Web developers are responsible for writing websites that work today, but also years or even decades from now (though I would argue the average website shouldn’t be left alone for a decade).
It can be difficult to protect a website against all future attacks. There is one big one we all have to be prepared for (because it is just so easy to fix)… SQL Injection attacks.
NETTUTS posted an article, 5 Helpful Tips for Creating Secure PHP Applications.
Frequently PHP sites have security issues, as some things make sense but are just not fully thought out.
When doing web development, it’s nice to program for the ideal input, but we also have to assume all other possible input.
Here’s the list of 5 tips that are explained in detail in the article:
- Use Proper Error Reporting
- Disable PHP’s “Bad Features”
- Validate Input
- Watch for Cross Site Scripting (XSS) Attacks in User Input
- Protecting against SQL Injection