Update Security links with https

_posts/10-02-01-Web-Application-Security.md

@@ -15,4 +15,4 @@ methods to protect yourself against them. This is a must read for the security-c
 
 [1]: https://www.owasp.org/
 [2]: https://www.owasp.org/index.php/Guide_Table_of_Contents
-[3]: http://phpsecurity.readthedocs.org/en/latest/index.html
+[3]: https://phpsecurity.readthedocs.io/en/latest/index.html

_posts/10-03-01-Password-Hashing.md

@@ -12,13 +12,13 @@ It is important that you properly [_hash_][3] passwords before storing them. Pas
 one-way function performed against the user's password. This produces a fixed-length string that cannot be feasibly
 reversed. This means you can compare a hash against another to determine if they both came from the same source string,
 but you cannot determine the original string. If passwords are not hashed and your database is accessed by an
-unauthorized third-party, all user accounts are now compromised. 
+unauthorized third-party, all user accounts are now compromised.
 
 Passwords should also be individually [_salted_][5] by adding a random string to each password before hashing. This prevents dictionary attacks and the use of "rainbow tables" (a reverse list of crytographic hashes for common passwords.)
 
-Hashing and salting are vital as often users use the same password for multiple services and password quality can be poor. 
+Hashing and salting are vital as often users use the same password for multiple services and password quality can be poor.
 
-Fortunately, nowadays PHP makes this easy. 
+Fortunately, nowadays PHP makes this easy.
 
 **Hashing passwords with `password_hash`**
 
@@ -40,9 +40,9 @@ if (password_verify('bad-password', $passwordHash)) {
 } else {
     // Wrong password
 }
-{% endhighlight %}  
+{% endhighlight %}
 
-`password_hash()` takes care of password salting for you. The salt is stored, along with the algorithm and "cost", as part of the hash.  `password_verify()` extracts this to determine how to check the password, so you don't need a separate database field to store your salts. 
+`password_hash()` takes care of password salting for you. The salt is stored, along with the algorithm and "cost", as part of the hash.  `password_verify()` extracts this to determine how to check the password, so you don't need a separate database field to store your salts.
 
 * [Learn about `password_hash()`] [1]
 * [`password_compat` for PHP >= 5.3.7 && < 5.5] [2]
@@ -51,8 +51,8 @@ if (password_verify('bad-password', $passwordHash)) {
 * [PHP `password_hash()` RFC] [4]
 
 
-[1]: http://php.net/function.password-hash
+[1]: https://secure.php.net/function.password-hash
 [2]: https://github.com/ircmaxell/password_compat
-[3]: http://en.wikipedia.org/wiki/Cryptographic_hash_function
+[3]: https://wikipedia.org/wiki/Cryptographic_hash_function
 [4]: https://wiki.php.net/rfc/password_hash
-[5]: https://en.wikipedia.org/wiki/Salt_(cryptography)
+[5]: https://wikipedia.org/wiki/Salt_(cryptography)

_posts/10-04-01-Data-Filtering.md

@@ -62,11 +62,11 @@ phone number, or age when processing a registration submission.
 [See Validation Filters][3]
 
 
-[1]: http://php.net/book.filter
-[2]: http://php.net/filter.filters.sanitize
-[3]: http://php.net/filter.filters.validate
-[4]: http://php.net/function.filter-var
-[5]: http://php.net/function.filter-input
-[6]: http://php.net/security.filesystem.nullbytes
+[1]: https://secure.php.net/book.filter
+[2]: https://secure.php.net/filter.filters.sanitize
+[3]: https://secure.php.net/filter.filters.validate
+[4]: https://secure.php.net/function.filter-var
+[5]: https://secure.php.net/function.filter-input
+[6]: https://secure.php.net/security.filesystem.nullbytes
 [html-purifier]: http://htmlpurifier.org/
-[unserialize]: https://secure.php.net/manual/en/function.unserialize.php
+[unserialize]: https://secure.php.net/manual/function.unserialize.php

_posts/10-06-01-Register-Globals.md

@@ -15,4 +15,4 @@ issues as your application cannot effectively tell where the data is coming from
 For example: `$_GET['foo']` would be available via `$foo`, which can override variables that have not been declared.
 If you are using PHP < 5.4.0 __make sure__ that `register_globals` is __off__.
 
-* [Register_globals in the PHP manual](http://php.net/security.globals)
+* [Register_globals in the PHP manual](https://secure.php.net/security.globals)

_posts/10-07-01-Error-Reporting.md

@@ -23,7 +23,7 @@ log_errors = On
 
 > Passing in the value `-1` will show every possible error, even when new levels and constants are added in future PHP
 > versions. The `E_ALL` constant also behaves this way as of PHP 5.4. -
-> [php.net](http://php.net/function.error-reporting)
+> [php.net](https://secure.php.net/function.error-reporting)
 
 The `E_STRICT` error level constant was introduced in 5.3.0 and is not part of `E_ALL`, however it became part of
 `E_ALL` in 5.4.0. What does this mean? In terms of reporting every possible error in version 5.3 it means you must
@@ -49,7 +49,7 @@ log_errors = On
 With these settings in production, errors will still be logged to the error logs for the web server, but will not be
 shown to the user. For more information on these settings, see the PHP manual:
 
-* [error_reporting](http://php.net/errorfunc.configuration#ini.error-reporting)
-* [display_errors](http://php.net/errorfunc.configuration#ini.display-errors)
-* [display_startup_errors](http://php.net/errorfunc.configuration#ini.display-startup-errors)
-* [log_errors](http://php.net/errorfunc.configuration#ini.log-errors)
+* [error_reporting](https://secure.php.net/errorfunc.configuration#ini.error-reporting)
+* [display_errors](https://secure.php.net/errorfunc.configuration#ini.display-errors)
+* [display_startup_errors](https://secure.php.net/errorfunc.configuration#ini.display-startup-errors)
+* [log_errors](https://secure.php.net/errorfunc.configuration#ini.log-errors)