Home    |    Instructor-led Training    |    Online Training     
         
 
Courses
ADA
Adobe
Agile
AJAX
Android
Apache
AutoCAD
Big Data
BlockChain
Business Analysis
Business Intelligence
Business Objects
Business Skills
C/C++/Go programming
Cisco
Citrix
Cloud Computing
COBOL
Cognos
ColdFusion
COM/COM+
CompTIA
CORBA
CRM
Crystal Reports
Data Science
Datawarehousing
DB2
Desktop Application Software
DevOps
DNS
Embedded Systems
Google Web Toolkit (GWT)
IPhone
ITIL
Java
JBoss
LDAP
Leadership Development
Lotus
Machine learning/AI
Macintosh
Mainframe programming
Mobile
MultiMedia and design
.NET
NetApp
Networking
New Manager Development
Object oriented analysis and design
OpenVMS
Oracle
Oracle VM
Perl
PHP
PostgreSQL
PowerBuilder
Professional Soft Skills Workshops
Project Management
Rational
Ruby
Sales Performance
SAP
SAS
Security
SharePoint
SOA
Software quality and tools
SQL Server
Sybase
Symantec
Telecommunications
Teradata
Tivoli
Tomcat
Unix/Linux/Solaris/AIX/
HP-UX
Unisys Mainframe
Visual Basic
Visual Foxpro
VMware
Web Development
WebLogic
WebSphere
Websphere MQ (MQSeries)
Windows programming
XML
XML Web Services
Other
Secure Coding with PHP
Course Objectives
  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn to use various security features of PHP
  • Get information about some recent vulnerabilities of the PHP framework
  • Learn about typical coding mistakes and how to avoid them
  • Get practical knowledge in using security testing tools
  • Get sources and further reading on secure coding practices
Course duration

3 Days

Course outline

1 - IT security and secure coding
  • Nature of security
  • IT security related terms
  • Definition of risk
  • Different aspects of IT security
  • Requirements of different application areas
  • IT security vs. secure coding
  • From vulnerabilities to botnets and cyber Crime
  • Classification of security flaws
2 - Web application vulnerabilities

3 - Basics of cryptography
  • Cryptosystems
  • Symmetric-key cryptography
  • Other cryptographic algorithms
  • Asymmetric (public-key) cryptography
  • Public Key Infrastructure (PKI)
4 - Client-side security
  • JavaScript security
  • Ajax security
  • HTML5 Security
5 - PHP security services
  • Cryptography extensions in PHP
  • Input validation APIs
6 - PHP Environment
  • Server configuration
  • Securing PHP configuration
  • Environment security
  • Hardening
  • Configuration management
7 - Advices and principles
  • Matt Bishop’s principles of robust programming
  • The security principles of Saltzer and Schroeder
8 - Input validation
  • Input validation concepts
  • Knowledge sources
  • Secure coding sources – a starter kit
  • Remote PHP code execution
  • MySQL validation errors – beyond SQL Injection
  • Variable scope errors in PHP
  • File uploads, spammers
  • Environment manipulation
9 - Improper use of security features
  • Problems related to the use of security features
  • Insecure randomness
  • Weak PRNGs in PHP
  • Stronger PRNGs we can use in PHP
  • Password management – stored passwords
  • Some usual password management problems
  • Storing credentials for external systems
  • Privacy violation
  • Improper error and exception handling
10 - Time and state problems
  • Concurrency and threading
  • Concurrency in PHP
  • Preventing file race condition
  • Double submit problem
  • PHP session handling
  • A PHP design flaw – open_basedir race condition
  • Database race condition
  • Denial of service possibilities
  • Hashtable collision attack
11 - Using security testing tools
  • Web vulnerability scanners
  • SQL injection tools
  • Public database
  • Google hacking
  • Proxy servers and sniffers
  • Exercise – Capturing network traffic
  • Static code analysis

Please contact your training representative for more details on having this course delivered onsite or online

Training Outlines - the one stop shopping center for IT training.
© Training Outlines All rights reserved