Security has been the talk at the water cooler lately after a flood of recent attacks were successful in obtaining password information from several high-profile web properties: Yahoo!, LinkedIn, eHarmony, Billabong, Last.fm, and others. The unfortunate truth of the matter is there’s no excuse for these leaks; they would not have been possible if simple, well-known security precautions were taken.
Are you protecting yourself and your applications by guarding against SQL-injection attacks? Are you filtering and validating user input? Are you properly hashing user passwords? I hope so! If not, read some of the security-focused articles PHPMaster has published throughout the past year and apply these best practices to your code today!
Why You Should Use Bcrypt to Hash Stored Passwords
Most developers agree that obfuscating stored passwords is a mandatory security feature for any website, but unfortunately the practices we use are falling behind. Here’s why it’s worth taking the time to change your password hashing strategy to use Bcrypt, an easy-to-use, secure and future-proof hashing option.
Preventing Cross-Site Request Forgeries (CSRF)
CSRF is a serious exploit where a user is tricked into performing an action he didn’t explicitly intend to do. Learn exactly how CSRF attacks work and what you can do to protect yourself and your users because, as the old saying goes, “an ounce of prevention is worth a pound of cure.”
Input Validation Using Filter Functions
Filter functions in PHP might not be sexy, but they can improve the stability, security, and even maintainability of your code if you learn how to use them correctly. In this article you’ll learn why input validation is important, why using PHPs built-in functions for performing input validation is important, and how to use some PHP validation functions.
ClamAV as a Validation Filter in Zend Framework
You may be comfortable with using the Zend Framework’s standard validators and filters, but what happens when a situation arises that’s outside the scope of the pre-packaged components? Let’s say you want to guard against users uploading files that contain viruses, for example. This article will teach you just that – how to write a new file validation filter for Zend Framework that uses ClamAV to ensure uploaded files are virus-free.
Cross-Site Scripting Attacks (XSS)
Every PHP programmer has the responsibility to understand how attacks can be carried out against their code to exploit possible security vulnerabilities. Reading this article, you’ll find out more about cross-site scripting attacks and how to prevent them in your PHP scripts.
Multi-Factor Authentication with PHP and Twilio
The proliferation of affordable mobile devices and IP-Telephony has added additional channels for interacting with users, and in this article you’ll learn how to leverage these channels by implementing multi-factor authentication (MFA for short) using PHP and the cloud communications service Twilio.
Monitoring File Integrity
How would you know if something is modified or deleted from your website, either maliciously or unintentionally? This tutorial teaches you how to create a profile of your site’s file structure with hashes which then can be used to monitor the site’s integrity.
Migrate from the MySQL Extension to PDO
This overview shows you the basic methods you’ll need to know to begin migrating your PHP code from using the older MySQL extension to the PDO database abstraction extension, and offers some practical advice so your migration will be as quick and painless as possible and how to avoid SQL-injection vulnerabilities.
Role Based Access Control in PHP
Role Based Access Control is a model in which roles are created for various job functions and permissions to perform operations are then tied to them. A user can be assigned to one or multiple roles which restricts their system access to the permissions for which they have been authorized. In this article you’ll learn more about RBAC, and how to enhance your existing authentication system with it.
Image via Fotolia