Secure Coding in PHP Training Boot Camp

Learn how to make PHP applications resistant to attacks from security issues around JavaScript, Ajax and HTML5. This boot camp is designed for PHP developers that require effective, real-world, secure programming skills they can implement immediately at the workplace.

View Pricing

Learn secure PHP

Three days of expert, live Secure Coding for PHP training
100% Satisfaction Guarantee
Free annual Infosec Skills subscription ($299 value!)
1-year access to all boot camp video replays and materials
Hands-on cyber ranges and labs
Knowledge Transfer Guarantee

Training overview

This comprehensive three-day Secure Coding for PHP Boot Camp discusses web vulnerabilities through PHP-based examples. You’ll learn concepts beyond the OWASP Top Ten, tackling various injection attacks, script injections, attacks against session handling of PHP, insecure direct object references, issues with file upload and many others.

Both the introduction of vulnerabilities and the configuration practices are supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to apply mitigation techniques and introducing the use of various extensions and tools.

What you’ll learn

This boot camp teaches you how poor security practices leave applications open to attack and how to implement the necessary tools, techniques and best practices to write code in a secure manner. It will help develop your knowledge and skills around:

Basic concepts of security, IT security and secure coding
Web vulnerabilities beyond the OWASP Top Ten and know how to avoid them
Various security features of PHP
Recent vulnerabilities of the PHP framework
Typical coding mistakes and how to avoid them
Using security testing tools

Who should attend

PHP developers
Managers, architects and technologists involved in PHP
Anyone interested in learning more about secure PHP coding

Prerequisites

Basic to advanced knowledge of PHP, including experience developing PHP applications, as well as familiarity with Apache, MySQL and SQL.

Everything you need to learn secure PHP

Three days of expert, live Secure Coding for PHP training
100% Satisfaction Guarantee
Free annual Infosec Skills subscription ($299 value!)
1-year access to all boot camp video replays and materials
Hands-on cyber ranges and labs
Knowledge Transfer Guarantee

View Pricing

PHP training schedule

Infosec’s PHP training is more than just a boot camp. We support you before, during and after your live training to ensure you’re fully prepared.

Before your boot camp
- Start learning now. You’ll get immediate access to all the content in Infosec Skills the moment you enroll. Prepare for your live boot camp, uncover your knowledge gaps and maximize your training experience.
During your boot camp
- IT security and secure coding
  
  Nature of security
  
  IT security related terms
  
  Definition of risk
  
  Different aspects of IT security
  
  Requirements of different application areas
  
  IT security vs. secure coding
  
  From vulnerabilities to botnets and cybercrime
  
  Classification of security flaws
  
  Web application vulnerabilities
  
  Basics of cryptography
  
  Cryptosystems
  
  Symmetric-key cryptography
  
  Other cryptographic algorithms
  
  Asymmetric (public-key) cryptography
  
  Public Key Infrastructure (PKI)
  
  Client-side security
  
  JavaScript security
  
  AJAX security
  
  HTML5 security
  
  PHP security services
  
  Cryptography extensions in PHP
  
  Input validation APIs
  
  PHP environment
  
  Server configuration
  
  Securing PHP configuration
  
  Environment security
  
  Hardening
  
  Configuration management
  
  Advice and principles
  
  Matt Bishop’s principles of robust programming
  
  The security principles of Saltzer and Schroeder
  
  Input validation
  
  Input validation concepts
  
  Remote PHP code execution
  
  MySQL validation errors – beyond SQL Injection
  
  Variable scope errors in PHP
  
  File uploads, spammers
  
  Environment manipulation
  
  Improper use of security features
  
  Problems related to the use of security features
  
  Insecure randomness
  
  Weak PRNGs in PHP
  
  Stronger PRNGs we can use in PHP
  
  Password management – stored passwords
  
  Some usual password management problems
  
  Storing credentials for external systems
  
  Privacy violation
  
  Improper error and exception handling
  
  Classification of security flaws
  
  Time and state problems
  
  Concurrency and threading
  
  Concurrency in PHP
  
  Preventing file race condition
  
  Double submit problem
  
  PHP session handling
  
  A PHP design flaw – open_basedir race condition
  
  Database race condition
  
  Denial of service possibilities
  
  Hashtable collision attack
  
  Classification of security flaws
  
  Using security testing tools
  
  Web vulnerability scanners
  
  SQL injection tools
  
  Public database
  
  Google hacking
  
  Proxy servers and sniffers
  
  Exercise – Capturing network traffic
  
  Static code analysis
After your boot camp
- Your boot camp includes a 1-year subscription to Infosec Skills, so you can take additional time to prepare for your exam, get a head start on your next certification goal or start earning CPEs.

Free PHP training resources

PHP Lab: File Inclusion attacks

File inclusion is one of the popular yet old vulnerabilities that are often seen in websites. Learn more.

See Resources

PHP Lab: Exploiting SQL Injection

This article covers exploiting a SQL injection is to identify the vulnerability.

Learn More

Preventing and repairing security breaches

John Torres, president of Guidepost Solutions' Security & Technology Practice, discusses data security breaches, protecting organizations from online and physical threats, and career paths for those looking to pursue a career in cybersecurity.

Listen Now