Main book page | Introduction | Checklist
Miscellaneous points | File inclusion and disclosure | File upload vulnerabilities | SQL injection | Cross-site scripting (XSS) | XML and internal data escaping | XML, JSON and general API security | (Un)trusted input | Cross-site request forgery (CSRF) | Clickjacking | Insecure data transfer | Session fixation | Session stealing | Truncation attacks, trimming attacks | Password security | Comparison issues | PHP-specific issues | Prefetching and Spiders | Special files | SSL, TLS and HTTPS basics
Further reading | Authors | Print version