Document Actions
PHP Application Security - 1 day
Illustrating the main PHP security vulnerabilities, this module can be taken on its own or as part of a larger course. It provides students with suggestions of good practices and how to structure PHP applications to avoid common pitfalls.
"The training style and information that I received from the PHP Security workshop has been invaluable. I had very little experience in security but everything was explained very clearly and then applied to practical situations that I could use in my day to day work."
Esme McGinnes, Wow Creative
PHP Application Security
Introduction
PHP has an unfortunate track record for security, mainly as a result of its low barrier to entry, and the large number of applications written in PHP. This course aims to illustrate how security should be built into an application from the start with a number of practical, hands on examples and illustrations.
Target Audience
This module is ideal for students who are new to the language, and for practicing professionals to brush up on current best practices in security.
It illustrates and explains in detail a number of PHP security flaws, including the following :
Security Topics covered
- Cross Site Scripting (XSS)
- Cross Site Request Forgery (CSRF)
- Arbitary command execution
- Data Sanitisation
- SQL Injection
- Data disclosure
- Session fixation and tampering
- Sending emails securely
- Hosting security - tips for systems administrators and considerations for choosing a web host.
- System administration and maintenance issues (how to secure a server)
- Safe Mode / Magic Quotes / Register Globals (why you shouldn't use them)
After completing this module, you will be able to analyse existing code, identify common security issues and design applications which are secure by default.
If taken as a 1:1 session, we can include a security audit of your own code.