Steps for implementing advance security using raw-php?

I got a small project where I just have to make their authentication . They are quite serious about their security and they want raw-php as well .

I tried my best to implement maximum steps to make it hard secure

I did validate and sanitize the inputs both in client (using validatorjs) and in server as well
Added CSRF token protection
Encrypted maximum things as possible
Added recaptcha also
bcrypted encrypted passwords
have email verification authentication as well
added filters and validators for sql injection and XSS protection.

Is there any major or minor thing I am missing ? Or please do suggest your measures. and also if any php security library can be mentioned would be helpful. They are mainly concern about their data as their data would be quite important and they do want security from any kind of breach or flaws

Thanks

Step1 . ctrl + a Step2 Shift + del Step 3 no need to reinvent the wheel. Find a framework that whole bunch of people already thought, experimented and implemented the best way to accomplish it. Download and focus on business logic.

Maybe this checklist will help

sqreen.io/checklists/php-security-checklist

I highly recommend using OWASP projects to inform yourself about security in a software engineering scope. For example the ASVS is a simple checklist you can use to make your application generally secure.

Thanks a lot...I actually forgot about the OWASP top 10. Thanks

Thread

Steps for implementing advance security using raw-php?

Responses(4)

Recent threads

Search Hashnode

Steps for implementing advance security using raw-php?

Responses(4)

Recent threads