PHP/MySQL security--where to begin?

Question

I\'m a PHP/MySQL noob who knows nothing about online security.

Could you point me to some resources that will aid in my knowledge? (Beginner level, please!)

Answer 1

If you have some time, you could take a look at the slides used by Stefan Esser during his conference at the Dutch PHP Conference a few months ago, which title was "PHP Security Crash Course for beginners".

There are a couple of PDF :

• Part I - Introduction
• Part II - XSS
• Part III -CSRF
• Part IV - SQL Security
• Part V - Session Management Security
• Part VI + VII - PHP Code Inclusion and PHP Code Evaluation

Those could be helpful.

Then, don't hesitate to search a bit for non-PHP-specific informations : some security problems (like XSS, SQL Injections, CSRF, ...) are not specific to PHP : only the technical means to avoid them are specific ; so, you could find plenty of informations on sites like Wikipedia, or the OWASP website