Often, these days vulnerabilities are still being found in web applications. PHP has a pretty bad reputation regarding security, including one of the most popular frameworks WordPress. It's not to say making applications without vulnerabilities is easy- or that it's possible. But we really should try harder.

Us as PHP developers, need to make sure our data is safe from attackers. We need to stop this nonsense. And it's a big issue, big companies and businesses are continuing to be exploited and breached because of their security. I believe one of the big companies recently had a database breach, and they looked like they were stored with base64 and either sha1 or md5 hashing. I don't recall which company this was.

But remember, hashing, encryption, is only a small part of keeping your applications secure. You also have SQL injection, cross-site scripting, session hijacking, remote file inclusion, cross-site request forgeries.

And that's to name a few off the top of my head. There's a lot to cover in web application security.

You can start off with PHP The Right Way, and PHP Delusions. They're great, especially for beginners(at least I think so).

Let's get real.

That stuff up there? Those links? Their information? It's absolutely great! It really is. It's basic, more of a baseline. A starting point, if you will.

Paragonie

They make open-source software, for PHP security!

Their blog is amazing! However, they're not well known. They really should be though. So why don't you help with that? Once you're convinced they're amazing, start recommending their posts, and them in general.

They cover a lot of things. If you wanna get serious about web application security, I highly recommend you bookmark that page, follow them on Twitter, and keep an eye out for any future blog posts.

Don't forget to go through their archives. There is a lot of stuff there.

Psst! They're on here too.