This final part in the series on PHP security concludes with tips for building a web application/system with security in mind.

There are certain things which if done during the development cycle of a web application, will dramatically help reduce the risk of being exposed to a critical vulnerability. Some of those things include but are not limited to:

Software Update

In computer security, keeping software up to date is critical. Updates commonly include security fixes which patch various vulnerabilities (publicly known or not).


Never rely solely on client-side validation as it can be easily bypassed. For instance, an attacker can disable/remove any JavaScript from the source code of a page and submit a form without any validation.


Blacklisting can in most cases be circumvented and sometimes it is very difficult to include every possible forbidden input. There are cases though in which blacklisting can be useful, such as blocking automated bots.


It is very important to spend time to study and understand how the mechanics behind the various functions or technologies you are interested in, work. Not only will you be able to identify insecure or buggy code, but you will also be writing your own scripts in your own style. It is much easier to troubleshoot your own code than somebody else’s.

Read Part 5: PHP Security Mini Guide – PHP Security Tips

Agathoklis Prodromou
Web Systems Administrator/Developer
Akis has worked in the IT sphere for more than 13 years, developing his skills from a defensive perspective as a System Administrator and Web Developer but also from an offensive perspective as a penetration tester. He holds various professional certifications related to ethical hacking, digital forensics and incident response.