In this recent post to Reddit.com, the question of application security is asked - the poster wants recommendations on how he should keep his app safe from would-be attackers:
I can code fairly well in PHP these days, but my security isn't so hot. Is there a tutorial or plugin you guys can recommend as to how I should be protecting my php pages/inputs? I want to avoid common attacks like XSS, inputs with NULL or DROP TABLE etc?
Responses on the post include recommendations related to:
- Using the Chorizo scanner to find common issues in your code
- Using PDO for database connections (with bound parameters)
- Not trusting "$_SERVER"
- Data sanitization
There's also links to a few other resources with more details.