[nycphp-talk] PHP-related book comments
Chris Shiflett
shiflett at php.net
Tue Jul 13 23:24:03 EDT 2004
--- John Lacey <jlacey at att.net> wrote:
> One book that I hadn't seen before is "Exploiting Software: How to
> Break Code" by Greg Hoglund and Gary McGraw.
This is a good book. I found myself in agreement with a majority of what
they say, which is rare for most books on Web application security. I came
away feeling like the authors had a good grasp on the subject.
> One small section that I took issue with and am about to write the
> authors about is their characterization of PHP.
I noticed this, too. I'm not sure that it's poor research on their part as
much as a weak attempt at gaining credibility with an uneducated audience.
PHP is an easy target for "poor security" arguments, even if the
reputation isn't deserved.
> So, before I send an email to these guys, is there anything else I
> should point out?
You might simply point out that a book like that is meant to help
developers write more secure code, and since the authors seem to have
difficulty distinguishing between a platform and applications developed
with that platform, you are having doubts about their credibility. :-)
Chris
=====
Chris Shiflett - http://shiflett.org/
PHP Security - O'Reilly
Coming Fall 2004
HTTP Developer's Handbook - Sams
http://httphandbook.org/
PHP Community Site
http://phpcommunity.org/
More information about the talk
mailing list