Viewers: in countries Watching now:
Hackers target PHP web applications more often than other sites because most PHP code is written by developers with little security experience. Protecting web applications from these attacks has become an essential skill for all PHP developers. Creating Secure PHP Websites shows you how to meet the most important security challenges when developing websites with PHP. Instructor Kevin Skoglund covers the techniques and PHP code needed to develop sites that are more secure, and to avoid common mistakes. Learn how to configure PHP properly and filter input and escape output. Then check out step-by-step defenses against the most common forms of attack, and the best practices to use for encryption and user authentication.
The first step in securing your PHP installation is keeping all of your versions up to date. Keeping versions up to date is quite simply both the easiest and the most important security measure that you can take. Keeping your site secure is going to require an ongoing commitment from you. You can't simply install all the software, launch the website, and then walk away and have it be secure. There are most likely bugs in the software that you're using, that you don't know about, that you can't know about. Those bugs will be discovered over time, either by the good guys or by the bad guys, and those bugs will get fixed.
That's why version updates matter so much. They include bug fixes and security patches that you need. And by the time these security issues get fixed, I guarantee that the bad guys know about them and are ready to use them against you if you haven't upgraded. Now, this applies not just to PHP, but also to other software that you're using for your installation, your web server, your database, libraries of code, and code from third parties, especially if you're using a framework or an application like WordPress. You should also make sure that all your servers are kept on the same latest versions of the software.
Of course, you should test new versions in development or in the staging server in order to catch problems before you put them into production, but as quickly as possible, you want to get all servers on the same version. It would be a real shame if you had a security issue in production that you didn't notice because your development server was running a newer version that had fixed the security issue. Having good software tests in place will also make upgrading versions much easier. It's also a good idea to look around you and to find email lists, RSS feeds or Twitter users that you can follow or subscribe to, which can help to clue you in when new versions become available.
Of course, to find out the latest version of PHP, the best place to look is php.net. On php.net, you can generally find the latest version by looking in the upper right-hand corner and you'll see the latest versions there available for download. There's also usually a list of the releases that come out right here on the home page and you can scroll down through those to find the latest version. I also want to point out that many times these updates include fixes that are referenced by a CVE number like this one. Those refer to the common vulnerabilities and exposures database, which you can find at cve.mitre.org.
If you were to search for that particular CVE that we were just looking at, you'll see that it will tell us what the vulnerability is. That's letting us know then that this version fixes that vulnerability. This was a security hold that has now been fixed by upgrading to this latest version. So you want to be on the lookout for those kinds of security updates in these upgrades. So before you do anything else to improve your security, do this one thing. Make it a regular habit to keep your PHP installation updated.
There are currently no FAQs about Creating Secure PHP Websites.
Access exercise files from a button right under the course name.
Search within course videos and transcripts, and jump right to the results.
Remove icons showing you already watched videos if you want to start over.
Make the video wide, narrow, full-screen, or pop the player out of the page into its own window.
Click on text in the transcript to jump to that spot in the video. As the video plays, the relevant spot in the transcript will be highlighted.