// Some basics of writing #secure #code from Nathan Good at IBM
1) Validate input
2) Guard your file system
3) Guard your database
4) Guard your session data
5) Guard against Cross-Site Scripting (XSS) vulnerabilities
6) Verify form posts
7) Protect against Cross-Site Request Forgeries (CSRF)
Kind of seem obvious, but they are not to a lot of people. The full read, "Seven habits for writing secure PHP applications", here: http://ibm.co/X0jCyP
