Documentation
SPHPlayground manual
sphplayground
sphplayground

Web application security

Security is a process, not a product, and adopting a sound approach to security during the process of application development will allow you to produce tighter, more robust code. https://www.sitepoint.com/php-security-blunders/

Good articles about PHP web application security:

HTML vulnerabilities

Reverse Tabnabbing

Target="_blank" vulnerability

An attack that exploits this vulnerability is the so-called "reverse tabnabbing." It is an attack where a page linked from the target page is able to replace that page with, for example, a phishing site

SQL Injection vulnerabilities

Good Articles about SQL injection:

Cross-site request forgery protection

Framework introduces a CRSFToken class for CRSF token generation. This class requires running PHP session in order for it to work.

  1. Tokens are created by calling CRSFToken::generateToken().
  2. Tokens can be verified by:

Google reCAPTCHA

Google has launched reCAPTCHA v3 to prevent spam bots without any user interaction. reCAPTCHA v3 returns us a spam score that can be used to take various actions in your web app.

Google reCAPTCHA v3

  1. Register a website and get Secret Key Very first thing you need to do is register your website on Google reCAPTCHA to do that click here.

Google reCAPTCHA v3

reCAPTCHA v3 returns a score for each request without user friction. The score is based on interactions with your site and enables you to take an appropriate action for your site. Register reCAPTCHA v3 keys here.

  1. Register a website and get Secret Key Very first thing you need to do is register your website on Google reCAPTCHA to do that click here.

Managing user Passwords with Password

PasswordInterface defines a verifiable password. It is implemented in an instantiable class Password.

Input validation

Form Input validation