Introduction to PHP Security

Course description

This implementation-focused course dives into the core security skills needed for the PHP platform. It provides strategies and examples for previously insecure practices in PHP.

Learning objectives

• Understand how web servers handle requests and hand them over to PHP interpreter
• Recognize that there is no sandbox with PHP, and know how to tackle those implications
• Use configuration files to control the PHP interpreter to effectively apply the most important security controls
• Properly plan for users and the filesystem to prevent command execution
• Recognize that the availability of dynamic code does not mean it can be used
• Generate strong random numbers in different versions of PHP with CSPRNG and PRNG
• Perform checks on $_FILES server-side and client-side
• Achieve and describe the concept of plane separation with PDO and other drivers
• Set up a project (i.e., code, not a server) capable of customized error handling without showing verbose error information to the user