I'm looking for a complete list of security guidelines for programming and deploying PHP web sites and applications on an Apache (Linux) server. Basically, a "security check list" to run through before finishing a project. I.e.,
1. Cross Site Scripting
2. Cross Site Request Forgery
3. Upload files below web root
4. Disable register globals and error reporting in custom php.ini
5. Sanitize form data that goes into database
etc., etc. (the list goes on)
I used to have something like this with a former employer, but their server died and their security guidelines died along with it (apparently, they made no backup -- sigh)...
I did some searching on the internet and in this forum, but couldn't find a comprehensive, succinct, and complete list of guidelines.
Thanks in advance.
Sorry, but you are not allowed to view signatures , please Register or Login