Secure development for mobile apps : how to design and code secure mobile applications with PHP and JavaScript /: how to design and code secure mobile applications with PHP and JavaScript. (2014)
- Record Type:
- Book
- Title:
- Secure development for mobile apps : how to design and code secure mobile applications with PHP and JavaScript /: how to design and code secure mobile applications with PHP and JavaScript. (2014)
- Main Title:
- Secure development for mobile apps : how to design and code secure mobile applications with PHP and JavaScript
- Further Information:
- Note: J.D. Glaser.
- Authors:
- Glaser, J. D
- Contents:
- Foreword; Introduction; Industry Analysis; Preface; Acknowledgments; Biography; ; Introduction to Mobile Security Development; Understanding Secure Web Development; What This Book Is; What This Book Is Not; Prerequisite Technologies; Applying Architecture Tools to Security; Creating Consistent Reusable Code from Project to Project; Mobile Application Using HTML5, AJAX, and jQuery Mobile; Mobile App—A Social Mashup; Client Technologies; Client Application Layout; Server Application; Evolution of Security Measures; SQL Injection to XSS to CSRF; Battle for Output Context; New Technologies HTML5; Bad Practices Invite Holes; Security as Add-on; Lack of Information; Lack of Consistency; A New Mindset for Web Application Security; ; Web Application Attack Surface; Attack Vectors; Common Threats; SQL Injection; Cross-Site Scripting; Cross-Site Request Forgery; Session Hijacking; Defending Input and Output Streams: First Glance; GET Requests; POST Requests; COOKIE Data; Session Fixation; Cross-Site Request Forgery; Theory of Input Filtering and Output Escaping; Input Validation; Input Filtering; Output Escaping; You Must Know Where Your Data Is Displayed; ; PHP Security Anti-Patterns; Anti-Pattern #1; Not Matching Data Character Set to Filter Character Set; Not Designing with Content Security Policy Anti-Pattern; One Size Fits All Anti-Pattern; Misinformation Anti-Patterns; The Mantra Anti-Pattern; Critical Data Type Understanding and Analysis; Single Data Type Anti-Pattern; AllForeword; Introduction; Industry Analysis; Preface; Acknowledgments; Biography; ; Introduction to Mobile Security Development; Understanding Secure Web Development; What This Book Is; What This Book Is Not; Prerequisite Technologies; Applying Architecture Tools to Security; Creating Consistent Reusable Code from Project to Project; Mobile Application Using HTML5, AJAX, and jQuery Mobile; Mobile App—A Social Mashup; Client Technologies; Client Application Layout; Server Application; Evolution of Security Measures; SQL Injection to XSS to CSRF; Battle for Output Context; New Technologies HTML5; Bad Practices Invite Holes; Security as Add-on; Lack of Information; Lack of Consistency; A New Mindset for Web Application Security; ; Web Application Attack Surface; Attack Vectors; Common Threats; SQL Injection; Cross-Site Scripting; Cross-Site Request Forgery; Session Hijacking; Defending Input and Output Streams: First Glance; GET Requests; POST Requests; COOKIE Data; Session Fixation; Cross-Site Request Forgery; Theory of Input Filtering and Output Escaping; Input Validation; Input Filtering; Output Escaping; You Must Know Where Your Data Is Displayed; ; PHP Security Anti-Patterns; Anti-Pattern #1; Not Matching Data Character Set to Filter Character Set; Not Designing with Content Security Policy Anti-Pattern; One Size Fits All Anti-Pattern; Misinformation Anti-Patterns; The Mantra Anti-Pattern; Critical Data Type Understanding and Analysis; Single Data Type Anti-Pattern; All Incoming HTTP Data Are Strings; Validation by Type Process; Input Same as Output Anti-Pattern; The Assumed Clean Anti-Pattern; Improper mysql_real_escape_string() Usage; Filtering versus Escaping versus Encoding; Only One Output Context Anti-Pattern; Lack of Planning Anti-Patterns; Lack of Consistency Anti-Patterns; Lack of Testing Anti-Patterns; Parameter Omission Anti-Pattern; Design Practices Anti-Patterns; No Clear Separation of HTML and PHP Code Anti-Pattern; Too Many Database Function Calls; Misleading Filtering Anti-Pattern; Too Many Quotes Anti-Pattern; Raw Request Variables as Application Variables; Common Direct URL Input Anti-Pattern; Poor Error Management Practices; Poor Cryptography Practices; Poor Cookie Expiration; Poor Session Management; Overcoming Anti-Patterns: Patterns, Testing, Automation; ; PHP Essential Security; A Consistent UTF-8 Character Set; UTF-8 in the Database; UTF-8 in the PHP Application; UTF-8 in the Client Browser; Clean Secure Data; Input Validation: Account for Size and Type; Escape Output: Account for Context; Database Access Pattern; Application Secrets Location Pattern; Error Processing Pattern; Error Logging Process Pattern; Authentication Pattern; Authorization Pattern; White Listing Acceptable Input; PHP Security Design Best Practices Summary; Architect Application Character Set; Architect HTTP Request Patterns; Architect HTTP Cookie Usage; Architect Input Validation; Architect Output Escaping; Architect Session Management; Protect Secret Files/Protect Included Files; Protect User Passwords; Protecting User Session Data; Protect against CSRF Attacks; Protect against SQL Injection Attacks; Protect against XSS Attacks; Protect against File System Attacks; Proper Error Handling; OWASP Recommendations for PHP; The Checklist; Additional PHP Security Checklist; Disable Dangerous PHP Functions; ; PHP Security Tools Overview; Object Language Support; Abstract Classes, Interfaces, Façades, Templates, Strategy, Factories, and Visitors; Variable Variables: Power DRY; Native Function Support; Encoding Functions; DRY Enforcement Functions; Type Enforcement Functions; Filter Functions; Mobile Functions; Cryptography and Hashing Functions; Modern Crypto; Modern Hashing; Modern Salting and Randomization; HTML Templating Support; How to Inline Heredoc Functions; Best Practices Tips; Use Integer Values as Much as Possible; Use Type Enforcement Everywhere You Can; Enforce String Sizes and Numeric Ranges Politely; Cut Strings before Filtering; Keep Strings as Small as Possible for Filters and for SQL Tables; Issues to Avoid; The Reason for PDO Prepared Statements; Deprecated Security Functions; Modern Crypto versus Old Crypto; ; UTF-8 for PHP and MySQL; Why UTF-8; UTF-8 Advantages; UTF-8 Disadvantages; How UTF-8 Affects Security; Complete PHP UTF-8 Setup; UTF-8 MySQL Database and Table Creation; UTF-8 PDO Client Connection; Manual UTF-8 PDO/MySQL Connection How To; PHP UTF-8 Initialization and Installation; UTF-8 Browser Setup; Header Setup; Meta-Tag Setup; Form Setup; PHP UTF-8 Multi-Byte Functions; UTF-8 Input Validation Functions; UTF-8 String Functions; UTF-8 Output Functions; UTF-8 Mail; UTF-8 Configuration PHPUnit Testing; Test PHP Internal Encoding; Test PHP Output Encoding; PHPUnit Test Class for Asserting UTF-8 Configuration; ; Project Layout Template; Every App Has Some Basic Similarities; Project Layout Should Be Handled Consistently; Select Query Wrapper; Separation of HTML Static Resources; The Completely Commented Files; PHP PDO/UTF-8 Security Checklist; ; Separation of Concerns; What Is Separation of Concerns?; Keep HTML as HTML; Keep PHP Out of HTML; Keep JavaScript Out of HTML; Content Security Policy; Keep CSS Out of JS; Use of IDs and Class; Summary; ; PHP and PDO; PDO UTF-8 Connection; MySQL UTF-8 Database and Table Creation Support; PDO Prepared Statements; Prepared Statement Examples; Selecting Data and Placing into HTML and URL Context; PDO SELECT Queries and Class Objects; Quoting Values and Database Type Conversion; PDO Manual Quoting Example; PDO and WHERE IN Statements; White Listing and PDO Quoting of Column Names; Summary; ; Template Strategy Patterns; Template Pattern Enforces Process; Account Registration Template; Account Registration Template—Activation; Strategy Pattern for Output Escaping; Escaping Strategy Class; Improved Escaping Strategy Class; The Input Cleaner Class; Testing the Cleaner Class; Examples of Cleaner::getKey() Validation Usage; ; Modern PHP Encryption; Using MCrypt for Two-Way Encryption; Encrypting Hashed Passwords with Blowfish; ; Professional Exception and Error Handling; Configuring PHP Error Environment; Secure php.ini and Error Log Files; Error Options Overview; Production Error Configuration for php.ini; Development Error Configuration for php.ini; PHP Error Level Constants; Exception Handling; Introduction to Exceptions; Trapping All Errors and Exceptions; Converting Errors to Exceptions; ErrorManager Class; Handle Fatal Errors with register_shutdown_function(); ; Secure Session Management; The SSL Landing Page; Secure Session Overview; Secure Session Management Checklist; Session Checklist Details; Setting Configuration and Setup; Detecting Session Tampering; Force Page Request over SSL; SSL Redirect; Protocol Relative Links; ; Secure Session Storage; PHP Default Session Storage Overview; Session Storage Life Cycle; Session … (more)
- Edition:
- 1st
- Publisher Details:
- Boca Raton : Auerbach
- Publication Date:
- 2014
- Extent:
- 1 online resource, illustrations (black and white)
- Subjects:
- 005.256
Portable computers -- Programming
Mobile computing -- Security measures
Application software -- Development
Mobile communication systems -- Security measures
PHP (Computer program language)
JavaScript (Computer program language) - Languages:
- English
- ISBNs:
- 9781482209044
- Related ISBNs:
- 9781482209037
- Notes:
- Note: Includes bibliographical references and index.
Note: Description based on CIP data; item not viewed. - Access Rights:
- Legal Deposit; Only available on premises controlled by the deposit library and to one user at any one time; The Legal Deposit Libraries (Non-Print Works) Regulations (UK).
- Access Usage:
- Restricted: Printing from this resource is governed by The Legal Deposit Libraries (Non-Print Works) Regulations (UK) and UK copyright law currently in force.
- View Content:
- Available online (eLD content is only available in our Reading Rooms) ↗
- Physical Locations:
- British Library HMNTS - ELD.DS.143977
- Ingest File:
- 02_082.xml