Secure Coding in PHP

Password Encryption

• Passsword Hashing
  http://phpsec.org/articles/2005/password-hashing.html
• Overview of MD5 and SHA1
  http://corz.org/windows/software/checksum/md5-sha1-algorithms.php
• Rainbow Tables
  http://www.rainbowtables.net/faq.php
• MD5 Hash
  http://www.decrypt-md5.com/
• SHA1 Hash
  http://www.tuxradar.com/practicalphp/4/7/10
• Salt Values to Secure Hashing (Double Hash and Salt)
  http://pbeblog.wordpress.com/2008/02/12/secure-hashes-in-php-using-salt/
• For Inquiring Minds: How Rainbow Tables Work
  http://kestas.kuliukas.com/RainbowTables/

SQL Injection

• SQL Injection Part 1 - PHPAcademy Video (7:59 min)
  http://www.youtube.com/watch?v=YyaQw0ae_7I
• SQL Injection Part 2 - PHPAcademy Video( 4:28 min)
  http://www.youtube.com/watch?v=e4EYkoLlSq0&feature=fvwrel
  
• MySql SQL Injection Prevention
  http://www.tizag.com/mysqlTutorial/mysql-php-sql-injection.php
• SQL Injection Attacks by Example
  http://www.unixwiz.net/techtips/sql-injection.html
  

SSL

• SSL Certificates: What are they and who needs them? - Network Solutions (3:01 min)
  http://www.youtube.com/watch?v=zPqtx1J6udc
• Webopedia: SSL
  http://www.webopedia.com/TERM/S/SSL.html
• Potential Vendors (Disclaimer: This is not an endorsement of these products rather just a listing from a search on the Internet. Use them at your own risk. Check each of them out before making any decision.)
  • GoDaddy
    http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=9039
  • Symantec
    http://www.verisign.com/ssl/index.html
  • Thawte
    https://www.thawte.com/products/index.html?sl=t91570385670000007&gclid=CI7x8ou2sKgCFUgbQgodohdQHQ
    

Additional Resources

• PHP Security Script
  http://www.hotscripts.com/category/scripts/php/scripts-programs/security-systems/
• Top 5 Secure Coding TIps for PHP
  http://www.paladion.net/top-5-secure-coding-tips-for-php-applications/
• PHP Security Consortium - Security Guide
  http://phpsec.org/projects/guide/