Update Security links with https

_posts/10-02-01-Web-Application-Security.md

@@ -15,4 +15,4 @@ methods to protect yourself against them. This is a must read for the security-c
 
 [1]: https://www.owasp.org/
 [2]: https://www.owasp.org/index.php/Guide_Table_of_Contents
-[3]: http://phpsecurity.readthedocs.org/en/latest/index.html
+[3]: https://phpsecurity.readthedocs.io/en/latest/index.html

_posts/10-03-01-Password-Hashing.md

@@ -51,8 +51,8 @@ if (password_verify('bad-password', $passwordHash)) {
 * [PHP `password_hash()` RFC] [4]
 
 
-[1]: http://php.net/function.password-hash
+[1]: https://secure.php.net/function.password-hash
 [2]: https://github.com/ircmaxell/password_compat
-[3]: http://en.wikipedia.org/wiki/Cryptographic_hash_function
+[3]: https://wikipedia.org/wiki/Cryptographic_hash_function
 [4]: https://wiki.php.net/rfc/password_hash
-[5]: https://en.wikipedia.org/wiki/Salt_(cryptography)
+[5]: https://wikipedia.org/wiki/Salt_(cryptography)

_posts/10-04-01-Data-Filtering.md

@@ -62,11 +62,11 @@ phone number, or age when processing a registration submission.
 [See Validation Filters][3]
 
 
-[1]: http://php.net/book.filter
+[1]: https://secure.php.net/book.filter
-[2]: http://php.net/filter.filters.sanitize
+[2]: https://secure.php.net/filter.filters.sanitize
-[3]: http://php.net/filter.filters.validate
+[3]: https://secure.php.net/filter.filters.validate
-[4]: http://php.net/function.filter-var
+[4]: https://secure.php.net/function.filter-var
-[5]: http://php.net/function.filter-input
+[5]: https://secure.php.net/function.filter-input
-[6]: http://php.net/security.filesystem.nullbytes
+[6]: https://secure.php.net/security.filesystem.nullbytes
 [html-purifier]: http://htmlpurifier.org/
-[unserialize]: https://secure.php.net/manual/en/function.unserialize.php
+[unserialize]: https://secure.php.net/manual/function.unserialize.php

_posts/10-06-01-Register-Globals.md

@@ -15,4 +15,4 @@ issues as your application cannot effectively tell where the data is coming from
 For example: `$_GET['foo']` would be available via `$foo`, which can override variables that have not been declared.
 If you are using PHP < 5.4.0 __make sure__ that `register_globals` is __off__.
 
-* [Register_globals in the PHP manual](http://php.net/security.globals)
+* [Register_globals in the PHP manual](https://secure.php.net/security.globals)

_posts/10-07-01-Error-Reporting.md

@@ -23,7 +23,7 @@ log_errors = On
 
 > Passing in the value `-1` will show every possible error, even when new levels and constants are added in future PHP
 > versions. The `E_ALL` constant also behaves this way as of PHP 5.4. -
-> [php.net](http://php.net/function.error-reporting)
+> [php.net](https://secure.php.net/function.error-reporting)
 
 The `E_STRICT` error level constant was introduced in 5.3.0 and is not part of `E_ALL`, however it became part of
 `E_ALL` in 5.4.0. What does this mean? In terms of reporting every possible error in version 5.3 it means you must
@@ -49,7 +49,7 @@ log_errors = On
 With these settings in production, errors will still be logged to the error logs for the web server, but will not be
 shown to the user. For more information on these settings, see the PHP manual:
 
-* [error_reporting](http://php.net/errorfunc.configuration#ini.error-reporting)
+* [error_reporting](https://secure.php.net/errorfunc.configuration#ini.error-reporting)
-* [display_errors](http://php.net/errorfunc.configuration#ini.display-errors)
+* [display_errors](https://secure.php.net/errorfunc.configuration#ini.display-errors)
-* [display_startup_errors](http://php.net/errorfunc.configuration#ini.display-startup-errors)
+* [display_startup_errors](https://secure.php.net/errorfunc.configuration#ini.display-startup-errors)
-* [log_errors](http://php.net/errorfunc.configuration#ini.log-errors)
+* [log_errors](https://secure.php.net/errorfunc.configuration#ini.log-errors)