PHP Security Guide

Table of Contents

1. Overview

1.1 What Is Security?

1.2 Basic Steps

1.3 Register Globals

1.4 Data Filtering

1.4.1 The Dispatch Method

1.4.2 The Include Method

1.4.3 Filtering Examples

1.4.4 Naming Conventions

1.4.5 Timing

1.5 Error Reporting

2. Form Processing

2.1 Spoofed Form Submissions

2.2 Spoofed HTTP Requests

2.3 Cross-Site Scripting

2.4 Cross-Site Request Forgeries

3. Databases and SQL

3.1 Exposed Access Credentials

3.2 SQL Injection

4. Sessions

4.1 Session Fixation

4.2 Session Hijacking

5. Shared Hosts

5.1 Exposed Session Data

5.2 Browsing the Filesystem

6. About

6.1 About This Guide

6.2 About the PHP Security Consortium

6.3 More Information