Review: Essential PHP security
If you write PHP code, and want to make any pretence at security, read this book. Clear enough? This book's not cheap at something over £20 for 100 pages, but it's clear and readable. You won't find every potential security flaw in your PHP code in here, but the vast majority are covered and the techniques advised will cover most eventualities. Plus you can follow Chris Shiftett's blog at http://shiflett.org/ to keep up to date.
PHP is often criticised as an insecure language - in fact it's an easy and powerful language that gives you enough rope to hang yourself. In particular, because it's easy to pick up (and I'd recommend it as a first language) it's used by new programmers who aren't security aware. This book isn't ideal for the PHP newcomer - you'll need some understanding of the language, but with that you'll find the content of the book clearly laid out and easy to follow. Even if you're already aware of many security issues, this book will add a couple more and act as an invaluable checklist.
Update It's been pointed out to me, quite accurately, that this book is not a complete guide to securing PHP applications; however I feel that its small size means that developers have no excuse for not reading this, or a more complete, book; reading this should at least make you understand what it is that you need to learn about.
Posted by parsingphase, 2006-01-23 20:07