PHP remains the most popular server-side language for websites and web applications. According to the latest data from w3techs, it is used by 79% of websites whose server-side language is known. Therefore, secure PHP programming and configuration are of critical importance.
There are more reasons, why PHP should be treated with extra care when it comes to security. It is a very forgiving language, which makes it easier to introduce simple errors. There are also many libraries and extensions that can introduce errors beyond your control. Last but not least, the approach to PHP security is often lax. For example, many administrators fail to keep the engine updated.
How To Keep PHP Secure
To help you keep your PHP applications and environment secure, read our comprehensive, five-part guide that was prepared by our development and research team:
- In Part 1, we talk about the problem of SQL Injections in PHP and how to prevent them.
- In Part 2, we focus on other typical PHP vulnerabilities: Code Injection and Directory Traversal.
- In Part 3, we teach you how to prevent Cross-site Scripting and how to securely store passwords.
- In Part 4, we go through various configuration settings that are important to PHP security.
- Finally, in Part 5, we finish off with some helpful tips and tricks.
*** This is a Security Bloggers Network syndicated blog from Web Security Blog – Acunetix authored by Tomasz Andrzej Nidecki. Read the original post at: http://feedproxy.google.com/~r/acunetixwebapplicationsecurityblog/~3/vpm1pyoGTcA/