Defensive Programming for PHP Security

Course Description

Defensive Programming for PHP Security takes your security journey and turns it up to 11! Over 10 fast-paced modules, we journey through how to design, build, or integrate with frameworks and native PHP functionality to secure applications.

If you’re a lead developer or a developer with a strong interest in security, or you need to resolve threat models or secure code reviews or prepare penetration test reports, this course will provide you the knowledge and skills required to protect data and applications from attack.

Course Themes

  • Base configuration of Apache and NGINX
  • Using modern frameworks
  • Password handling and SSO
  • Input validation and output encoding
  • Error and log handling

Learning Objectives

  • Authenticate users, including using modern JSON Web Token single sign-on (JWT SSO), and integrate with two-factor authentication.
  • Store sensitive state securely on the server.
  • Build and enforce access control policies, including implementing role-based access control and capability-based access control (used heavily in mobile applications).
  • Implement a full range of input validation and output encoding to avoid common pitfalls such as cross-site scripting (XSS), DOM-based XSS, and SQL injection.
  • Design and implement secure storage of sensitive data.
  • Configure PHP securely.


Delivery Format: eLearning

Duration: 75 Minutes

Level: Intermediate

Intended Audience:

  • Back-End Developers
  • Front-End Developers
  • Architects

Competencies: Working knowledge of Zend or Symfony framework is helpful but not required


Get more course information

250 / 250

More courses you might like