Thanks again for responding and so quickly. I really appreciate it.
I had already read up on CSRF and using CakePHPs Security Component.
I had also read ‘OWASP Top 10 Application Security Risks - 2013’ which included Injection attacks, XSS etc.
Then I wasn’t sure which of these does CakePHP provide protection against out of the box. My understanding is that if I use CakePHPs query builder then I should be protected against Injection attacks.
With security there doesn’t seem to be a clear single recommended way of securing a web application against all attacks that I could find. I guess that would be the magic bullet!
I am building a SaaS web application with a users table that I want to ensure users details are securely protected. That is the level of security I’m looking for. The other data in the web application is probably of less importance from a security perspective.
Would you think that applying CSRF protection and using SSL with my form based authentication is adequate security to protect the web application and user credentials?