PHP Security reading materials

Re: PHP Security reading materials

This book has some nice examples:


Best regards

Maxim Vexler wrote:[color=blue]
> Hello
>
> I'm looking for reading materials to educate myself on the security
> measures that should be taken to build a secure web site.
>
> What I'm referring to is web sites like the following :
> 1. http://www.securiteam.com/securityre...DP0N1P76E.html
> 2. http://www.unixwiz.net/techtips/sql-injection.html
> 3. http://www.cgisecurity.com/articles/xss-faq.shtml
>
> That would demonstrate to me real "bad" code and the way it can be
> exploited on my site.
>
> A references to bugzilla / mailing lists of open source projects to
> learn from them how to apply security would also be great IMHO.
>
> The main security concern I seem to be unable to find good
> documentations are:
>
> 1. SQL injection in the Unicode character maps; possibly a table that
> would summarize all the characters to avoid / filter out from web
> forms.
> 2. (in)Correct usage of php functions.
>
>
> I know my question is general and yet I would very much appreciate
> references / recommendation on reading material, as learning by trial &
> error in the security field is not an option.
>
>
> Thank you very much.
>
> Cheers,
> Maxim Vexler.
>
>
> --
>
> Do u GNU ?
>[/color]

Re: PHP Security reading materials

Maxim Vexler wrote:[color=blue]
>
> I'm looking for reading materials to educate myself on the security
> measures that should be taken to build a secure web site.[/color]

http://phpsec.org - PHP Security Consortium
http://phpsecurity.org - Essential PHP Security ISBN 059600656X

There are also quite a few on amazon, but be sure to look through the
user ratings and such as well, sometimes there are other suggestions in
there as well.
*** posted via free account from http://www.teranews.com ***

Re: PHP Security reading materials

Gary L. Burnore wrote:[color=blue]
> On Sun, 12 Feb 2006 01:56:19 +0100, Dikkie Dik <nospam@nospam. org>
> wrote:
>
>[color=green]
>>This book has some nice examples:
>>http://innocentcode.thathost.com/
>>[/color]
>
>
> What's with the rash of top posters?
>
>
>[color=green]
>>Best regards
>>
>>Maxim Vexler wrote:
>>[color=darkred]
>>>Hello
>>>
>>>I'm looking for reading materials to educate myself on the security
>>>measures that should be taken to build a secure web site.
>>>
>>>What I'm referring to is web sites like the following :
>>>1. http://www.securiteam.com/securityre...DP0N1P76E.html
>>>2. http://www.unixwiz.net/techtips/sql-injection.html
>>>3. http://www.cgisecurity.com/articles/xss-faq.shtml
>>>
>>>That would demonstrate to me real "bad" code and the way it can be
>>>exploited on my site.
>>>
>>>A references to bugzilla / mailing lists of open source projects to
>>>learn from them how to apply security would also be great IMHO.
>>>
>>>The main security concern I seem to be unable to find good
>>>documentatio ns are:
>>>
>>>1. SQL injection in the Unicode character maps; possibly a table that
>>>would summarize all the characters to avoid / filter out from web
>>>forms.
>>>2. (in)Correct usage of php functions.
>>>
>>>
>>>I know my question is general and yet I would very much appreciate
>>>references / recommendation on reading material, as learning by trial &
>>>error in the security field is not an option.
>>>
>>>
>>>Thank you very much.
>>>
>>>Cheers,
>>> Maxim Vexler.
>>>
>>>
>>>--
>>>
>>>Do u GNU ?
>>>[/color][/color][/color]

You can thank google groups for it.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===