With changes to web browsers (Chrome in particular) coming soon that will mark non-SSL (http://) websites as Not secure, now is the time to consider upgrading your site to SSL encryption. The first part is getting an SSL certificate and adding it to your hosting account. However, you also have to check through and adjust your site for optimal results.
The most common approach for adding Central Authentication Service (CAS) support to a custom stand-alone PHP application is through the phpCAS Library. As of mid 2017, the most recent version was phpCAS 1.3.5. Note: If you are using an earlier version you should upgrade as soon as possible to obtain the latest security patches.
Patch, Patch, Patch
The most important security practice for web application software is to keep up with your software patches. The more commonly used the application, the greater a chance that someone out there is looking for insecure installations to hack.
This section provides information and links to policies, checklists, and best-practices about storing and transmitting data that might be sensitive (FERPA, HIPAA, SSN, birthdates, etc).
This section has security related resources including authorization and authentication techniques, data encryption techniques, and security best practices.
SSL encryption (technically Transport Layer Security, but still commonly referenced as SSL, the acronym for its now deprecated predecessor) is a protocol for encrypting communications between a web browser and a web server. Encrypted connections (denoted by a web URL starting with 'https://') are not easily monitored by third parties unlike unencrypted connections (denoted by a web URL starting with 'http://'), where all content can be easily viewed by anyone with access to some part of the connection path.