Guías: Código seguro en PHP

• PHP Security Guide - Rob Miller
  

  Since PHP is a very high-level scripting language, some of the potential security flaws that many languages present are totally irrelevant to PHP; you don't have to manage your memory, for example, and thus don't have to worry about things like buffer-overflows. Being a high-level language also means that PHP is much easier to learn; however, this is possibly the biggest problem with the language as a whole. Many people learn PHP as a first language and don't consider some of the fundamental considerations one must make when writing scripts, particularly ones as public as web applications.

  This guide aims to familiarise you with some of the basic concepts of online security and teach you how to write more secure PHP scripts. Whilst it's aimed mainly at beginning PHP programmers, I hope that there are some more advanced users who can take something away from the guide.
  Guía
  
  
• Tutorial PHP Security
  
  Writing PHP applications is pretty easy. Most people grasp the syntax rather quickly and will within short time be able to produce a script that works using tutorials, references, books, and help forum forums like the one we have here at PHP Freaks. The problem is that most people forget one of the most important aspects that one must consider when writing PHP applications. Many beginners forget the security aspect of PHP. Generally, your users are nice people, they will do as they are told and you will have no problem with these people whatsoever. However, some people are not quite as nice. Some people are outright malicious and are seeking to do damage on your website. They will scrutinize your application for security flaws and exploit these holes. Many times the beginner programmer did not know that these things would even be a problem and therefore it might be a problem to fix the holes. In this tutorial we will look at some of these issues so you can learn how to deal with them, and better yet, prevent them. Obviously I will not promise you that by following this tutorial you will never get successfully attacked. As you become bigger you will also become a bigger and therefore more interesting target - something we have experienced ourselves here at PHP Freaks.
  Tutorial
  
  
  
• The PHP programmer’s guide to secure code Richard Clarinsson Samuel Magnusson
  
  
  
  Content:Security threats against computer systems are a big problem today which also includes PHPmade applications. The report is focused on protection with the help of code and not how youprotect a web server. Its purpose is not to educate the readers of the thesis how to make a PHPapplication, the purpose is how to program a safer PHP application.
  
  The thesis contains information about common security threats against PHP scripts. It contains in most cases examples of what an attack can look like and how a protection for that example can be achieved. We have tested all code examples if they work by installing our own server with the configurations according to the delimitations of the thesis and putting up small PHP applications, which we have attacked and then protected.
  
  The contents and result of this thesis can benefit developers that use PHP as a programming language for creating web applications, by giving them information about common threats and protection.
  Descarga
  
  
  
  
• PHP Security Guide - PHP Security Consortium

  The PHP Security Guide is the flagship project of the PHP Security Consortium. This guide offers detailed information pertaining to a number of common security concerns for all PHP developers. Project Lead: Chris Shiflett.
  Descarga: PHP Security Guide 1.0 (English) - HTML, PDF, DocBook Lite
  
  
  

• Top 7 PHP Security Blunders - Pax Dickinson
  
  PHP is a terrific language for the rapid development of dynamic Websites. It also has many features that are friendly to beginning programmers, such as the fact that it doesn't require variable declarations. However, many of these features can lead a programmer inadvertently to allow security holes to creep into a Web application. The popular security mailing lists teem with notes of flaws identified in PHP applications, but PHP can be as secure as any other language once you understand the basic types of flaws PHP applications tend to exhibit.