What should every web developer know about encryption?

Question

I\'ve just landed a PHP5 gig. I won\'t be handling the parts of the application that involve super sensitive data, but I still know embarrassingly little about security and encr

Answer 1

If you're looking at it from a PHP context, I'd recommend this book:

alt text http://ecx.images-amazon.com/images/I/51sKhc8YUlL._BO2,204,203,200_PIsitb-sticker-arrow-click,TopRight,35,-76_AA240_SH20_OU01_.jpg

Pro PHP Security on Amazon

The thing I really like about this book is it covers much more than just a list of the security-related functions in PHP. A large part of it covers general web security concepts and protection mechanisms. Permissions, principle of least privilege, encryption, hashing, cross-site scripting, cross-site request forgeries, session hijacking, etc. are all covered here, with examples of writing secure code in PHP.

Having taken graduate-level security classes in college, I'm impressed with the coverage in this book. I'd consider it required reading for any professional PHP developer.