PHP Security workbook for free


One of the PHP security gurus “Chris Shiflett” has put his OSCON tutorial workbook (in .pdf format) on the web. You can get it from his site ( or here (

At only 55 pages it is a very good read for beginners and a nice refresher for experienced programmers.


I noticed a few errors in it but in fact, it’s a very good read. It explains the most important security mistakes and how to avoid them.


Does it mesh well with what the codewalker tutorials are explaining?

I’m beginning to read it now (12 pages in), and it makes sense so far.

BTW, what error did you find? I wouldn’t know a PHP error if it fell out of the sky and broke my nose. :)


Wrong version numbers when explaining which versions are affected and stuff like that, very minor.

Also, the PHP manual now has a section about security. It seems to be based on that article.