I have made a web application with PHP and MySQL, and I would like to put it on the web, but I am scared to do so because I am not confident that it is secure. It's not like I'm storing credit card information (It is an app to keep track of income and expenses), however, I still want my users' confidential information to be safe.
I am struggling to find a good course on the topic. I study at Treehouse and love it, however, they don't have a course on this topic. I completed Foundations of Programming: Web Security at Lynda, and while there was a lot of useful information in the course, I still don't really feel confident at making my application secure. It was full of information rather than walking me through the process step by step from start to finish on how to make an application secure.
For example, they recommended Blowfish. But they didn’t walk me through the process of how to actually use it. I didn’t see it being used.
So what I don't want: a bunch of links to different sites that have information on security, like the stackoverflow answer here.
What I do want: a video course that starts with a non-secure web-application and shows me the process of making it secure, so that once I’ve completed the course, I know that I can make my web application secure.
At this stage, I am specifically interested in a secure login system, and from Googling, I see that people say it isn’t a good idea to use your own code for that. So I’ve been looking into PHP libraries and frameworks and started learning Laravel, but is this overkill? Should I really need to learn a whole framework just to make my app secure?
So how do web developers gain the confidence to know that their application is secure enough to put on the web, please?
