A first step is for people to read a book like this one that outlines common security problems in web applications. And, while the solutions presented here are all PHP-based using the tools provided by PHP, most of the problems apply to any language and environment.

People should use this book to solve their PHP-based web application security problems, but they should also use this book to take a higher-level look at security everywhere in all their systems.

Cross-site scripting and SQL injection are just two examples of inadvertently exposing a subsystem to end-user data input. What other sub-systems are in your architecture? Are they appropriately protected against direct user input?

There is no security panacea here.—nobody will ever be able to provide one. The closest we will get is to try to improve the overall awareness of these issues and to provide better tools for solving them. Having a straightforward architecture that is easy to understand makes this
easier for PHP users. Having a book like this on your bookshelf makes it even easier.