Writing Secure PHP Applications, By Erik Wrenholt
- Mostly an article on how to avoid the cross-site scripting attack. A site I help maintain actually got hacked with this one—the main design and PHP code on the site had been set up by someone else, and I was just doing small maintenance. The web hosting company detected the attack, and shut down the site until we fixed the problem. The site designer found this link describing both the problem and the solution (it turns out that the original site design was almost identical to the one shown in this tutorial—a wide open door for hacking!)
