Professional Documents
Culture Documents
Web Security Reviewer
Web Security Reviewer
1. Secrets
2. Scarce Resources
3. Good netizenship
a. htmlentities() - PHP’s htmlentities() function will translate all characters with HTML entity
equivalents as those entities, thus rendering them harmless.
a. parse_url() - PHP’s parse_url() function will split a URI into an associative array of parts. This
makes it easy to check what the scheme key points to (something allowable like http: or ftp:,
or something impermissible like javascript:).