5Nov/110
PHPCon PL 2011 – Safety of web applications (Przemysław Pawliczuk)
What should you keep in your mind to make your web app more secure?
- Check file content when you receive it through $_FILES. Check if it contains "<?php".
- Remember that image EXIF can be dangerous.
- Salt passwords.
- Do not authenticate on the client side.
- Write down basic procedures what would you do if your application has been hacked.
- Let people in your company use the app for the first time to play and try to break it.
- Separate development from production machines on every aspect.
