PHP SECURITY BOOKS

[fortnox007]

Heya guys,

 

I have been searching my butt off for quite a while about php security books, and the only ones i found where books dated 2005. (meaning they were prolly written in 2003/2004 while fighting over royalties)

 

Since php has been updated and more security holes have been found I was wondering (with the capslock 'on') if anyone could suggest me a good book which is up to date.

 

I really want to learn how to write secure php, and with all the articles about various topics scattered around the interwebs    I am afraid I might miss something. (please be assured i am not a novice, i just would like a good guide that hopefully covers almost everything)

 

If anyone could maybe suggest some good book(s) i would be pleased to hear from you.

Also if you dont know a god book, but do know a good website/tutorial etc. on security for php.

 

please let me know i am in desperate need  :'(

 

thanks in advance!!!!

[Andy-H]

http://shiflett.org/

[fortnox007]

Thanks, i have shiflett's page bookmarked, but, the thing is, his book and his article start around 2003, en end up around 2006. I really can imagine some things change in the meanwhile.

[JonnoTheDev]

It is all still applicable. Doesn't matter the age of the content. Books on php security are focused around validating / cleaning data that has been sent to a server via a POST or GET request, working with sessions, cookies, preventing SQL injection & XSS. Do not think of it like a copy of windows where new security holes are found daily and need patching. The code is as strong or as weak as you write it. If you write weak code then there maybe holes to exploit.

 

Forget the date that they were written. If you see a new book, more than likely it will be a rehash of an existing title.

 

http://www.amazon.co.uk/Essential-PHP-Security-Chris-Shiflett/dp/059600656X

http://www.amazon.co.uk/Security-Chris-Southwell-Michael-Snyder/dp/1590595084

http://www.amazon.co.uk/Securing-PHP-Applications-Mere-Mortals/dp/0321534344