PHP Security Part 5: Top Tips

This final part in the series on PHP security concludes with tips for building a web application/system with security in mind.

There are certain things which if done during the development cycle of a web application, will dramatically help reduce the risk of being exposed to a critical vulnerability. Some of those things include but are not limited to:

Software Update

In computer security, keeping software up to date is critical. Updates commonly include security fixes which patch various vulnerabilities (publicly known or not).

Validation

Never rely solely on client-side validation as it can be easily bypassed. For instance, an attacker can disable/remove any JavaScript from the source code of a page and submit a form without any validation.

Blacklist

Blacklisting can in most cases be circumvented and sometimes it is very difficult to include every possible forbidden input. There are cases though in which blacklisting can be useful, such as blocking automated bots.

Research

It is very important to spend time to study and understand how the mechanics behind the various functions or technologies you are interested in, work. Not only will you be able to identify insecure or buggy code, but you will also be writing your own scripts in your own style. It is much easier to troubleshoot your own code than somebody else’s.

Read Part 5: PHP Security Mini Guide – PHP Security Tips

Share this post

Leave a Reply

Your email address will not be published.