Ayman Hourieh's Blog

I've just finished reading through "Essential PHP Security", a book that deals with security issues related to developing PHP applications, and I have to say, this book is a must for every PHP developer. It covers almost every aspect of web security from a PHP developer's point of view, including SQL injection, cross-site scripting, session/cookie/authentication management, file uploads, file inclusion, and many other topics. It includes a run down of possible vulnerabilities in a given topic, and how to deal with them in a secure fashion.

Even if you are an experienced PHP developer, this book has a lot to offer. While I don't claim to be one, the book served as a reminder of security pitfalls and techniques, and I managed to learn several new things from it.

Interestingly, many concepts introduced in the book are already implemented in Drupal, like the authentication and session systems and session fixation prevention techniques.

Bottom line, if you are remotely interested in PHP, this book is a must, period. Anyone who wants to touch PHP has to read this book first!