Building Security into your PHP Applications

Description

Security is one of the most important things to keep in mind when developing web applications. Unfortunately, it is also one of the things most easy to overlook. Reviewing hundreds or thousands of lines of code may be a daunting task, but it is one that can be avoided if an application is developed with security in mind.

Benefit

Objectives After completing the course participants will be prepared to: • Incorporate standard, best practice security measures into their PHP applications. • Identify the most common types of vector attacks and how best to monitor and guard against them.

Content

1. BASIC SECURITY CONCEPTS A. What is Security B. Defense in Depth C. Basic Security Rules D. Building Secure Web Applications Guidelines 2. WHAT HAPPENS WHEN THINGS GO WRONG A. SQL InjectionAttacks B. XSS / XST Injection Attacks C. Command Injection Attacks D. Remote Code Injection Attacks E. XSRF / CSRF Attacks F. Session Attacks G. Secure File Uploads 3. OTHER COMMON SECURITY MEASURES A. Secure Configurations B. Password Security C. Sandboxes and Traps D. Tarpits E. Obscurity F. Ajax Implications G. Filtering Charsets 4. SECURITY RESOURCES, TOOLS, INFRASTUCTURE A. Security Resources and Tools B. Infrastructure and Server Security C. Database and MySQL Security D. Course Review and Project

Course

Methodology

1
Presentation
2
Discussion
3
Practice Activities
4
Case Studies

Evaluation

1
Pre test
2
Post test

Duration

5 Days

Target Audience

This course is designed for experienced PHP application developers who want to learn or be reminded of security best practices. It is also appropriate for new PHP developers who want to learn how to build security into the applications they are learning to create.This course is designed for experienced PHP application developers who want to learn or be reminded of security best practices. It is also appropriate for new PHP developers who want to learn how to build security into the applications they are learning to create.

Schedule

No Schedule