Hashing passwords, encrypting credit cards Simple password (MySQL %ENCODE%) Asymmetric cryptography (PHP OpenSSL) HTTPS Self signed - user must pick up his phone Authorities - study politics of all of them Cross-Site Request Forgery Protecting e-mail forms from spam %strpos($email, "\n")% is simple solution Technique: Let logged user perform some action without knowing it (%IMG SRC% or %FORM%+%SCRIPT% on attacker's page). Risk: Modify data, display only with other leaks. Defense: Referer, parameter in URL, authorization token. Robots can send spam through contact-us form. http://php.vrana.cz/ukladani-hesel.php http://php.vrana.cz/ukladani-citlivych-informaci.php http://php.vrana.cz/cross-site-request-forgery.php http://php.vrana.cz/e-mailovy-formular.php