Security¶
Security is a whole matter: it involves implementing measures and best practices to protect your application and its data from malicious attacks and vulnerabilities.
Security risks may be of different nature: data privacy, identity usurpation, resource abuse, privilege escalation, resource access.
Security applies to PHP itself, and also to the application written with it.
<?php
// classic example of a XSS injection
echo $_GET['a'];
?>
See also PHP Security Best Practices, Vulnerabilities and Attacks, PHP Security and Senior PHP Developers Make These Security Mistakes Too — And Nobody Talks About It.
Related : Audit Trail, Framework, Taint Analysis, Time Of Check To Time Of Use (TOCTOU), Data Leak, Nonce, OWASP, Sensitive Parameter, Code Review, Distributed Denial Of Service (DDOS), Race Condition, Zero Day Vulnerability, hash_equals(), html_entity_decode, htmlspecialchars, Insecure Deserialization, Privacy, Access Control List (ACL), Appeasement Pattern, Dynamic Loading, Escape Character, php://filter, Poisoned Pipeline Execution (PPE), Fuzzing, Hard Coded, Hash Comparisons, OAuth, Shell Exec
