---

Secure your PHP-based web applications with this compact handbook. You´ll get clear, practical and actionable details on how to secure various parts of your PHP web application. You´ll also find scenarios to handle and improve existing legacy issues.

Is your PHP app truly secure? Let´s make sure you get home on time and sleep well at night. Learn the security basics that a senior developer usually acquires over years of experience, all condensed down into one quick and easy handbook. Do you ever wonder how vulnerable you are to being hacked? Do you feel confident about storing your users´ sensitive information? Imagine feeling confident in the integrity of your software when you store your users´ sensitive data. No more fighting fires with lost data, no more late nights, your application is secure.

Well, this short book will answer your questions and give you confidence in being able to secure your and other PHP web apps.
What You´ll Learn

Never trust your users - escape all input
HTTPS/SSL/BCA/JWH/SHA and other random letters: some of them actually matter
How to handle password encryption and storage for everyone
What are authentication, access control, and safe file handing and how to implement them
What are safe defaults, cross site scripting and other popular hacks Who This Book Is For

Experienced PHP coders, programmers, developers.

---

Constructor Format Errata Sample Code About the Author Chapter 1 - Never Trust Your Users. Sanitize ALL Input! SQL Injection Mass Assignment Typecasting Sanitizing Output Chapter Two - HTTPS/SSL/BCA/JWH/SHA and Other Random Letters; Some of Them Actually Matter. What is HTTPS Limitations When to use HTTPS Implementing HTTPS Paths Chapter 3 - Password Encryption and Storage for Everyone The Small Print What is a Hash? Popular Attacks A Pinch of Salt Hashing Algorithms Storage Validation Putting It All Together Brute Force Protection Upgrading Legacy Systems Resources Chapter 4 - Authentication, Access Control, and Safe File Handing Authentication Access Control Validating Redirects Chapter 5 - Safe Defaults, Cross Site Scripting, and Other Popular Hacks Never Trust Yourself - Use Safe Defaults Never Trust Dynamic Typing. It´s Not Your Friend. Cross Site Scripting Attack Entry Points Cross Site Request Forgery Multiple Form Submits Race Conditions Outdated Libraries / External Programs Destructor About the Author Security Audit / Consulting

---

Ben Edmunds leads development teams to create cutting-edge web and mobile applications. He is an active leader, developer, and speaker in various development communities, especially the CodeIgniter and Laravel PHP framework communities. He has been developing software professionally for over 10 years and in that time has worked on everything from robotics to government projects. Lastly, he´s a PHP Town Hall podcast co-host.

---