Recommend this page to a friend! |
All reviews | Securing PHP: Core Concepts | Latest reviews | Best sellers ranking |
TitleSecuring PHP: Core Concepts
CategoryPHP books
AuthorChris Cornutt
PublisherLeanpub
Release dateMarch 5, 2014
Sales rankingWeek: 12 All time: 139
|
|||||||||||||||
Reviews |
|||||||||||||||
Securing PHP: Core Concepts
reviewed by
Dave Smith
Dave Smith wagontrader.com I really liked this book, it gets my thumbs up in nearly every category that I believe makes a great informational text. I do have to mention the one flaw that really detracts from its readability, it really needs to be proof read, badly. It contains malformed sentences, like missing words, that force the reader to lose focus as they try to reconstruct them into something that makes sense. Don't get me wrong here, as I have said, I really do like this book. It delivers the information the title promises in concise, easy to understand language which is well laid out. The examples are relevant and easy to follow. It would have gotten a rave review from me, if only it had been proof read. Maybe in a future revision it can be improved, so these comments about the text form are no longer pertinent. In the first chapter, "The CIA (no not that, CIA)", we get a detailed introduction into the three main things a secure application should be concerned about. Confidentiality, Integrity and Availability. This chapter provides the knowledge base for everything else we will learn in the following the chapters. The second chapter, A Few "Quick Hits", discusses security related concepts that do not require a lot of explanation for a reader of any level to understand. This chapter also serves as the primer for terms used in the industry to aid our understanding as we go deeper. We are able to get the lighter, self intuitive concepts out of the way as we prepare for the heavier, deeper concepts presented in the next several chapters. As the title suggests in the third chapter, "Keeping it Simple", we are presented with the pros and some methodology to KISS (Keep It Simple Stupid). We learn how to rein back our development juices to simplify the task of securing the data when in production. The fourth chapter, "Defense in Depth", introduces the concept of security through multiple layers. Weighing the balance between not enough and too much security, this chapter helps us set up the scales so that we can make that determination based on our specific needs. The fifth chapter, "Fail Securely", focuses on security issues we must consider when our application fails. How much information is enough information to provide to our users for the reason for the failure and how much is too much if that user happens to be attacking our security. The sixth chapter, "Least Privilege", is best described using the simple definition of least privilege. If you can't figure out who the user is, assume you don't know them. Handling errors and exceptions are very important in a secure system and this chapter supplies the guidelines for reducing permissions to the least privilege. In the seventh chapter, "Access Control", we learn about the fundamental difference between authentication and authorization. We are presented with different systems meant to ensure that data which should only be available to authorized users is only made available to authorized users. Finally in the eighth chapter, "Threat Modeling", we get to think like an attacker to consider their motivations, risks and rewards for attacking any part of our development project. We learn how to break down our application into areas of risk and determine the threat level for any particular attack on that area. | Security related issues over the Internet is a comprehensive subject that can be difficult to understand without a proper foundation. True to its title, Securing PHP: Core Concepts, gives the reader that core understanding necessary to pursue security concepts. I would recommend this book for anyone new to the secure development segment as well as the old professional. I found this book to be a useful review of some topics I already had a decent understanding of, however I also found that it reminded me to continue to grow. Secure techniques continue to improve and having an up to date primer, like this book, available is a great resource. {buttons}Security related issues over the Internet is a comprehensive subject that can be difficult to understand without a proper foundation. True to its title, Securing PHP: Core Concepts, gives the reader that core understanding necessary to pursue security concepts. I would recommend this book for anyone new to the secure development segment as well as the old professional. I found this book to be a useful review of some topics I already had a decent understanding of, however I also found that it reminded me to continue to grow. Secure techniques continue to improve and having an up to date primer, like this book, available is a great resource. Security related issues over the Internet is a comprehensive subject that can be difficult to understand without a proper foundation. True to its title, Securing PHP: Core Concepts, gives the reader that core understanding necessary to pursue security concepts. I would recommend this book for anyone new to the secure development segment as well as the old professional. I found this book to be a useful review of some topics I already had a decent understanding of, however I also found that it reminded me to continue to grow. Secure techniques continue to improve and having an up to date primer, like this book, available is a great resource.
|
|||||||||||||||
Comments1. Proof-reading - Duncan Mackie (2015-06-12 20:16) |