1. Introduction

1. 1.1. PHP Features
0. 1.1.1. Register Globals
1. 1.1.2. Error Reporting
2. 1.2. Principles
0. 1.2.1. Defense in Depth
1. 1.2.2. Least Privilege
2. 1.2.3. Simple Is Beautiful
3. 1.2.4. Minimize Exposure
3. 1.3. Practices
0. 1.3.1. Balance Risk and Usability
1. 1.3.2. Track Data
2. 1.3.3. Filter Input
3. 1.3.4. Escape Output

2. Forms and URLs

1. 2.1. Forms and Data
2. 2.2. Semantic URL Attacks
3. 2.3. File Upload Attacks
4. 2.4. Cross-Site Scripting
5. 2.5. Cross-Site Request Forgeries
6. 2.6. Spoofed Form Submissions
7. 2.7. Spoofed HTTP Requests

3. Databases and SQL

1. 3.1. Exposed Access Credentials
2. 3.2. SQL Injection
3. 3.3. Exposed Data

4. Sessions and Cookies

1. 4.1. Cookie Theft
2. 4.2. Exposed Session Data
3. 4.3. Session Fixation
4. 4.4. Session Hijacking

5. Includes

1. 5.1. Exposed Source Code
2. 5.2. Backdoor URLs
3. 5.3. Filename Manipulation
4. 5.4. Code Injection

6. Files and Commands

1. 6.1. Traversing the Filesystem
2. 6.2. Remote File Risks
3. 6.3. Command Injection

7. Authentication and Authorization

1. 7.1. Brute Force Attacks
2. 7.2. Password Sniffing
3. 7.3. Replay Attacks
4. 7.4. Persistent Logins

8. Shared Hosting

1. 8.1. Exposed Source Code
2. 8.2. Exposed Session Data
3. 8.3. Session Injection
4. 8.4. Filesystem Browsing
5. 8.5. Safe Mode

A. Configuration Directives

1. A.1. allow_url_fopen
2. A.2. disable_functions
3. A.3. display_errors
4. A.4. enable_dl
5. A.5. error_reporting
6. A.6. file_uploads
7. A.7. log_errors
8. A.8. magic_quotes_gpc
9. A.9. memory_limit
10. A.10. open_basedir
11. A.11. register_globals
12. A.12. safe_mode

B. Functions

1. B.1. eval()
2. B.2. exec()
3. B.3. file()
4. B.4. file_get_contents()
5. B.5. fopen()
6. B.6. include
7. B.7. passthru()
8. B.8. phpinfo()
9. B.9. popen()
10. B.10. preg_replace()
11. B.11. proc_open()
12. B.12. readfile()
13. B.13. require
14. B.14. shell_exec()
15. B.15. system()

C. Cryptography

1. C.1. Storing Passwords
2. C.2. Using mcrypt
3. C.3. Storing Credit Card Numbers
4. C.4. Encrypting Session Data