The article I wrote for the O’Reilly Programming blog has been published this morning – Preventing Problems in PHP Security. In it I talk about three of the major threats (the top three from the OWASP Top 10) – SQL injection, Cross-site scripting and Cross-site request forgeries – and some basic methods of how to prevent them.
I do want to put a disclaimer on the article, though…as one person pointed out already, this article is definitely not comprehensive as far as the methods of prevention. The purpose was to raise awareness about some of the most basic methods for prevention to hopefully spark further research. There’s also a few websec.io articles that can help if you’re looking for more information:
- OWASP Top Ten – Cross-Site Scripting (XSS)
- The External CSRF Threat & Protecting Your App
- SQLi in NoSQL – A Word of Warning
If you’re not already familiar with the concepts behind the OWASP Top 10, I’d definitely suggest you at least read through the latest version to get an idea of what some of the most prevalent threats are out there.