As a PHP coder myself, I know that it can be difficult for new programmers to build secure code. Aside from the Apache server config and the PHP config directives, writing secure code in PHP often is an afterthought — and it’s really easy to write insecure code with PHP.

Where many of the difficulties lay are in the use of Database connectivity, flashy AJAX and powerful Javascript to make a highly functional, good looking site. When coding these applications, many developers will pull pieces of code from other sites and integrate them into their own, often times not aware of input validation flaws, overflows and use of insecure PHP functions.

Where PHP often fails as a language is that it’s just that–a language. In and of itself, there are no input validation classes, no XSS or SQL Injection class to use, and no re-usable security mechanisms that can be used out of the gate.

In searching for frameworks that can be utilized by programmers to assist them in writing more secure PHP code, I ran across CakePHP. CakePHP is a PHP Framework that allows for the rapid coding of new applications using a Model, View, Controller (MVC) architecture. Aside from enabling the rapid development of new data-driven applications, CakePHP has some really good input validation classes that are extremely simple to use.

One of the main drawbacks with coding your own input validation with PHP is that many programmers aren’t familiar enough with regular expression syntax matching to make effective input validation routines–CakePHP simplifies this with pre-built functions for CC validation, SSNs, email addresses, password complexity and more.

Aside from its input validation classes, CakePHP allows developers to easily generate AJAX-enabled views, RSS feeds, XML and more without heavy modification of code or 3rd party downloaded scripts. Having been running through CakePHP for the past few weeks, I’m really impressed. I was really dumbfounded when I realized that CakePHP has been around for a really long time, has a corporate-sponsored team of developers and a very large base of programmers using it.

Any organization that utilizes PHP for writing public-facing web applications should look into (and require) a PHP development framework like CakePHP to ensure consistency and provide a baseline for common security features.