Web applications are prime targets for hackers. If a site has poor security, it is more susceptible to hacking, which could lead to sensitive information being leaked. Establishing appropriate security involves first analyzing risk, which consists of an evaluation of information confidentiality, integrity and availability along with a potential threat analysis, should security be breached.
An application must be structured correctly and the Model, View, Controller (MVC) model provides a good example to apply to the site architecture. This type of protection is based on correctly configured servers and encryption.
This book clearly explains how to test software security prior to going online as well as a comprehensive overview of the most common cyber-attacks and how to protect sites against them using PHP. Other sections include user information, rights management, encryption principles and advanced mechanisms to monitor completed actions.
1. Why Do Web Applications Need to be Secure?
2. Estimating Risk.
3. Encryption and Web Server Configuration.
4. Threats and Protecting Against Them.
5. Managing User Logins and Assigning Permissions.
6. Using the MVC Model to Structure the Application.
7. Implementing a Suitable Technical Platform and Testing the Application.
Éric Quinton is a database administrator and responsible for the security of information systems at the National Research Institute of Science and technology for Environment and Agriculture in France.