Survive The Deep End: PHP Security

Survive The Deep End: PHP Security

Author: Padraic Brady

There are many ways to start a guide or book on PHP Security. Unfortunately, I haven’t read any ofthem,soIhavetomakethisupasIgoalong. Solet’sstartatthebeginningandhopefullyitwill make sense. IfyouconsiderawebapplicationthathasbeenpushedonlinebyCompanyX,youcanassumethat there are many components under the boot that, if hacked, could cause significant damage. That damage may include: 1. Damage to users - which can include the exposure of emails, passwords, personal identity data,creditcarddetails,businesssecrets,familyandfriendcontacts,transactionhistory,and the revelation that someone called their dog Sparkles. Such information damages the user (person or business). Damage can also arise from the web application misusing such data or by playing host to anything that takes advantage of user trust in the application. 2. DamagetoCompanyX-duetouserdamage,lossofgoodreputation,theneedtocompensate victims and partners, the cost of any business data loss, infrastructure and other costs to improvesecurityand cleanuptheaftermath, travelcostsforwhenemployeesendupinfront of regulators, golden handshakes to the departing CIO, and so on

Download