PHP: Creating Secure Websites

Learn how to meet the most important security challenges when developing websites with PHP.

Introduction

• The need for security with PHP

1. Security Overview

• What is security?
• Security and PHP
• General security principles

2. Securing Your PHP Installation

• Keeping versions up to date
• phpinfo and phpMyAdmin
• Configure error reporting and logging
• Other configuration options
• PHP on a shared host

3. Filtering Input and Controlling Output

• Validating input
• Sanitizing data
• Keeping code private
• Smart logging
• Cookie configuration

4. Defending the Most Common Attacks

• Cross-site scripting (XSS)
• Cross-site request forgery (CSRF)
• SQL injection
• Session hijacking and fixation
• Remote system execution
• PHP code injection

Conclusion

• Next steps