**Threats**
* ((!/XSS XSS))
* XSRF
* Injection (e.g. SQL-Injection)
* Attacks on Session / Cookies/ ~SessionIDs
* Path Climbing
* Session Hijacking
* Hidden Field Manipulation
**Links**
* ((http://www.php.net/manual/en/security.php PHP security manual))
* http://www.modsecurity.org
* ((http://cwe.mitre.org/top25/ Top 25 Most Dangerous Programming Errors))
* ((http://google-gruyere.appspot.com/ Web Application Exploits and Defenses))
* ((https://www.owasp.org/index.php/OWASP_Testing_Project OWASP Testing Guide))
* ((https://www.owasp.org/index.php/Threat_Risk_Modeling threat risk modelling))
* https://openssf.org/resources/guides/
* https://cheatsheetseries.owasp.org/index.html
===Security - Agenda===
* Variable injection
* SQL injection
* Input filtering
* Output escaping
* Security by obscurity
* Fix the rights
* Configuration
* ((Session Cookies and Sessions))
* Information Gathering
* Threat Modelling