Security

At LinkORB we often develop applications that are designed to handle confidential data.

Therefor we expect developers to familiarize themselves with the Security by design principles as described by OWASP.

Code reviews will be performed on any code that gets checked in, paying special attention to these points.

Other PHP specific security resources

• Security page on php.net
• OWASP Security by design principles
• OWASP PHP Cheat Sheet
• Awesome list appsec
• Security section in Awesome list PHP

Holistic security

Writing secure PHP code is only part of the puzzle. Topic-specific security principles will be applied in all relevant components of a production system. For example:

• Infrastructure security
• Architecture
• Confidential information (Credentials, secrets, etc) handling
• SQL security
• Project management
• Access management
• Team-member background checks