PHP Secure Programming

  • Print

 

Course Overview

PHP as a programming language is easy to learn and easy to use. This is also the reason for its popularity. Unfortunately, PHP does not only make it easy to write applications, it also comes with certain features that make it easy to write insecure code. This course gives guidelines on how to avoid dangerous language constructs and features. Moreover, it gives instructions on how to perform proper security checks that help to defend against common attacks. Each section deals with a specific security problem or function group and is accompanied by a list of recommendations. These recommendations can be used as a checklist during the development phase and for security assessments.

 

Download Brochurepdf-logo 
 

Prerequisites

Have knowledge and/or experience in HTML, SQL, and PHP programming.

 

PHP Security – Schedule

Day 1

09.00am – 10.00am

Overview

  • What is PHP security?
  • Basic steps
  • Register globals
10.00am – 10.30am

Breakfast

10.30am – 01.00pm

Security Principles

  • Defense in depth
  • Least privilege
  • Simple is beautiful
  • Minimum Exposure

01.00pm – 02.00pm

Lunch

02.00pm – 05.00pm

Security Practices

  • Balance risk & usability
  • Track data
  • Filter input
  • Escape output

Forms & URLs

  • Forms & data
  • Semantic URL attacks
  • File upload attacks
  • Cross-site scripting
  • Cross-site Request Forgeries
  • Spoofed form submissions
  • Spoofed HTTP requests

Day 2

09.00am – 10.00am

Database & SQL

  • Exposed access credentials
  • SQL Injection
  • Exposed data

10.00am – 10.30am

Breakfast

10.30am – 01.00pm

Sessions and Cookies

  • Cookie theft
  • Exposed Session data
  • Session fixation
  • Session hijacking

01.00pm – 02.00pm

Lunch

02.00pm – 05.00pm

Include Files

  • Exposed source code
  • Backdoor URLs
  • Filename manipulation
  • Code injection

Files & Commands

  • Travesing the filesystem
  • Remote file risks
  • Command injection

                                                                        Day 3

09.00am – 10.00am

Authentication and Authorization

  • Brute force attacks
  • Password sniffing
  • Reply attacks
  • Persistent Logins

10.00am – 10.30am

Breakfast

10.30am – 01.00pm

Secure operations

  • Captcha
  • Input validations

01.00pm – 02.00pm

Lunch

02.00pm – 05.00pm

Secure Environment

  • mod_security
  • Suhosin
  • Intrusion detection system