PHP Attacks and Defense

• Use POST rather than GET in forms

• Turn off register_globals and use $_POST instead

• Don't make important actions too easy

• Try to force the use of your own forms

• Learn from your peers!