School of Computer and Information Science, Edith Cowan University, Perth, Western Australia
The PHP server-side scripting language has found significant popularity due to its accessibility, simplicity and affordability. With the deployment of PHP-inclusive web development environments becoming easier, universities have begun to offer units of study in the language. However, students coming from a background of HTML-based web development will often not be adequately prepared to consider the security implications associated with a powerful scripting language. It is important that students are taught to recognise and respond to the security implications of their code from an early stage, as a matter of good programming practice. This paper demonstrates how security teachings can be implemented throughout a PHP-based web development unit, and details four pertinent PHP security issues which can and should be addressed in such a unit.