Date(s) - 18/11/2019( 8:00 am - 1:00 pm )
Location: Malaysia, Kuala Lumpur
Building Security into your PHP Applications
Security is paramount when developing applications for the web. Every year we hear about high profile companies losing sensitive data to intruders, and mainly compromises originate from their web presence. The best way to achieve a truly secure web application is to build that application with security in mind from the start. Join us as we investigate common mistakes and failing in web security, and teach you how to build truly secure web applications from the ground up.
What will I learn?
After completing this course, you will be prepared to incorporate standard, best practice security measures into your PHP applications. You will be able to identify the most common types of vector attacks and industry experienced vulnerabilities allowing you to monitor and fortify your application code against them.
What will I be able to achieve?
- Building truly secure web applications with confidence and aptitude.
- Ensure that your application and company avoid an embarrassing hack or data breach.
- Be sure that you understand and can mitigate the most common web security failings, and understand why “Security First” is the best possible way to code.
This course is designed for intermediate to experienced PHP application developers who are looking to enhance their skills and be able to learn or implement security best practices. It is also appropriate for intermediate PHP and professional developers who are interested in studying early on how to build security into the applications as part of their learning process.
Basic to advanced knowledge of PHP 5 is recommended including experience developing PHP 5 applications.
This online class provides instructor-led 25 hour long lectures coupled with practical examples and student exercises. You will be given a participant course guide, to help you follow along with the lectures and exercises, as well as the solution code to the security practice application. You will also be granted access to the recorded sessions for thirty days after your class ends, so that you have time to review the materials at your own pace. This class can be also delivered by an instructor on site.
What is Security
Defense in Depth
Basic Security Rules
Building Secure Web Applications Guidelines
Open Web Application Security Project (OWASP)
Web Application Exploits
Cross-site forgeries (CSRF)
Broken Authentication and Session Management
Insecure Direct Object References
Insufficient Cryptographic Storage
Missing Function-Level Access Control
Using Components with Known Vulnerabilities
Invalidated Redirects and Forwards
Hermetic Filtering/Validation/Escaping Techniques
Handling Asynchronous Web Calls (AJAX)
Lock down Database Security
Employing Access Controls and Handling Account Lockouts (ACL)
White Listing Techniques
Using an API Framework (Apigility)
Creating a Standard Review Process
Captchas, Tokens and Session Managment
Cryptographic Storage Techniques
Securing File Uploads
Web Server Security
Additional Learning Resources
- 35% Lectures & Theories
- 40% Workshops, Assessments, Group Work & Exercises
- 20% Role Play & Case Studies
- 05% Videos
- Pre-Test and Post Test
- Test Results Sheet
- Trainee Performance Analysis Reports
- Case Studies
- Group Discussions
- Group & Individual exercise
- Intensive Workshop by using templates, Diagrams & Charts
- Planning Activities
- Self Assessments
- Combine case studies, and analysis of real world examples
- Action plan