Most vulnerabilities are the result of bad coding habits or lack of PHP application security awareness among developers. The primary cause is the fact that user input is treated as trusted.

When you write code, you must apply two key procedures: validation and sanitization. If you implement both these procedures for user data, you ensure that what is processed and executed is valid and meets specified criteria. You must also ensure that the HTML output data is escaped so that no malicious code is executed in case an attacker injected it into the content. If you follow certain simple and basic procedures for every web page, you significantly minimize the possibility of being exposed to a critical security issue.

In this tutorial iam talking about PHP direct access, CSRF "Cross site request forgery" , Redirect Bug and DOS "Denial of service" attacks.