PHP (PHP: Hypertext Preprocessor) is a powerful and versatile programming language, frequently used in web applications. Building secure PHP apps requires both the platform configuration and secure coding practices. This course is a hands-on, lab-based course which presents risks and solutions and invites the student to edit some sample code to mitigate example risks. Students learn and practice both platform configuration (e.g., php. ini issues) and code-level techniques to find and fix security vulnerabilities in sample code.
This course covers platform features and specifics that can potentially introduce risks like unsafe PHP configuration, null-byte issues, dangerous APIs, cryptography, and dynamic file inclusion issues. After securing the platform, the course teaches standard PHP defensive programming techniques. Topics include safe file system access, session management, authentication, input validation/output encoding, cross-site request forgery, transport security, and injection attacks. For each of these concepts, the course covers common mistakes, subtle semantics that can surprise the unwary, and correct ways to invoke the right APIs. Students leave with a solid understanding of the fundamentals of building secure PHP applications.
After successfully completing this course, the student will be able to:
Delivery Format: Live traditional or virtual classroom
Class Duration: 8 hours
Intended Audience: Developer