill Stones - Published on
The book is entitled PHP security. But the actual content covers very little PHP at

all: less than 20 percent. It tries to cover everything from UNIX permission,SSH

and all other security issues, but really doesn't have much to do with PHP. So I

think the title is highly misleading. For someone interested in the general

security issues, it might be a fine book. But not for programmers want to know

the security about PHP.
Were these reviews helpful?   Let us know
Search Customer Reviews
Only search this product's reviews

Customer Discussions

This product's forum
Discussion Replies Latest Post
No discussions yet

Ask questions, Share opinions, Gain insight
Start a new discussion
First post:
Prompts for sign-in

Search Customer Discussions
Search all Amazon discussions

Look for similar items by category