You can take a look at the OWASP Top 10, which is a top 10 of the most common flaw in web application. It converts the most common issue that you will come through.
HoLyVieR
2010-09-24 12:32:44
A:
A:
There's some very useful references to security checklists that you should consider in this previous response to the same question
Mark Baker
2010-09-24 12:33:19
Hmmm. Downvoted for referring to a response (I assume that's why I've been downvoted) that lists some good places to look for security advice... wonder if I'd have been upvoted if I'd cut and pasted all those good references into my response? Or downvoted for plagiarising other people's responses
Mark Baker
2010-09-24 13:20:37
good artists copy, great artists steal!! and the latter are stupid!!
getaway
2010-09-25 15:34:01
+1
A:
VERY broad topic indeed. Just to name the basics, which ideally everyone should be aware of:
Don't trust any user input. But this I mean sanitize all user input to prevent SQL injection
Escape all data being outputted on the page appropriately to prevent XSS vulnerabilities and cookie data.
Do not include files based on user input
Log all your errors appropriately. Ideally, in an error log.
Store passwords via a one way hash which incorporate a secure salt.
And read through Seven habits for writing secure PHP applications.
Russell Dias
2010-09-24 12:33:38