Want to do some back-end stuff but worried about security

[Talia]

I am mostly a front-end developer but I know a bit of PHP and would like to work on that skill and make some projects. But I have a problem, which is that I'm very nervous about security. I know that's not much of an issue in a local environment, but I'd like to make my creations public and as soon as I do so, I'll have to worry about it. Anything to do with connecting to a database has me worried. Security best practices are fairly confusing for a newbie, so I'm pretty afraid I won't get it/will mess up. How can I deal with this? I feel like I will be much more employable if I learn this stuff and it will really increase the amount of things I can create. But I don't know how to stop worrying about security - how to be confident my creations don't have any major security flaws. To be clear, anything I would do with these skills for my personal projects would be fairly simple, and probably not much sensitive information will be involved, but I'm still worried.

 

[Gummibeer]

Hey,
out of my personal experience/history I highly recommend you to use Laravel for PHP backend.
It comes with all important security measurements by default. You don't have to care about SQL injection and authentication and authorization come by default with pretty simple APIs.

@TGDesigns is also a Laravel "newbie" - possibly he can tell you something from starter perspective.

A recommendation: use pretty strict validation rules on your requests. The stricter the better.
Something good to know is to know some keywords:
* authentication vs authorization
authentication: is the simple login/credentials
authorization: is the check for permission on the logged in uset
* permission vs group vs role
group: is a list of multiple roles
role: combines permissions needed to fullfil a role in app
permission: is the single granular permission - in CRUD these would be 5 permissions per entity: list, show, create, update, delete

Except of validation and authorization you don't have to care about much with Laravel.
Except you start to handle sensitive data or want to fulfill any audits.

 

[Gummibeer]

And regarding web security at all - I can recommend Sqreen!
They also have a dedicated Laravel checklist. But also a lot more stuff you can check.

The Laravel Security Checklist | Sqreen

Download the Laravel Security Checklist to improve the security of your Laravel app. Learn security best practices and secure your app.

www.sqreen.com

 

[kilian]

To echo what Gummibeer said: make sure you use a framework and stay within the confines of it, that should keep you reasonably secure. I think Laravel is an excellent choice for PHP.

 

[TGDesigns]

Ive been learning laravel for the past few months, I was also worried about security but using a framework has helped with that considerably. As other have said dont try to re invent the wheel, I found things like Oauth and laravel's auth system perfectly suitable for the projects I wanted to play with! If you need help or one someone to bounce ideas off im happy to help!

Im currently working on a stock management system using laravel!

And thanks for the shout @Gummibeer 👍😀

Also my bad on the late reply Ive been moving house this last week :/