3 of 4 people found the following review helpful
An excellent introduction.,
This review is from: Pro PHP Security (Paperback)I am currently developing an e-commerce application for a large UK company. As this is my first project of this kind, I had little experience when it came to securing my apps, which is obviously a very important consideration when dealing with thousands of credit cards.
After reading this book, and with a little help from the internet, I have built a solid encryption/decryption system using both symmetric and asymmetric algorithms. I was also able to set up an SSL server on my development system. I had no clue about any of this stuff previously.
The book also covers many other aspects of security, such as cross-site scripting (XSS) and SQL injection. I was able to use what I learned to successfully comprimise my own app - a little worrying, but preferable to evil-hackers.org getting in there first. Suffice to say, I have patched up everything that I found, and now security is at the front of my mind when I am writing new code.
On top of the practical benefits, the book also gives an interesting background to such things as cryptography and the history of hacks. I am giving it 4, not 5, simply because I found it sometimes a little too unix-centric for a windows user like me. This is fair enough, seeing as the majority of php sites will be running on a unix-based production server, but if you are relatively new to unix, then some parts of this book may baffle you.