In this article, I'll detail many of the common PHP programming mistakes that can result in security holes. By showing you what not to do, and how each particular flaw can be exploited, I hope that you'll understand not just how to avoid these particular mistakes, but also why they result in security vulnerabilities. Understanding each possible flaw will help you avoid making the same mistakes in your PHP applications.
His list includes:
- Unvalidated Input Errors
- Access Control Flaws
- Cross Site Scripting (XSS) Flaws
- Data Handling Errors
There's more listed, so be sure to check out the rest of the article - each item is explained and on some, sample code is included where it makes sense...