Security Training: Writing Secure PHP Web Applications training course Training Course JBI Training JB International London UK onsite custom public

Print this Download course (pdf/doc)

I need more information

If you would like to speak to a member of our specialist team, please feel free to call our freephone number or email us directly:

0800 028 6400

enquiries@jbinternational.co.uk

Quote me | Enrol me

Writing Secure PHP Web Applications Training Course Dates and full course list

Course code:	SECPHP
Details:
Onsite	Enquire about bringing this course to your offices
Who should attend:	Developers who wish to know how to develop secure PHP web applications.
Prerequisite skills:	Delegates should have practical experience of writing web applications in PHP

Clients who have attended this course include

Course testimonial

Good instructor, with in depth skills...Very relevant practicals allowed me to put theory into practice

JR, Senior Developer, BBC

PHP, 2011

Course Outline

This two day PHP Security course will provide delegates with a solid understanding of the issues facing web application developers using PHP. Some aspects covered are generic to all web developers – while others are PHP specific. The vast majority of flaws within PHP applications are due to design or implementation details - or programmer error. Flaws found in PHP applications are often no different to those which are in other web facing languages, although there are a few cases where historical releases of PHP have tried to sprinkle magic on the issue, and failed (for example the now deprecated magic quotes and register globals).

Course Content

Our hands-on PHP Security training course has been developed for real-world, commercial scenarios by our expert instructors. See below for detailed syllabus, or if you have a technical question, please email sales@jbinternational.co.uk

What you will learn

1. Understanding the importance of Secure applications
2. Avenues of attack
3. Common coding mistakes
4. Refactoring code to solve / prevent threats
5. Security best practices

Writing Secure PHP Web Applications

High-level overview of Web Security

Review of HTTP and web technologies
Introduction to common PHP Security flaws
What do the 'enemy' want?

Main focus: Web Application Specifics

Input validation and sanitisation
Authentication
Session hijacking
Cross-site scripting (XSS)
Cross-site request forgery (CSRF)
HTTP response splitting
Cryptography and protecting sensitive data
SQL Injection attacks
Privilege escalation
PHP Error display and logging
Best practices for storing configuration details
How the User Interface can make a difference
Sending Email Safely with PHP
Running Shell Code Safely with PHP
Magic Quotes and Register Globals
Suggestions for Developers and System Administrators

Testing Web Applications

Using 'sqlmap' to identify SQL Injection vulnerabilities
Using MySQL Proxy and/or GreenSQL
Effective Auditing and Logging with the Zend Framework

TRUSTED IT TRAINING - SINCE 1995

RELEVANT COURSE CONTENT

EXPERT TUITION - SMALL CLASSES

ONSITE & CUSTOMISED COURSES