| | Copyright |
| | Foreword |
| | Preface |
| | | What's Inside |
| | | Style Conventions |
| | | Comments and Questions |
| | | Safari Enabled |
| | | Acknowledgments |
| | Chapter 1. Introduction |
| | | Section 1.1. PHP Features |
| | | Section 1.2. Principles |
| | | Section 1.3. Practices |
| | Chapter 2. Forms and URLs |
| | | Section 2.1. Forms and Data |
| | | Section 2.2. Semantic URL Attacks |
| | | Section 2.3. File Upload Attacks |
| | | Section 2.4. Cross-Site Scripting |
| | | Section 2.5. Cross-Site Request Forgeries |
| | | Section 2.6. Spoofed Form Submissions |
| | | Section 2.7. Spoofed HTTP Requests |
| | Chapter 3. Databases and SQL |
| | | Section 3.1. Exposed Access Credentials |
| | | Section 3.2. SQL Injection |
| | | Section 3.3. Exposed Data |
| | Chapter 4. Sessions and Cookies |
| | | Section 4.1. Cookie Theft |
| | | Section 4.2. Exposed Session Data |
| | | Section 4.3. Session Fixation |
| | | Section 4.4. Session Hijacking |
| | Chapter 5. Includes |
| | | Section 5.1. Exposed Source Code |
| | | Section 5.2. Backdoor URLs |
| | | Section 5.3. Filename Manipulation |
| | | Section 5.4. Code Injection |
| | Chapter 6. Files and Commands |
| | | Section 6.1. Traversing the Filesystem |
| | | Section 6.2. Remote File Risks |
| | | Section 6.3. Command Injection |
| | Chapter 7. Authentication and Authorization |
| | | Section 7.1. Brute Force Attacks |
| | | Section 7.2. Password Sniffing |
| | | Section 7.3. Replay Attacks |
| | | Section 7.4. Persistent Logins |
| | Chapter 8. Shared Hosting |
| | | Section 8.1. Exposed Source Code |
| | | Section 8.2. Exposed Session Data |
| | | Section 8.3. Session Injection |
| | | Section 8.4. Filesystem Browsing |
| | | Section 8.5. Safe Mode |
| | Appendix A. Configuration Directives |
| | | Section A.1. allow_url_fopen |
| | | Section A.2. disable_functions |
| | | Section A.3. display_errors |
| | | Section A.4. enable_dl |
| | | Section A.5. error_reporting |
| | | Section A.6. file_uploads |
| | | Section A.7. log_errors |
| | | Section A.8. magic_quotes_gpc |
| | | Section A.9. memory_limit |
| | | Section A.10. open_basedir |
| | | Section A.11. register_globals |
| | | Section A.12. safe_mode |
| | Appendix B. Functions |
| | | Section B.1. eval( ) |
| | | Section B.2. exec( ) |
| | | Section B.3. file( ) |
| | | Section B.4. file_get_contents( ) |
| | | Section B.5. fopen( ) |
| | | Section B.6. include |
| | | Section B.7. passthru( ) |
| | | Section B.8. phpinfo( ) |
| | | Section B.9. popen( ) |
| | | Section B.10. preg_replace( ) |
| | | Section B.11. proc_open( ) |
| | | Section B.12. readfile( ) |
| | | Section B.13. require |
| | | Section B.14. shell_exec( ) |
| | | Section B.15. system( ) |
| | Appendix C. Cryptography |
| | | Section C.1. Storing Passwords |
| | | Section C.2. Using mcrypt |
| | | Section C.3. Storing Credit Card Numbers |
| | | Section C.4. Encrypting Session Data |
| | About the Author |
| | Colophon |
| | Index |