Study any time, from any device.

Secure Coding in PHP Training

​Infosec’s Secure Coding in PHP 3-day Intense Course provides essential skills for PHP developers necessary to make their applications resistant to contemporary attacks through the Internet with emphasis on security issues of JavaScript, Ajax, and HTML5.

Learn secure PHP coding

Boot camp overview

Infosec’s Secure Coding in PHP Course discusses Web vulnerabilities through PHP-based examples going beyond the OWASP top ten, tackling various injection attacks, script injections, attacks against session handling of PHP, insecure direct object references, issues with file upload, and many others. PHP-related vulnerabilities are introduced grouped into the standard vulnerability types of missing or improper input validation, incorrect error and exception handling, improper use of security features and time- and state-related problems. For this latter we discuss attacks like the open_basedir circumvention, denial-of-service through magic float or the hash table collision attack. In all cases participants will get familiar with the most important techniques and functions to be used to mitigate the enlisted risks.

A special focus is given to client-side security tackling security issues of JavaScript, Ajax and HTML5. A number of security-related extensions to PHP are introduced like hash, mcrypt and OpenSSL for cryptography, or Ctype, ext/filter and HTML Purifier for input validation. Hardening best practices are given in connection with PHP configuration (setting php.ini), Apache and the server in general. Finally, an overview is given to various security testing tools and techniques which developers and testers can use, including security scanners, penetration testing and exploit packs, sniffers, proxy servers, fuzzing tools and static source code analyzers. Both the introduction of vulnerabilities and the configuration practices are supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to apply mitigation techniques and introducing the use of various extensions and tools

Skill up and get certified, guaranteed

100% Satisfaction Guarantee

If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different Flex Pro or Flex Classroom course.

Knowledge Transfer Guarantee

If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.

Course objectives

Infosec’s Secure Coding in PHP Course offers you three (3) days of training with a real PHP Security expert. Our experts have extensive PHP development experience as well as years of experience performing security code reviews. Participants in our Secure Coding in PHP Course will:

  • Understand basic concepts of security, IT security and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn to use various security features of PHP
  • Get information about some recent vulnerabilities of the PHP framework
  • Learn about typical coding mistakes and how to avoid them
  • Get practical knowledge in using security testing tools
  • Get sources and further reading on secure coding practices

Who should attend

  • PHP developers
  • Managers, architects and technologists involved in PHP
  • Anyone interested in learning more about secure PHP coding

Award-winning training that you can trust

G2 Crowd High Performer

Technical Skills Development Software

Outstanding Partnership Award

Gold Winner

Best Cybersecurity Education Provider

Publisher's Choice

Security Training for Infosec Professionals

Top 20 Company

IT Training

Why choose Infosec

Your flexible learning experience

Infosec Flex makes expert, live instruction convenient with online and in-person formats tailored to how, when and where you learn best.

Public training boot camps held nationwide

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Catered lunches
  • Infosec community forum access
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Most Popular

Immersive, live-streamed instruction

  • Pre-study course materials
  • Live instruction
  • Digital courseware
  • Daily reinforcement materials
  • Detailed performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee




Tailored team training at your location

  • Pre-study course materials
  • Live, customized instruction at your location
  • Digital courseware
  • Daily reinforcement materials
  • Detailed team performance reporting
  • Video replays
  • 90-day extended access to materials
  • Infosec community forum access
  • Exam Pass Guarantee
  • 100% Satisfaction Guarantee
  • Knowledge Transfer Guarantee

Can’t get away for a week?

Learn secure coding on-demand.

Get the cybersecurity training you need at a pace that fits your schedule with a subscription to Infosec Skills. Includes unlimited access to hundreds of additional on-demand courses — plus cloud-hosted cyber ranges where you can practice and apply knowledge in real-world scenarios — all for just $34 a month!

  • 300+ courses
  • 4 cyber range environments
  • 100+ hands-on labs
  • Certification practice exams
  • 40+ learning paths

You're in good company.

"I’ve taken five boot camps with Infosec and all my instructors have been great."

Jeffrey Coa

Information Security Systems Officer

"The course not only met my expectations, but exceeded them. It was the most engaging online training I’ve ever had."

Val Vask

Commercial Technical Lead

"I knew Infosec could tell me what to expect on the exam and what topics to focus on most."

Julian Tang

Chief Information Officer

Our clients

Bank of America
Defense Information Systems Agency

Find your boot camp

Secure Coding in PHP Boot Camp details

During the Three (3) Day program, our instructors give you 110% of their time and dedication to ensure that your time is well spent. You will receive an all-inclusive immersion experience by receiving your hotel stay and most meals during your training experience; therefore you eat, sleep and train at the learning facility with no distractions! Session content is organized into the following Modules:

  • IT security and secure coding
    • Nature of security
    • IT security related terms
    • Definition of risk
    • Different aspects of IT security
    • Requirements of different application areas
    • IT security vs. secure coding
    • From vulnerabilities to botnets and cyber crime
    • Classification of security flaws o Classification of security flaws
  • Web Application Vulnerabilities
  • Basics of Cryptography
    • Cryptosystems
    • Symmetric-key cryptography
    • Other cryptographic algorithms
    • Asymmetric (public-key) cryptography
    • Public Key Infrastructure (PKI)
  • Client-side Security
    • Javascript security
    • AJAX security
    • HTML5 security
  • PHP Security Services
    • Cryptography extensions in PHP
    • Input validation APIs
  • PHP Environment
    • ​Server Configuration
    • Securing PHP configuration
    • Environment security
    • Hardening
    • Configuration management
  • Advice and Principles
    • Matt Bishop’s principles of robust programming
    • The security principles of Saltzer and Schroeder
  • Input validation
    • Input validation concepts
    • Remote PHP code execution
    • MySQL validation errors – beyond SQL Injection
    • Variable scope errors in PHP
    • File uploads, spammers
    • Environment manupulation
  • Improper use of security features
    • ​Problems related to the use of security features
    • Insecure randomness
    • Weak PRNGs in PHP
    • Stronger PRNGs we can use in PHP
    • Password management – stored passwords
    • Some usual password management problems
    • Storing credentials for external systems
    • Privacy violation
    • Improper error and exception handling
    • Classification of security flaws
  • Time and State problems
    • Concurrency and threading
    • Concurrency in PHP
    • Preventing file race condition
    • Double submit problem
    • PHP session handling
    • A PHP design flaw – open_basedir race condition
    • Database race condition
    • Denial of service possibilities
    • Hashtable collision attack
    • Classification of security flaws
  • Using Security Testing Tools
    • Web vulnerability scanners
    • SQL injection tools
    • Public database
    • Google hacking
    • Proxy servers and sniffers
    • Exercise – Capturing network traffic o Static code analysis