Linux Blog

Mashups: Strategies for the Modern Enterprise Review

Filed under: General Linux — TheLinuxBlog.com at 6:30 am on Wednesday, October 27, 2010

Mashups Strategies for the Modern Enterprise Review

I went to the local library to pick up some books, this time I actually browsed the IT section. To my surprise I found some relatively (in library sense) new books, one of which was “Mashups: Strategies for the Modern Enterprise.” I wasn’t going to pick it up, but I saw it was from Addison-Wesley. Not only my favorite publisher because they publish decent books, but they also have a great logo (triforce anyone?) If that wasn’t enough to convince me, the cover certainly was. I mean come on its a pear-orange-lemon-plum-lime-apple I’d like to see what one of those tastes like. Essentially this is what this book is about; Mashups. Taking things that don’t necessarily belong together and bringing (mashing) them together to make something new and interesting.

I thought I knew a bit about mashups, which is why I was hesitant to pick it up. After taking it home I found it to be way more in depth than I first imagined. Explaining different models in depth really makes one think about the larger pictures. There is a whole chapter dedicated on how to create a sample mashup. It gives the principles and leaves the reader (in this sense me) with a better understanding of the inner workings of mashups. It even includes a portion on security that doesn’t just seem like it was added in as an after thought.

I may just have to pick up my own copy of this book because I feel bad that I’ve renewed it once already. I think other people could benefit from reading it. Who knows maybe they’ll read this review and use the recall function, its definitely worth the time and money.

Securing PHP Web Applications Review

Filed under: General Linux — TheLinuxBlog.com at 11:43 am on Friday, February 27, 2009

Securing PHP Web Applications

As a somewhat seasoned PHP developer, I’m always looking for ways to improve code and keep up with the latest happenings. When I saw the book, “Securing PHP Web Applications” by Addison-Wesley, I thought I’d give it a look. PHP is known for its wide deployment and rapid development. Unfortunately, with such a large user base, it is not uncommon to see mistakes within development. Often developers are unaware that what they are doing is insecure. This book addresses important security concerns every developer should be aware of.

The first ten chapters are on programming practices of which, if you’re a system administrator, may not interest you. If you are a developer you should know, understand, be able to fix and, of course (the fun part), exploit for demonstration.

Chapters 11, 12 and 13 are essential reading to any system administrator who will be supporting a LAMP or WAMP stack.
The IIS chapter may not apply to those reading this blog since we all know that securing IIS is not necessary when you’re running Linux. The chapters on securing PHP, MySQL, and Apache outline the basic concepts and give some important pointers that may not be obvious to everyone.

Chapter 14 (Introduction to Automated Testing) and Chapter 15 (Introduction to Exploit Testing) have really opened my eyes to methods I have not used before. We’ve all heard of Selenium and PHPUnit but what about CAL9000 and PowerFuzzer? I’ll be off to try them soon. I can always appreciate applications designed to help secure applications. Nessus, Nikto and MetaSploit lack any mention in this book but now that you’ve read this review, you’ll know to look into those as well.

Chapter 16 is on designing secure applications and 17 is on patching, which would have been useful for me to explain to someone as to why they shouldn’t be working on their production site (to make things worse with no version control.)

There are so many products out there that are vulnerable to some of the attacks. We see them everyday in the security lists. I think that any company and developer of PHP based Web Applications should have a keen grasp on the concepts outlined within the pages of this book.

I do not think, however, that “Securing PHP Web Applications” is a book that is necessarily intended for every developer out there. I think its a great book for anyone with an active interest in security that has been developing for a while but would like some pointers on how to secure their web apps or a reference for developers in need.

For more information and a sample chapter, please visit the publisher page: http://www.informit.com/title/0321534344 or if you subscribe to Safari Books Online you can access the complete book here: http://techbus.safaribooksonline.com/9780321534347