What should every web developer know about encryption?

Question

I\'ve just landed a PHP5 gig. I won\'t be handling the parts of the application that involve super sensitive data, but I still know embarrassingly little about security and encr

Answer 1

The short answer

You can never be too secure

Use Salted Password Hashing for increased security

The longer answer (still not complete, though)

Security is not something to be learnt by a quick tutorial on the web. It requires in-depth knowledge of not only what vulnerabilities exist, but WHY they exist and HOW they work. One of the biggest problems (especially in open source), is that new methods are added all the time, therefore we must understand security concepts and theory.

Read books, take classes, and test the vulnerabilities yourself on a local machine. Then you'll slowly begin to grasp the concept behind how to secure a web application.

Check Out the following to start you off

1. Developer's Guide to Web Application Security
2. Web Security Testing Cookbook
3. Applied Cryptography