In this episode is discuss PHP security. Up till this point I have talked about web app sec in general, but I break from this in honor of the Month Of PHP Bugs that is going on through March.
PHP has frequently been blamed for security problems in applications written in PHP which really is no fault of the language and engine itself. It would be like everyone blaming C and C++ as being insecure, and the cause of tons of security problems. Most of the time the problem is the developers who use the languages, not the languages themselves. However, there are security problems in the PHP codebase which need to be fixed and is what is being highlighted by the Month Of PHP Bugs.
So in this episode I discuss these issues, some of my past projects and some various other issues in PHP… Its so good to be back at the mic, even tho I am still recovering from the flu and had my voice start failing me at the end.
Enjoy!
Podcast: Play in new window | Download (Duration: 1:05:34 — 45.0MB)
Subscribe: Apple Podcasts | RSS
A couple of notes, sainzite your request variables before pulling data directing into you code. Avoid using double quote for simple string echo as it is extra load on php parsing use single quote instead. Play with MVC type frameworks such as Zends framework to get familiar with design patterns. Nice tutorial for beginners but be warned, I had to fire a bunch of people recently who programmed like this go back to programming basics and learn popular framework methodologies.