In Seven habits for writing secure PHP applications, the following topics are discussed:
- Validate input
- Guard your file system
- Guard your database
- Guard your session data
- Guard against Cross-Site Scripting (XSS) vulnerabilities
- Verify form posts
- Protect against Cross-Site Request Forgeries (CSRF)
In PHP Security Guide, the following topics are discussed:
- Data Filtering
- Error Reporting
- Form Processing: Spoofed Form Submissions, Spoofed HTTP Requests, Cross-Site Scripting, Cross-Site Request Forgeries
- Databases and SQL: Exposed Access Credentials, SQL Injection
- Sessions: Session Fixation, Session Hijacking
- Shared Hosts: Exposed Session Data, Browsing the Filesystem