Stefano Musarra - 2011-04-13 18:21:31
These days, everyone is concerned about designing your apps with web security in mind from the start. Many "white papers" and wiki articles have rated the OWASP security library among the best plug-in solutions, with several advantages over the security subsystems in the venerable Zend Framework. While there is an HTML filter class that implements OWASP Antisamy on the PHPClasses.org website, the full OWASP library is much more extensive.
Currently, the best tutorial for using OWASP that is easily found with Google is the 4-part series at JackWillk Security: http://jackwillk.blogspot.com/2010/06/using-owasp-php-esapi-part-1.html. This tutorial touches on many important uses of OWASP to fix security holes on the tutorial's demo blogging website, aptly named "Insecure!". To Jack Willk's credit, this is an excellent tutorial with fairly detailed explanations and sample code that actually works.
I propose that the guru's here at PHPClasses.org further expand on Jack Willk's excellent tutorial, with more "Best Practices" examples for implementing more of the routines available in the OWASP library.
