I will be in a college hacker party and my team will have to protect a web site developed in PHP and mySQL. The challenge is to protect the site against SQL Injection and all other sort of attacks.
We´ll use Windows 2008, PHP 5 and mySQL. I don´t know if it´s better to use IIS or Apache because performance will not be a problem, just the security. I think use Apache in Windows could be a natural protection because the other teams will think that we´ll use IIS and try to attack some IIS vulnerability.
How is the best way (In SQL Injection we have a lot of tips to prevent) to protect this server ? We must use the college computers that will be clean on start of the challenge and we need to install and set up all the prograns (except PHP and mySQL) by ourself.