Home    |    Instructor-led Training    |    Online Training
	Courses ADA Adobe Agile AJAX Android Apache AutoCAD Big Data BlockChain Business Analysis Business Intelligence Business Objects Business Skills C/C++/Go programming Cisco Citrix Cloud Computing COBOL Cognos ColdFusion COM/COM+ CompTIA CORBA CRM Crystal Reports Data Science Datawarehousing DB2 Desktop Application Software DevOps DNS Embedded Systems Google Web Toolkit (GWT) IPhone ITIL Java JBoss LDAP Leadership Development Lotus Machine learning/AI Macintosh Mainframe programming Mobile MultiMedia and design .NET NetApp Networking New Manager Development Object oriented analysis and design OpenVMS Oracle Oracle VM Perl PHP PostgreSQL PowerBuilder Professional Soft Skills Workshops Project Management Python Rational Ruby Sales Performance SAP SAS Security SharePoint SOA Software quality and tools SQL Server Sybase Symantec Telecommunications Teradata Tivoli Tomcat Unix/Linux/Solaris/AIX/ HP-UX Unisys Mainframe Visual Basic Visual Foxpro VMware Web Development WebLogic WebSphere Websphere MQ (MQSeries) Windows programming XML XML Web Services Other Secure Coding with PHP Course Objectives Understand basic concepts of security, IT security and secure coding Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them Learn to use various security features of PHP Get information about some recent vulnerabilities of the PHP framework Learn about typical coding mistakes and how to avoid them Get practical knowledge in using security testing tools Get sources and further reading on secure coding practices Course duration 3 Days Course outline 1 - IT security and secure coding Nature of security IT security related terms Definition of risk Different aspects of IT security Requirements of different application areas IT security vs. secure coding From vulnerabilities to botnets and cyber Crime Classification of security flaws 2 - Web application vulnerabilities 3 - Basics of cryptography Cryptosystems Symmetric-key cryptography Other cryptographic algorithms Asymmetric (public-key) cryptography Public Key Infrastructure (PKI) 4 - Client-side security JavaScript security Ajax security HTML5 Security 5 - PHP security services Cryptography extensions in PHP Input validation APIs 6 - PHP Environment Server configuration Securing PHP configuration Environment security Hardening Configuration management 7 - Advices and principles Matt Bishop’s principles of robust programming The security principles of Saltzer and Schroeder 8 - Input validation Input validation concepts Knowledge sources Secure coding sources – a starter kit Remote PHP code execution MySQL validation errors – beyond SQL Injection Variable scope errors in PHP File uploads, spammers Environment manipulation 9 - Improper use of security features Problems related to the use of security features Insecure randomness Weak PRNGs in PHP Stronger PRNGs we can use in PHP Password management – stored passwords Some usual password management problems Storing credentials for external systems Privacy violation Improper error and exception handling 10 - Time and state problems Concurrency and threading Concurrency in PHP Preventing file race condition Double submit problem PHP session handling A PHP design flaw – open_basedir race condition Database race condition Denial of service possibilities Hashtable collision attack 11 - Using security testing tools Web vulnerability scanners SQL injection tools Public database Google hacking Proxy servers and sniffers Exercise – Capturing network traffic Static code analysis Please contact your training representative for more details on having this course delivered onsite or online Training Outlines - the one stop shopping center for IT training. © Training Outlines All rights reserved