In the world of PHP and web applications, there will always be holes in the code that you might not see until it's too late. Thankfully, there are some common flaws that this new article from O'Reilly can help you detect.

In Web App Security Testing with a Custom Proxy Server (there's a mouthful), the author shows you how to look for breaks in your app, and gives you a sample PHP script to act as a proxy server, allowing you to intercept and alter HTTP requests between the web browser and the target web server.

Some of the elements that he mentions (as far as security) include: common session errors, hidden HTML elements, and the big one - input validation. The proxy script they introduce allows you to take some of these kinds of bad requsets, store them temporarily, and, if the user wants, to change the request on the fly. Unfortunately, this kind of script isn't really designed for much more than testing your app, but that's what it's designed for - to help you find the leaks.