Web Security 2016 From php[architect] Magazine
Год издания: 2016
Автор: Oscar Merida
Издательство: [php]architect
ISBN:
- print: 978-1-940111-41-4
- PDF: 978-1-940111-42-1
- epub: 978-1-940111-43-8
- mobi: 978-1-940111-44-5
Язык: Английский
Формат: PDF, EPUB, MOBI
Качество: Издательский макет или текст (eBook)
Интерактивное оглавление: Да
Описание:
Are you keeping up with modern security practices? This anthology collects articles rst published in php[architect] magazine. Each one touches on a security topic to help you harden and secure your PHP and web applications. Your users’ information is important, make sure you’re treating it with care.
This anthology includes:
- An overview of the attacks you should be familiar with and how to protect against exploits.
- Using a PHP-based Intrusion Detection System to monitor and reject requests that attempt to breach your site.
- How to protect against SQL Injection from user-supplied data by using prepared statements.
- A case study in how the Drupal security team keeps core and contributed modules safe.
- How to securely store passwords and understanding the techniques used to crack credentials.
- Using OAuth 2.0 to connect to web services and fetch information for your users without asking for a password.
- How web service security di ers from traditional web application security and advice for e ectively protecting one from malicious users.
- Identifying the right kind of cryptography to implement in your application and doing it correctly.
Оглавление
Chapter 1. Is Your Website Secure from Hackers?
- Authentication and Authorization
- Database Interaction
- Files and Resources
- CMS, Framework, and Other Components
- Final Note
- Additional resources
Chapter 2. Basic Intrusion Detection with Expose
- What Is an IDS and Why You Should Use One
- Advantages, Limitations, and Disadvantages of Expose
- Expose Installation Run Through
- Logging, Alerting, and Thresholds
- Next Steps
- Conclusion
Chapter 3. DeLoreans, Data, and Hacking Sites
- Introduction
- What Is SQLi?
- Identifying Potential SQL Injection
- “Hacking” Your Own Sites
- Prepared Statements
- Conclusion
Chapter 4. Drupal Security: How Open Source Strengths Manage Software Vulnerabilities
- Drupal 8
- Keeping a Drupal Site Secure
- Drupal Security Team
- Software Vulnerabilities
- Reporting a Drupal Security Issue
- Handling Drupal Security Issues
- Security Advisory
- The Drupal Security Team Welcomes New Members
- Open Source
Chapter 5. Mastering OAuth 2.0
- Let’s Jump In
- Preparing for OAuth
- Integrating with Instagram
- A Brief History of Web Authorization
- What is OAuth 2.0?
- Toward a More Secure Web
Chapter 6. Keep Your Passwords Hashed and Salted
- Introduction
- Rule One: No Plain Text
- What is Hashing?
- How to Use Hashes
- Techniques Crackers Employ to Break Hashes
- Salting Passwords
- Use Proper Salt
- Hashing Algorithms
- Better Algorithms
- Hashing in PHP
- Password-Related Functions in Modern PHP
- Summary
Chapter 7. Learn from the Enemy: Securing Your Web Services, Part One
- It Happens
- Web Services are Different
- Learn from the Master
- Looking Forward
- Additional Reading
Chapter 8. Security Architecture: Securing your Web Services, Part Two
- Web Service Security
- Your Security Architecture
- Security Implementation
Chapter 9. Implementing Cryptography
- Use the Encryption Library
- Randomness
- Using Randomness
- The Session Token
- Encrypting and Decrypting a String
- Involving Experts
- Additional Reading
