470,849 Members | 1,114 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 470,849 developers. It's quick & easy.

PHP Security reading materials

Hello

I'm looking for reading materials to educate myself on the security
measures that should be taken to build a secure web site.

What I'm referring to is web sites like the following :
1. http://www.securiteam.com/securityre...DP0N1P76E.html
2. http://www.unixwiz.net/techtips/sql-injection.html
3. http://www.cgisecurity.com/articles/xss-faq.shtml

That would demonstrate to me real "bad" code and the way it can be
exploited on my site.

A references to bugzilla / mailing lists of open source projects to
learn from them how to apply security would also be great IMHO.

The main security concern I seem to be unable to find good
documentations are:

1. SQL injection in the Unicode character maps; possibly a table that
would summarize all the characters to avoid / filter out from web
forms.
2. (in)Correct usage of php functions.
I know my question is general and yet I would very much appreciate
references / recommendation on reading material, as learning by trial &
error in the security field is not an option.
Thank you very much.

Cheers,
Maxim Vexler.
--

Do u GNU ?

Feb 11 '06 #1
3 1386
This book has some nice examples:
http://innocentcode.thathost.com/

Best regards

Maxim Vexler wrote:
Hello

I'm looking for reading materials to educate myself on the security
measures that should be taken to build a secure web site.

What I'm referring to is web sites like the following :
1. http://www.securiteam.com/securityre...DP0N1P76E.html
2. http://www.unixwiz.net/techtips/sql-injection.html
3. http://www.cgisecurity.com/articles/xss-faq.shtml

That would demonstrate to me real "bad" code and the way it can be
exploited on my site.

A references to bugzilla / mailing lists of open source projects to
learn from them how to apply security would also be great IMHO.

The main security concern I seem to be unable to find good
documentations are:

1. SQL injection in the Unicode character maps; possibly a table that
would summarize all the characters to avoid / filter out from web
forms.
2. (in)Correct usage of php functions.
I know my question is general and yet I would very much appreciate
references / recommendation on reading material, as learning by trial &
error in the security field is not an option.
Thank you very much.

Cheers,
Maxim Vexler.
--

Do u GNU ?

Feb 12 '06 #2
Maxim Vexler wrote:

I'm looking for reading materials to educate myself on the security
measures that should be taken to build a secure web site.


http://phpsec.org - PHP Security Consortium
http://phpsecurity.org - Essential PHP Security ISBN 059600656X

There are also quite a few on amazon, but be sure to look through the
user ratings and such as well, sometimes there are other suggestions in
there as well.
*** posted via free account from http://www.teranews.com ***
Feb 12 '06 #3
Gary L. Burnore wrote:
On Sun, 12 Feb 2006 01:56:19 +0100, Dikkie Dik <no****@nospam.org>
wrote:

This book has some nice examples:
http://innocentcode.thathost.com/

What's with the rash of top posters?
Best regards

Maxim Vexler wrote:
Hello

I'm looking for reading materials to educate myself on the security
measures that should be taken to build a secure web site.

What I'm referring to is web sites like the following :
1. http://www.securiteam.com/securityre...DP0N1P76E.html
2. http://www.unixwiz.net/techtips/sql-injection.html
3. http://www.cgisecurity.com/articles/xss-faq.shtml

That would demonstrate to me real "bad" code and the way it can be
exploited on my site.

A references to bugzilla / mailing lists of open source projects to
learn from them how to apply security would also be great IMHO.

The main security concern I seem to be unable to find good
documentations are:

1. SQL injection in the Unicode character maps; possibly a table that
would summarize all the characters to avoid / filter out from web
forms.
2. (in)Correct usage of php functions.
I know my question is general and yet I would very much appreciate
references / recommendation on reading material, as learning by trial &
error in the security field is not an option.
Thank you very much.

Cheers,
Maxim Vexler.
--

Do u GNU ?


You can thank google groups for it.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Feb 12 '06 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

29 posts views Thread by rjames.clarke | last post: by
116 posts views Thread by Mike MacSween | last post: by
2 posts views Thread by Matt Theule | last post: by
4 posts views Thread by abcd | last post: by
2 posts views Thread by anbu | last post: by
1 post views Thread by smerf | last post: by
15 posts views Thread by himilecyclist | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.