SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    SitePoint Zealot
    Join Date
    Apr 2005
    Posts
    139
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Best security book?

    Hi,

    Im looking for a good php security book. I did a quick search and this is what i found:

    Pro PHP Security (Pro) -- by Chris Snyder
    Essential PHP Security -- by Chris Shiflett * (Not available yet)
    Innocent Code : A Security Wake-Up Call for Web Programmers -- by Sverre H. Huseby
    php|architect's Guide to PHP Security


    Anyone can recommend any of this books?

    Of course no one have read the Chris Shiflett one, but what about the others.

    Thanks in advance.

  2. #2
    SitePoint Zealot
    Join Date
    Jun 2002
    Posts
    128
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Haven't read any of those books so I can't comment on those but you might be interested in the PHP Security Bolg - http://blog.php-security.org/

  3. #3
    SitePoint Wizard dreamscape's Avatar
    Join Date
    Aug 2005
    Posts
    1,080
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Watchfire has a number of good whitepapers on web application security. It is on web applications in general, not PHP, but it is not too difficult to see how the concepts can be applied to PHP.

  4. #4
    SitePoint Member
    Join Date
    Mar 2003
    Location
    Canada
    Posts
    18
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    This is also a good read:

    http://phpsec.org/projects/guide/
    -----------------
    -Jeremy Foster

  5. #5
    SitePoint Zealot
    Join Date
    Apr 2005
    Posts
    139
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the links! I already knew the PHP Security Consortium, i'll check the other ones.

    But im interested in buying one of those books...anyone has read them??

  6. #6
    SitePoint Addict
    Join Date
    Oct 2004
    Location
    Brooklyn, NY
    Posts
    359
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm probably the only person who has read all four of those books - at the moment, anyway. :-)

    I can't recommend the first one, but the others are good. I have a particular bias for the second one, of course, but I think Ilia and Sverre both did a good job, too.

    You can read a bit more about mine here:

    http://shiflett.org/archive/142

    If you're feeling generous, you can order it on Amazon using my referrer link:

    http://www.amazon.com/exec/obidos/AS...risshiflett-20

    You can read more about Ilia's here:

    http://ilia.ws/archives/70-PHP-Guide-to-Security-is-out!.html

    Hope that helps.
    Chris Shiflett
    http://shiflett.org/

  7. #7
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I havn't read any PHP Security books (though i try to avoid any book that has 'Pro' in it's title ) but on a related note i've just read Apache Security and of course it's very closely tied to web/PHP security .. so i'd recommend that.

  8. #8
    SitePoint Addict
    Join Date
    Oct 2004
    Location
    Brooklyn, NY
    Posts
    359
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I second that. Ivan is a really smart and friendly guy, and he did a great job with that book.
    Chris Shiflett
    http://shiflett.org/

  9. #9
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ivan is a really smart and friendly guy, and he did a great job with that book.
    I'll second that. I admire anyone who's written a book as it's something i've always wanted to do myself but lack the time, patience and mainly the lack of book worthy knowledge on any subject

  10. #10
    SitePoint Zealot
    Join Date
    Apr 2005
    Posts
    139
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the advice to all. I'll certainly read that Apache book. It looks like a Must read.

    Chris, thanks also for you opinion. Im waiting for your book to come out, and i'll buy it for sure. And i think i'll also buy Innocent Code.

    Now, why do you said that you Can't recommend the first one? Is it too bad?

    Thanks!

  11. #11
    SitePoint Addict
    Join Date
    Oct 2004
    Location
    Brooklyn, NY
    Posts
    359
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I don't like to disparage anyone, and writing a book is a lot of hard work. I don't think anyone who hasn't done it can really appreciate how much it impacts your personal life (sadly, computer books make no money, so authors have to sacrifice nights and weekends in order to write - days are spent doing something that can actually pay the bills). Also, with the exception of Sverre, I personally know all of the authors that have been mentioned. Therefore, I'd rather not explain in detail why I prefer some more than others, because I don't want to criticize someone's hard work.

    I will only say that I personally dislike books that are long and lack focus, becaue they tend to sit on the shelf and take up space. My time is precious to me, and as an author, I try to make sure I don't waste anyone's time by reading the things I've written. If someone is gracious enough to invest their time to read what I have to say, the least I can do is try to provide accurate, relevant information and make it easy to understand. I'm trying to help people, not impress them. :-)
    Chris Shiflett
    http://shiflett.org/

  12. #12
    SitePoint Zealot
    Join Date
    Apr 2005
    Posts
    139
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks Chris. Fair enough. Im sorry, it was not my intention to put you on a difficult position. I understand what you mean.

    Actually i'll love to buy ALL those books and read them all. But i can't afford all of them, at least not know. So i'll have to pick 1 or 2.

    But it's great to have the opinion and perspective of one of the authors...so thanks again.

  13. #13
    SitePoint Evangelist jplush76's Avatar
    Join Date
    Nov 2003
    Location
    Los Angeles, CA
    Posts
    460
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm reading the security guide from PHPArch.com at the moment and its pretty top notch. I'd suggest that one at the moment. Lots of useful stuff in there.

    Chris when will your book be available?
    My-Bic - Easiest AJAX/PHP Framework Around
    Now Debug PHP scripts with Firebug!

  14. #14
    Sell crazy someplace else markl999's Avatar
    Join Date
    Aug 2003
    Location
    Manchester, UK
    Posts
    4,007
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •