I've focused my night on better grapsing authentication security and believe I have made good progress. To date I have simply relied on SHA1 hashing and prepared statements - not much, right... So I knew it was time to pick up some new skills.
What I came across was very new, BlowFish, which I have never heard of, and salting, which I have heard of but not deeply looked into before. I was amazed about how simple they were to grasp! I'm now using a salt, using blowfish and then encrypting the whole lot with PHPs crypt() function. Woo!
What I would like to know is - what else can be done, whether basic or very very advanced, to further secure a web application, other than transport layer such as SSL certificates.
I've considered the adoption of checking for perculiar characters within fields to increase the difficulty for attackers but with the use of prepared statements I believe this is no longer a problem?
What does someone do next to increase security? Is there something that can be done to secure sessions? Do sessions need securing beyond their core security built into PHP? I've become really interested in security now and would love to hear your suggestions. In the mean time I will be googling PHP web app security :P