More often than not, web applications start off as a bright idea, which is then brought into realization at a fast and furious pace, with little eye for anything but result. Once all envisioned functionality is incorporated in the design and the project is launched, developers will be assigned to the next project.
Notwithstanding a few bug fixes, the final – yet essential – step of software development is more often than not, omitted: the security audit. Despite the fact that these checks are regarded as tedious and superfluous, practice shows that it is time well spent: numerous, often severe vulnerabilities come to light.
In the presentation below that I gave at the PHP UK Conference in London, I’ll detail how to incorporate security checks into the software development process. I’ll also step through the implementation, and caveats of a security audit.
The slides that I used: