Since its inception in 1995, PHP has become the scripting language of choice for a vast majority of web developers, powering over 22 million domain names running on over 1.3 million distinct servers. PHP’s rapid growth can be attributed to its simplicity, its everevolving capabilities, and its excellent performance. Unfortunately, the same qualities that have made PHP so popular have also lulled many developers into a sense of complacency, leading them to neglect a very important aspect of development: security. When PHP was still young and used primarily for hobbyist applications, security wasn’t an utmost concern. Back then, a “serious” intrusion might leave some nasty HTML in a guestbook. Now, however, when PHP powers shopping carts, registration systems, and corporate web portals, insecure code can have very serious consequences for a site, the site’s owners, and the site’s users. This book has two goals: to explain the common types of security shortcomings that plague PHP applications and to provide simple and efficient remedies to those problems. In general, being aware of risks is more than half the battle. Implementing a solution in PHP is usually quite straightforward. And that’s important: if implementing security is prohibitively difficult, few developers will bother.
download
