Validation is the process in which data is checked against specific criteria/specification. It is being used to check if the information given by a user is in the expected/correct format before it is processed. Validation is very important as if used correctly, it allows a user to identify and block malicious activity at an early stage. For example if an input field is supposed to accept only numbers, then alpha characters should not be allowed. By restricting the type and format of data to accept, we reduce the possibility of processing invalid data which might cause problems not only during input but also during output in the same or through a third party system.
The best security practice when it comes to software is to make sure it is always up to date with the latest security patches and running the latest supported stable version. Attackers however, will not only try to take advantage of outdated software but also insecure configuration. That means that you might be running a stable and patched version of PHP however misconfiguration can lead to security issues. An example would be the exposure of application errors to users which might give an attacker important information about the underlying system or application configuration.
Part 4 in this series on PHP Security will look at examples of insecure PHP configurations and some common PHP filters used for validation
Get the latest content on web security
in your inbox each week.