Good post — with accompanying code — on PHP.Watch on how to tighten the almighty curl:
- Limit Curl Protocols
- Do not enable automatic redirects unless absolutely necessary
- If redirects are enabled enabled, limit allowed protocols (if different from #1 above)
- If redirects are enabled, set a strict limit
- Set a strict time-out
- Do not disable certification validation, or enforce it
- Disable insecure SSL and TLS versions