PHP Web Application Security Vulnerabilities

• Use SSL to prevent network sniffing

• Use mcrypt

• If you store keys, mind the security on the key storage

• Don't store plaintext passwords

• Watch out for misconfigured shared hosting environments