Secure coding in PHP Training Course
The course provides essential skills for PHP developers necessary to make their applications resistant to contemporary attacks through the Internet. Web vulnerabilities are discussed through PHP-based examples going beyond the OWASP top ten, tackling various injection attacks, script injections, attacks against session handling of PHP, insecure direct object references, issues with file upload, and many others. PHP-related vulnerabilities are introduced grouped into the standard vulnerability types of missing or improper input validation, incorrect error and exception handling, improper use of security features and time- and state-related problems. For this latter we discuss attacks like the open_basedir circumvention, denial-of-service through magic float or the hash table collision attack. In all cases participants will get familiar with the most important techniques and functions to be used to mitigate the enlisted risks.
A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. A number of security-related extensions to PHP are introduced like hash, mcrypt and OpenSSL for cryptography, or Ctype, ext/filter and HTML Purifier for input validation. The best hardening practices are given in connection with PHP configuration (setting php.ini), Apache and the server in general. Finally, an overview is given to various security testing tools and techniques which developers and testers can use, including security scanners, penetration testing and exploit packs, sniffers, proxy servers, fuzzing tools and static source code analyzers.
Both the introduction of vulnerabilities and the configuration practices are supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to apply mitigation techniques and introducing the use of various extensions and tools.
Participants attending this course will
- Understand basic concepts of security, IT security and secure coding
- Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
- Learn client-side vulnerabilities and secure coding practices
- Have a practical understanding of cryptography
- Learn to use various security features of PHP
- Learn about typical coding mistakes and how to avoid them
- Be informed about recent vulnerabilities of the PHP framework
- Get practical knowledge in using security testing tools
- Get sources and further readings on secure coding practices
Audience
Developers
Course Outline
- IT security and secure coding
- Web application security
- Web application vulnerabilities
- Client-side security
- Client-side security
- Practical cryptography
- PHP security services
- PHP Environment
- Principles of security and secure coding
- Common coding errors and vulnerabilities
- Security testing techniques and tools
- Knowledge sources
Open Training Courses require 5+ participants.
Secure coding in PHP Training Course - Booking
Secure coding in PHP Training Course - Enquiry
Secure coding in PHP - Consultancy Enquiry
Consultancy Enquiry
Testimonials (3)
I genuinely enjoyed the real life examples.
Marios Prokopiou
Course - Secure coding in PHP
All topics were well covered and presented with a lot of examples. Ahmed was very efficient and managed to keep us focused and attracted at all times.
Kostas Bastas
Course - Secure coding in PHP
The subject of the course was very interesting and gave us many ideas.
Anastasios Manios
Course - Secure coding in PHP
Upcoming Courses
Related Courses
Test Driven Development
21 HoursThis instructor-led, live training in Guatemala (online or onsite) is aimed at intermediate-level software developers and QA engineers who wish to adopt and master TDD principles and practices to improve code quality and development efficiency.
By the end of this training, participants will be able to:
- Understand the principles and workflow of Test-Driven Development (TDD).
- Write effective and maintainable unit tests.
- Utilize mocking frameworks to create comprehensive test scenarios.
- Apply TDD as a design tool to create robust and flexible code.
PHP CodeIgniter
14 HoursThis instructor-led, live training in Guatemala (online or onsite) is aimed at web developers who wish to build web applications with CodeIgniter.
By the end of this training, participants will be able to:
- Use CRUD in CodeIgniter for refactoring API code.
- Extend CodeIgniter to consume dependencies.
- Load CodeIgniter models and views from containers.
Laravel PHP Framework
14 HoursThis instructor-led, live training in Guatemala introduces the fundamentals of Laravel and walks participants through the creation of a Laravel-based web application.
Laravel Livewire
7 HoursThis instructor-led, live training in Guatemala (online or onsite) is aimed at developers who wish to learn and use Livewire to build modern and dynamic application interfaces.
By the end of this training, participants will be able to:
- Build and test livewire components.
- Build applications using the Livewire library.
- Create dynamic components within PHP.
Laravel and Vue.js
14 HoursThis instructor-led, live training in Guatemala (online or onsite) is aimed at web developers who wish to use Laravel and Vue JS for fullstack web development.
By the end of this training, participants will be able to:
- Develop web applications with Laravel and Vue JS.
- Integrate the Laravel backend API into Vue JS.
- Deploy a Laravel application.
Unit Testing with PHPUnit
14 HoursThis instructor-led, live training in Guatemala teaches participants how to write testable code in the form of testing units to facilitate the diagnosis, isolation, and resolution of bugs. The training walks participants through the creation of a work-ready, testing environment using the PHPUnit testing framework.
By the end of this training, participants will be able to:
- Distinguish between good and bad testing units.
- Read and interpret test results.
- Proactively manage and diagnose their code base to reduce bugs.
- Ensure that their code base is fit for continuous integration and deployment.
Laravel: Middleware Development
14 HoursThis instructor-led, live training in (online or onsite) is aimed at web developers who wish to build middleware and web services in Laravel.
By the end of this training, participants will be able to:
- Use Laravel PHP Aritisan to generate code and components.
- Build RESTful APIs in Laravel that can browse, read, edit, add, and delete.
- Filter and sort results based on URL parameters using RESTful APIs.
Symfony2 - Enterprise Web Framework
21 HoursThis instructor-led, live training in Guatemala (online or onsite) is aimed at intermediate-level developers and software engineers who wish to use Symfony2 to create structured, maintainable, and scalable web applications.
By the end of this training, participants will be able to:
- Understand the philosophy and structure of the Symfony2 framework.
- Use Symfony2 components such as Doctrine, Twig, and Routing effectively.
- Build secure and testable web applications using custom bundles and REST APIs.
- Integrate Symfony2 into enterprise environments and estimate project implementation costs.
Web Development with Symfony3
28 HoursThis instructor-led, live training in Guatemala (online or onsite) is aimed at intermediate-level developers who wish to develop robust web applications using Symfony3.
By the end of this training, participants will be able to:
- Set up and configure a Symfony3 development environment.
- Build dynamic web applications using Symfony3 features and tools.
- Utilize built-in and custom services, templates, forms, and security mechanisms.
- Access databases using Doctrine ORM.
- Write automated tests and apply performance optimization techniques.
Develop Web Applications with PHP and Yii 2
14 HoursThis instructor-led, live training in Guatemala (online or onsite) is aimed at beginner-level developers who wish to build robust and maintainable web applications using Yii 2.
By the end of this training, participants will be able to:
- Install and configure Yii 2.
- Understand Yii’s MVC architecture and project structure.
- Build secure and scalable web applications using Yii 2 components.
- Work with databases, forms, and REST APIs.