This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "PHP Security for Architects"
From OWASP
m |
|||
| Line 1: | Line 1: | ||
| + | ==Introduction== | ||
| + | Application security isn't just a feature or an add-on. | ||
| + | Security is directly linked to how an application has been coded: bad designed applications have bad security. | ||
| + | Good software architecture and design is therefore the foundation for secure code. | ||
| + | Security also depends on how it's been incorporated in the software development life cycle and software maintenance processes. | ||
| + | Summarized: architecture, design and process are the 3 pillars for secure code: | ||
| + | |||
| + | === Architecture === | ||
| + | * Don’t glue your application together with code snippets from the Internet | ||
| + | * Structure & Organize your code by using an architectural pattern and/or application framework | ||
| + | |||
| + | === Design === | ||
| + | * Don’t re-invent the wheel | ||
| + | * Follow proven software design principles to avoid common pitfalls | ||
| + | |||
| + | === Process === | ||
| + | * The proof of the pudding is in the testing, before and after going live. | ||
| + | * Maintain and improve your code till the end its life by continuous bug fixing, patching, refactoring, etc. | ||
| + | |||
==Design considerations== | ==Design considerations== | ||
=== Architectural considerations=== | === Architectural considerations=== | ||
Revision as of 22:57, 5 January 2017
Introduction
Application security isn't just a feature or an add-on. Security is directly linked to how an application has been coded: bad designed applications have bad security. Good software architecture and design is therefore the foundation for secure code. Security also depends on how it's been incorporated in the software development life cycle and software maintenance processes. Summarized: architecture, design and process are the 3 pillars for secure code:
Architecture
- Don’t glue your application together with code snippets from the Internet
- Structure & Organize your code by using an architectural pattern and/or application framework
Design
- Don’t re-invent the wheel
- Follow proven software design principles to avoid common pitfalls
Process
- The proof of the pudding is in the testing, before and after going live.
- Maintain and improve your code till the end its life by continuous bug fixing, patching, refactoring, etc.
Design considerations
Architectural considerations
Middle tier
Web Services Middle tier
Middle tier
Noteworthy Frameworks
Zend Framework
PEAR
OWASP Filters
CakePHP
This article is a stub. You can help OWASP by expanding it or discussing it on its Talk page.
