This final part in the series on PHP security concludes with tips for building a web application/system with security in mind.
There are certain things which if done during the development cycle of a web application, will dramatically help reduce the risk of being exposed to a critical vulnerability. Some of those things include but are not limited to:
In computer security, keeping software up to date is critical. Updates commonly include security fixes which patch various vulnerabilities (publicly known or not).
Blacklisting can in most cases be circumvented and sometimes it is very difficult to include every possible forbidden input. There are cases though in which blacklisting can be useful, such as blocking automated bots.
It is very important to spend time to study and understand how the mechanics behind the various functions or technologies you are interested in, work. Not only will you be able to identify insecure or buggy code, but you will also be writing your own scripts in your own style. It is much easier to troubleshoot your own code than somebody else’s.