Introduction to PHP Security

Course Description

This implementation-focused course dives into core security skills needed for the PHP platform. It provides strategies and examples for previously insecure practices in PHP.

Course Themes

  • Common approaches to PHP security
  • File system usage 
  • Request handling
  • Error handling

Learning Objectives

  • Explain how web servers handle requests and transfer them to the PHP interpreter.
  • Recognize that there is no sandbox with PHP, and tackle those implications.
  • Use configuration files to control the PHP interpreter and apply important security controls effectively.
  • Prevent command executions by properly planning for users and the file system.
  • Recognize that the availability of dynamic code does not mean it can be used.
  • Generate strong random numbers in different versions of PHP with CSPRNG and PRNG.
  • Perform checks on $_FILES server side and client side.
  • Describe and practice plane separation with PDO and other drivers.
  • Set up a project (i.e., code, not a server) capable of customized error handling without verbose error information.

Details

Delivery Format: eLearning

Duration: 1 Hour

Level: Intermediate

Intended Audience:

  • Back-End Developers
  • Front-End Developers
  • Enterprise Developers
  • Architects
  • QA Engineers

Competencies: Familiarity with MySQL, Apache, and Nginx

Prerequisites: 

Get more course information


250 / 250