Advanced Security

Defending PHP

Course Learning Objectives

  • Recognize insecure coding practices from web applications vulnerabilities found in the OWASP Top 10
  • Implement defensive coding techniques in PHP5 and learn about common frameworks and tools to help support secure coding in PHP


Understand PHP5 vulnerabilities common to the OWASP top 10, and see how these vulnerabilities affect PHP web applications. Students will learn to define and identify secure code, differentiate between secure coding methods, employ secure code in practice, and design and judge effectiveness of secure coding practices. This course will build upon high-level concepts in the OWASP Top 10 by deep diving into each concept from a developerÕs perspective and demonstrating insecure vs. secure code.


PHP developers / PHP architects

Time Required

Tailored learning - 60 minutes total

Course Outline

  1. Defending SQL injection
    • Common pitfalls in PHP
    • Query with bind parameters
    • MySQL
    • PHP data objects
  2. Defending cross-site scripting
    • Common pitfalls in PHP
    • Whitelisting
    • Output re-encoding in PHP
    • HTTP Only in PHP
  3. Defending session hijacking
    • Common pitfalls in PHP
    • SSL encryption
    • Shorter session timeouts
  4. Defending parameter manipulation
    • Common pitfalls in PHP
    • Security logic
    • Regular expressions
    • Centralized validation
  5. Defending insecure storage
    • Common pitfalls in PHP
    • MCrypt library
    • Hashing
    • Storing passwords with Bcrypt
  6. Defending forced browsing
    • Common pitfalls in PHP
    • Access controls
    • Programmed authorization
  7. Defending cross-site request forgery
    • Common pitfalls in PHP
    • Best practices
    • Anti-CSRF tokens
  8. Defending unchecked redirects
    • Common pitfalls in PHP
    • PHP header redirects
    • Indirect object mapping
  9. + Expand Course Outline

$200.00 *prices shown in USD Add to Cart or Subscribe your team