DevShed continues their series focusing on the security of your web application in this fifth part of the series. This time they look at preventing attacks on your app via correct authentication.

You will probably recall from the last article that I mentioned the existence of two methods of authentication and discussed the first one, which is through an HTML form. In this article, the fifth one in an eight-part series, we'll start with the second method of authentication. We'll also discuss how attackers may gain access to your system.

This authentication method uses a simple form to let the user pass in their credentials. Unfortunately, because of its simplicity, this also opens it up to three kinds of attacks - password sniffing, reply attacks and brute force attacks.

The more PHP the better. Or, is it? Would it perhaps take some deeper PHP knowledge to develop real world web applications with it? Or maybe having a good sense about web application security is actually needed? Maybe!

So starts Leendert Brouwer's latest post today - a look at creating secure web applications in PHP. He covers some of the more common pitfalls and seldom mentioned issues that could cause you and your script big headaches later on.

He breaks up the post into fourteen different sections that include:

• The Evil User
• XSS Attacks
• Dynamic File Inclusion Attacks
• Incorrect Session Usage
• Filesystem corruption

Of course, there's code where it's needed, and plenty of explaination and examples to make sure you know what's going on. There's also a "just to be sure" section at the end that shares a few other parting bits of wisdom - database permissions, the importance of backups, and a note to do just what your mom always told you to do - clean up your (development) mess when you're through.