PHP and WordPress Application Security – Useful Links
General
Mozilla Secure Coding Guidelines: https://wiki.mozilla.org/WebAppSec/Secure_Coding_Guidelines
PHP
PHP Manual: http://www.php.net/manual/en/manual.php
PHP Manual – Security Reference: http://php.net/manual/en/security.php
PHP source web viewer: http://svn.php.net/viewvc/php/
Apache
Apache HTTPD source viewer – http://svn.apache.org/viewvc/httpd/httpd/trunk/server/
Various PHP Security docs
PHP Security Checklist: http://www.sk89q.com/2009/08/definitive-php-security-checklist/ TODO – I haven’t looked too closely at this one yet – it’s a bookmark – I am going to review this link more carefully to see if I can use some of it to kickstart a checklist
phpsec.org: http://phpsec.org/projects/guide/
phpfreaks article: http://www.phpfreaks.com/tutorial/php-security
owasp: https://www.owasp.org/index.php/PHP_Security_Leading_Practice
php code execution vulns: http://www.php-security.org/2010/05/20/mops-submission-07-our-dynamic-php/index.html
WordPress
WordPress Manual: http://codex.wordpress.org/
How plugins work: http://codex.wordpress.org/Writing_a_Plugin
WordPress Source Browser: http://core.trac.wordpress.org/browser
WordPress Function Reference: http://codex.wordpress.org/Function_Reference/
Template Tag Reference: http://codex.wordpress.org/Template_Tags
PHP Cross Reference of Variable, Functions, Classes, Constants: http://phpcrossref.com/wordpress/