- Silicon Design & Verification
- Silicon IP
- Software Integrity
- About Us
- Silicon Design & Verification Products
- Solutions
- Resources
- Services
- Community
- Training
- Silicon IP Products
- Solutions
- Resources
- Services
- Community
- Software Integrity
- Services
- Solutions
- Resources
- Training and Education
- Support
- About Us
< Silicon Design & Verification Products
< Silicon Design & Verification Products
< Silicon Design & Verification Products
< Silicon Design & Verification Products
3D Model Generation
Simpleware Products
Simpleware for Life Sciences
Simpleware for Materials & Manufacturing
< Silicon Design & Verification Products
< Silicon Design & Verification Products
< overview
Silicon Design & Verification Products
+
Design
+
System Simulation & Modeling
+
Verification Continuum
+
3D Model Generation
+
Silicon Engineering
+
Optical Solutions
< Solutions
< Solutions
< Solutions
< Resources
< Resources
< Resources
< overview
< Services
< Services
< Services
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Community
< Community
< Community
< overview
Community
+
Community
+
SNUG
+
Partners
+
EmbARC.org
+
Interoperability
+
Academic Programs
+
Company Blogs
+
BSIMM
< Training
< overview
< main menu
< Silicon IP Products
< Silicon IP Products
Memories & Libraries
Logic Libraries
Memory Compliers
Duet Packages
HPC Design Kit
Embedded Test & Repair
Non-Volatile Memory
< Silicon IP Products
< Silicon IP Products
Processor Solutions
ARC Processors
Embedded Vision Processors
Development Tools
Operating Systems
Ecosystem
ASIP Tools
< Silicon IP Products
< Silicon IP Products
< Silicon IP Products
< Silicon IP Products
< Silicon IP Products
< overview
Silicon IP Products
+
Interface IP
+
Memories & Libraries
+
Analog IP
+
Processor Solutions
+
IP Subsystems
+
Security IP
+
Market Segments
+
IP Accelerated
+
SoC Infrastructure IP
< Solutions
< Resources
< Services
< Services
< Services
< Community
Community
Community Overview
< Community
< Community
< Community
< Community
< Community
< Community
< Community
< overview
Community
+
Community
+
SNUG
+
Partners
+
EmbARC.org
+
Interoperability
+
Academic Programs
+
Company Blogs
+
BSIMM
< Software Integrity
< Software Integrity
< Services
< Services
Program Development & Design
BSIMM Maturity Model
Maturity Action Plan (MAP)
Policies & Standards
Metrics
Software Security-in-a-Box
< Solutions
< Solutions
< Resources
< Resources
Listen
Podcasts
< Training and Education
Product Education
< Support
< Support
Contact Support
< main menu
< About Us
< About Us
< About Us
< About Us
< About Us
< About Us
Introduction to PHP Security
Course Description
This implementation-focused course dives into core security skills needed for the PHP platform. It provides strategies and examples for previously insecure practices in PHP.
Course Themes
- Common approaches to PHP security
- File system usage
- Request handling
- Error handling
Learning Objectives
- Explain how web servers handle requests and transfer them to the PHP interpreter.
- Recognize that there is no sandbox with PHP, and tackle those implications.
- Use configuration files to control the PHP interpreter and apply important security controls effectively.
- Prevent command executions by properly planning for users and the file system.
- Recognize that the availability of dynamic code does not mean it can be used.
- Generate strong random numbers in different versions of PHP with CSPRNG and PRNG.
- Perform checks on $_FILES server side and client side.
- Describe and practice plane separation with PDO and other drivers.
- Set up a project (i.e., code, not a server) capable of customized error handling without verbose error information.
Details
Delivery Format: eLearning
Duration: 1 Hour
Level: Intermediate
Intended Audience:
- Back-End Developers
- Front-End Developers
- Enterprise Developers
- Architects
- QA Engineers
Competencies: Familiarity with MySQL, Apache, and Nginx
Prerequisites: