Essential PHP Security: A Guide to Building Secure Web Applications

I'm a professional PHP developer at an "enterprise level" business. I have been to security-related seminars and receive regular boring lectures on the subject. I try to keep up to date with security-related exploits and always have an eye toward better coding practices to strengthen the code the team is writing. This includes reading various books on the subject. This book really nails it. The subject matter is covered thoroughly and simply. Code examples illustrate common problems in code and Chris writes about how one could implement procedures to make sure that your software stays as secure as possible. It's finally a good book on the topic and I'm really happy I stumbled upon it. It is written with PHP in mind, but all server-side languages are vulnerable to the same exploits listed in here and the development practices that are suggested would apply to your favorite language as well. It's somewhat of a short book and the lessons seem to be repetitious after a while, but since most of the web app security holes are based on improper handling of data, I can see how things start to sound the same after a bit. This isn't a reason to not buy this book! For various attack vectors and because of the same silly holes that people leave in their code, the mistakes that us mere mortals make are also repetitious. I guess we need the lesson really drilled into us before it becomes a core part of our coding practices. I will be recommending this book to people on my team and we will cover lessons from it in our monthly meetings where we can talk about the development procedures we have in place and how to improve code quality overall.