Related link: http://phpsecurity.org/
Some of the examples in the code repository might raise ethical concerns, but I tried to be very careful not to provide full-featured tools that script kiddies can use. For example, the session injection script only lets you modify strings and is split into two separate examples (edit.php and inject.php), and the script to let you browse the filesystem is very basic. I’ve considered enhancing these to make them more useful (and more robust), but I fear they would be misused. What do you think?
The reviews have been very good. I’m happy to see that so many people appreciate the book’s small size and focus. Thanks to everyone who has taken the time to record your thoughts. I really appreciate it!
Several people have asked how the book is selling, and I honestly don’t know. It has frequently been on Technorati’s Popular Books list as well as in the top 10 PHP books on Amazon. I haven’t found a really good site for tracking the Amazon Sales Rank, but Rankforest isn’t bad (and they use PHP). Anyone have any better suggestions?