Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
I have bee given a chance to tender for a really big project that involves building user input applications (forums, registrations), multi-lingual, and also secure download.
The tender also has requirements regarding security with the emphasis on te following vunerabilities:-
In particular, the website should not be vulnerable to the following attacks:
I admit...i am one that has not used best practices when developing my php apps ( alot of $_GETTING) not big on internal error_handling. So now i need to learn some tricks... I am purusing this part of the forum index as we speak...Can someone like...briefly give me some common basics on security when developing code to prevent such exploits stated given that the ascope of development entails what i had stated about the projects scope of work
Chris Shiftlett's Essential PHP Security (ISBN 0-596-00656-X) is pretty good if all you need is somewhat terse descriptions of exploits and vulnerabilities.
Code Complete (2nd edition: ISBN 0-7356-1967-0)
Writing Secure Code (2nd edition: ISBN 0-7356-1722-8)
High Assurance Design (ISBN 0-321-37577-7)
Preventing Web Attacks with Apache (ISBN 0-321-32128-6)
Plus the usual assortment of Martin Fowler and Gang of Four books that have been cited in OOP threads would likely be beneficial too.
I would recommend that you develop with the options mentionned by feyd in mind... Afterwards you can use your own list to validate...
(But first developing something and then trying to add support for each security item on your list is almost certainly going to become a painfull path).