Securing php website(and website in general) in all Aspects [closed]

It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so开发者_开发百科 that it can be reopened, visit the help center. Closed 11 years ago.

I dont know whether it is right to post it over here.

Can someones suggest some beginner resources for this topic.

Thanks in advance.

---

I found Added Bytes' Writing Secure PHP a good guide when I was starting out with PHP.

---

I'm not sure if this is an exact duplicate of one of these questions, but you can start reading here in SO itself:

• https://stackoverflow.com/questions/2081243/which-are-the-common-security-issues-that-the-beginners-make-in-php
• https://stackoverflow.com/questions/2119083/php-tutorial-that-is-security-accuracy-and-maintainability-conscious
• Securing PHP forms for beginners? Resources?
• Examples of vulnerable PHP code?

---

In addition to the resources already posted, here are some points to keep in mind:

• Never trust any data that comes from the client, you must assume it may be malicious
• Keep printed error messages generic, they help attackers reverse engineer your code
• Turn indexes off through your .htaccess file (plenty of tutorials on google)
• Encrypt all critical data such as passwords
• Understand the high-level differences between encryption options (AES,MD5,SHA,etc)

You should also be familiar with how some common attacks work such as SQL Injection and Cross Site Scripting (XSS)