If you’re reading this, we know two things about you: First, you write PHP applications that run online. Second, you’re not a hard-core security guru. In fact, you’re probably holding this book right now because other security books left you with more questions than you started with, or because this is the first time you’ve really thought about securing your applications.
Our goal in writing this book is to give you the tools you need to make your applications more secure. By their nature, Web applications are inherently insecure. You are allowing unknown users to have direct access to your server. Even if you have a firewall, you have to poke a hole in it to allow your Web application to be accessible to the outside world. These are not security-minded actions.
