From the course: Exploring and Selecting PHP Frameworks
Unlock the full course today
Join today to access over 24,700 courses taught by industry experts.
Security
From the course: Exploring and Selecting PHP Frameworks
Security
Security is the most important part of your app, and you are uniquely positioned to understand and identify risks. I'm going to start out by saying that in my experience, every framework takes security extremely seriously. Some frameworks have a bad security image. I'll pick on WordPress, not because it's insecure, but because people perceive it that way. But I'll call out that the security team is made up of 50 experts. I definitely don't have that kind of team experience on any of my projects. The primary risk in WordPress is outdated software, either core or plugins or themes. And this is no different for any library you use. I'll be the first to admit that I've worked on projects with a composer.lock file that may have put me in a risky security posture. No framework is going to be perfect, but the greatest risk is the custom code you write for your application. Doctrine, used by Laravel and Symfony offers the ability to parameterize queries to prevent SQL injection. This is easy…