John Squibb

PHP Security Tips

A great deal of time can be spent configuring firewalls, server settings, traffic monitoring applications, and database permissions, but some of the most important strides in application security begin right inside the code. Use the following tips to bolster the security of your PHP web application, one day at a time. They are easy to implement, and can provide those extra layers of security, trustworthiness, and compliance in your project.

Error Reporting

Learn to treat error reporting as an important debugging tool during development, and squash security holes before they make it to the real world.

Password Hashing

Protect the integrity of your users' accounts by hashing sensitive passwords with one-way encryption algorithms. Learn how to add extra entropy to hashes with password salting.

Thwart CSRF with tokens

Minimize Cross-Site Request Forgery attacks by using tokens to protect users from malicious links. Protect application forms from outside submissions and redundant submissions.

Prevent Cross-Site Scripting (XSS)

Prevent malicious injection of code into your website content, blog responses, or forums. Learn some common XSS methods, and how to prevent them with a few built-in PHP functions.