* One of the first books devoted solely to PHP security

"PHP is the world's most popular open source web scripting language, installed on almost 17 million domains worldwide (php.net/usage.php). It is loved by beginners and embraced by advanced users. This book offers developers a complete guide to taking both defensive and proactive security approaches within their PHP applications.Pro PHP Security guides developers through many of the defensive and proactive security measures that can be taken to help prevent attackers from potentially disrupting site operation or destroying data. Moreover, this book covers a wide swath of security measures, showing readers how to create and deploy captchas, validate email, fend off SQL injection attacks, prevent cross-site scripting attempts, and more. TOC:Why is Secure Programming a Concern?- Dealing with Shared Hosts.- Maintaining Separate Development and Production Environments.- Keeping Software Up To Date.- Connecting Securely.- Using Encryption.- Controlling Access.- Reducing Risk with PHP's Safe Mode.- Peer Review.- Preventing SQL Injection.- Preventing Hijacking of Temporary Files.- Preventing Hijacking of Sessions.- Preventing Spoofing of Forms.- Preventing Spoofing of File Uploads.- Preventing Misuse of Shell Arguments.- Preventing Misuse of Global Variables.- Preventing Buffer Overflow.- Using Content Filtering.- Using Roles to Authorize Script Execution.- Avoiding Cross-site Scripting.- Using captchas as Turing Tests.- Verifying Email Addresses.- Adding undo to Prevent Data Loss.- Adding Accountability to Track (Ab)Use.- Safely Executing Privileged Scripts.- Handling Remote Procedure Calls Safely.- Using FTP Safely.- Fending Off the Robots."

The Importance of Security.- Why Is Secure Programming a Concern?.- Maintaining a Secure Environment.- Dealing with Shared Hosts.- Maintaining Separate Development and Production Environments.- Keeping Software Up to Date.- Using Encryption I: Theory.- Using Encryption II: Practice.- Securing Network Connections I: SSL.- Securing Network Connections II: SSH.- Controlling Access I: Authentication.- Controlling Access II: Permissions and Restrictions.- Practicing Secure PHP Programming.- Validating User Input.- Preventing SQL Injection.- Preventing Cross-Site Scripting.- Preventing Remote Execution.- Enforcing Security for Temporary Files.- Preventing Session Hijacking.- Practicing Secure Operations.- Allowing Only Human Users.- Verifying Your Users' Identities.- Using Roles to Authorize Actions.- Adding Accountability to Track Your Users.- Preventing Data Loss.- Safely Executing System Commands.- Handling Remote Procedure Calls Safely.- Taking Advantage of Peer Review.