Codewalkers.com has posted a new tutorial today from Martin Psinas titled "The PAVISE of Security".
Join notepad as he tours safe coding practices. He presents an easy to remember mnemonic which explains each component to help keep secure coding practices at the forefront in your development.
In the tutorial he talks about the bad reputation that PHP seems to be gathering and how it's less about the langauge and more about the applications written in it. His response is shown the the acronym in the title: PAVISE- Privacy, Administration, Validation, Integrity, Sociology and Environment.
- Privacy deals with keeping server-related info away from the client (what it shouldn't see)
- Administration suggests knowing how things are configured, even if you don't have the access to change them
- Validation (a huge factor) keeps the user data entered from doing bad things to you and your application
- Integrity is the overall strength of your application
- Sociology talks about methods to protect yourself from the social engineering that can happen to anyone
- Environment requires knowing if you're working on a secure platform or not, which could undermine all other efforts
Under each of the headings items are listed out and detailed to help give you a more concrete example. Code examples are also included where appropriate.