On the Paragon Initiative blog has a new post that shares some of their own tips and tricks of how to building secure PHP applications moving forward in to 2018.
As the year 2018 approaches, technologists in general—and web developers in particular—must discard many of their old practices and beliefs about developing secure PHP applications. This is especially true for anyone who does not believe such a feat is even possible.
This guide should serve as a complement to the e-book, PHP: The Right Way, with a strong emphasis on security and not general PHP programmer topics (e.g. code style).
The guide covers a wide rang of topics that can help you secure your applications (and not just PHP ones either) including:
- working with security headers
- safely handling file uploads
- effective password hashing
- general-purpose cryptography
- searchable encryption
- event logging with Chronicle
Each item in the list is a link to another part of the guide where the topic is discussed. In each there's plenty of good information about prevention and implementation as well as links to other tutorials and packages that can help.