|
|
|
|
|
|
by kailashbadu
6049 days ago
|
|
|
I am from PHP background and here is the lowdown of how I worked my way from basic PHP security to advanced web application security (language-independent). I am sure it will help you in making a decision for yourself.
1. Essential PHP Security by Chris Shiflett: a light read with little over 100 pages. PHP often picks a lot of flak for being insecure. However, in majority of cases its not because of the flaws in PHP platform itself. It’s because of the certain design choices PHP made which makes it easier for a novice developer to mistakenly write insecure code. Given a little care, these mistakes can be easily avoided. All basic security stuffs are covered like forms and urls, sql injection, session and cookie security. The concept covered in this book can easily be applied for other platforms but apparently you don’t want any of these information because you already are well-versed in them. 2. Pro PHP Security by Chris Synder and Michael Southwell: Covers most of what you are looking for, namely, perils of shared hosting, safe development practices, Encryption, SSL and SSH, HTTP and HTTPS, Access Control and Authentication. Of course the book is inclined towards PHP but most of the concepts are language neutral and you can easily extrapolate these concepts to another language of your choice. 3. Foundation of Security by Neil Daswani et al.: The blurb on the first page speaks for itself What every programmer needs to know about security with running examples of web applications and stories of what’s gone wrong in the past. Mostly language neutral but sample codes are implementation in Java. Comprehensive. Recommended. 4. A bunch of videos at http://code.google.com/edu/security/index.html helped too. |
|
|