Security is a very important aspect of web applications. In order to protect sensitive data we should use cryptography. But cryptography means security? Absolutely not, especially if developers do not,especially if developers do not use it properly. In this talk I would like to present some best practices in PHP to implement secure cryptography using the extensions mcrypt, Hash and OpenSSL.