Resources for Writing Secure PHP Code

If you have PHP installed, then obviously you’re going to run PHP code. Some of that code might be written by third-party developers and some of it you might write yourself. Either way, you should learn about secure coding practices for PHP. Doing so can help you write better code and help you audit third-party code for potential problems.

To help you write your own secure PHP code, I went looking for resources and found several decent Web sites that provide writing support and some tools that look for coding vulnerabilities. The sites at the URLs below are a big help, so take some time to study them carefully.

Secure Programming in PHP

PHP—Secure coding

Secure Programming for Linux and Unix HOWTO, Chapter 10, Language-Specific Issues, 10.8 PHP (this pertains to Windows also)

PHP Security Consortium’s PHP Security Guide

PHP Input Filter (Developer Shed’s Network, PHP Scripts)

SecurePHP Wiki

PHP Top 5 (security problems extracted from SANS Top 20 list)

Top 10 ways to crash PHP

Chorizo! Web Application Security Scanner

PHP Security Scanner

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.