Join notepad as he tours safe coding practices. He presents an easy to remember mnemonic which explains each component to help keep secure coding practices at the forefront in your development.Why PHP Gets a Bad Reputation
PHP is certainly not bug free as it has had its share of vulnerabilities, but for the most part PHP gets a bad reputation from popular scripts which use "PHP" in their name even though they are not affiliated in any way with the PHP team itself. Example applications might include phpBB, or phpMyAdmin. The developers behind these and other projects have been asked on more than one occasion to stop using "PHP" as part of their name, and are in violation of the PHP license by repeatedly ignoring the requests. Don't get me wrong, these scripts are great contributions to the community, but consider how it reflects on PHP as a language whenever a vulnerability pops up, even though that vulnerability is far more often than not due to poor coding practices.
The point I am trying to make is that PHP itself is a very secure language, and anyone who says otherwise simply isn't involved enough to know any better; their arguments are more than likely fallible. The biggest problem with exploitable scripts are the people programming them. Because PHP is such an easy language to learn, people tend to jump right in without ever learning the "best practices" or proper techniques. Others may not prefer PHP as their primary language, and only use it (improperly, unfortunately) as their job requires.
What This Tutorial Is
There are many different aspects of development that every PHP programmer should be aware of regarding security; the point of this tutorial is to help you easily memorize a checklist of such which you should reference in every application that you develop. After absorbing this information, you should be able to sit down with any client and assure them with complete confidence that you're a security conscious developer. Additionally, this tutorial should help you think out of the box and allow you to audit yours and others code in an efficient and well organized manner.
What This Tutorial Is Not
This is not an in depth or fool-proof guide as there are many topics I have chosen not to cover and new topics which are appearing all of the time; however, the topics discussed are those I believe to be fundamental. Ultimately, your skill as a security conscious developer will only grow with perseverance, continuous education and a creative mind.
Why PAVISE?
The word pavise is defined as a large shield covering the whole body which was used in medieval times; it is an easy word to remember (especially for a security related article) and will act as an acronym for the different topics I want to cover, which are: Privacy, Administration, Validation, Integrity, Sociology and Environment.
