На нашем ресурсе вы можете поделиться своими или бесплатно скачать книги для разработчиков на PHP, Mysql, Ajax, Ruby on Rails, C++, Unix, WinApi, C# sharp, .NET, Java, UML, различным Frameworks. 

Chapter 9: Security and Performance

286

Additional Security Resources

Web application security is an enormous field, and there ' s no way to do it justice in such a short space.
If you ' re interested in continuing your education, here are a few resources that will help you do that:

The Web Application Hacker ' s Handbook: Discovering and Exploiting Security Flaws , by Dafydd
Stuttard and Marcus Pinto -- This book is a guide to identifying security flaws in web
applications using real - world examples.

Essential PHP Security , by Chris Shiflett -- This book is short, but don ' t assume it ' s somehow
deficient because of that. Just a single read - through will improve your security posture and
educate you on just about everything you need to know.

PHP|architect ' s Guide to PHP Security , by Ilia Alshanetsky -- Ilia ' s book will educate you on
some of the finer points of SQL injection, buffer overflow attacks, and other attacks.

Apache Security , by Ivan Ristic -- Ivan ' s book covers security principles (I especially like his take
on security as a process, not an outcome) and delves deeply into different aspects of Apache
security, like SSL, denial of service attacks, secure PHP installation, and more.

PHP Security Consortium (

http://phpsec.org/

) -- This web site contains various articles on

security topics like input validation, spoofing, and XSS.

Web Application Security � Web Application Component Toolkit (

www.phpwact.org/

security/web_application_security

) -- This page provides a list of common security

vulnerabilities and concerns that are easy to fix at the application development level. Included
in the list are additional resources as well as catalogs of well - known attacks (and their
countermeasures).

OWASP (

http://owasp.org

) -- OWASP is a Wiki run by the Open Web Application Security

Project.

Performance

Performance is usually the bane of any development effort. Things that you put together on a
development server simply never seem to stand up to the pounding of real traffic. Once again, however,
CodeIgniter comes to your aid with a set of profiling and benchmarking tools that allows you to see how
your pages (and even sections of code) perform.

Profiling

If you ' re curious about performance of any page, you can turn on profiling and get a detailed report of
what ' s happening. This is a useful thing to do before a site goes live.

To turn on profiling, open your Welcome controller in an editor, and make the following change to the
constructor:

function Welcome(){

parent::Controller();

enable_profiler(TRUE);

}

c09.indd 286

c09.indd 286

6/10/08 5:38:04 PM

6/10/08 5:38:04 PM