Everything you need to earn your certification
- 90-day extended access to Boot Camp components, including class recordings
- 100% Satisfaction Guarantee
- Free 90-day Infosec Skills subscription (access to 1,400+ additional courses and labs)
- Hands-on cyber ranges and labs
- Knowledge Transfer Guarantee
Award-winning training you can trust
What you'll learn
Training overview
This comprehensive three-day Secure Coding for PHP Boot Camp discusses web vulnerabilities through PHP-based examples. You’ll learn concepts beyond the OWASP Top Ten, tackling various injection attacks, script injections, attacks against session handling of PHP, insecure direct object references, issues with file upload and many others.
Both the introduction of vulnerabilities and the configuration practices are supported by a number of hands-on exercises demonstrating the consequences of successful attacks, showing how to apply mitigation techniques and introducing the use of various extensions and tools.
Before your boot camp
Prerequisites
Basic to advanced knowledge of PHP, including experience developing PHP applications, as well as familiarity with Apache, MySQL and SQL.
Syllabus
Training schedule
-
Day 1
-
IT security and secure coding
- Nature of security
- IT security related terms
- Definition of risk
- Different aspects of IT security
- Requirements of different application areas
- IT security vs. secure coding
- From vulnerabilities to botnets and cybercrime
- Classification of security flaws
Web application vulnerabilities
Basics of cryptography
- Cryptosystems
- Symmetric-key cryptography
- Other cryptographic algorithms
- Asymmetric (public-key) cryptography
- Public Key Infrastructure (PKI)
Client-side security
- JavaScript security
- AJAX security
- HTML5 security
-
-
Day 2
-
PHP security services
- Cryptography extensions in PHP
- Input validation APIs
PHP environment
- Server configuration
- Securing PHP configuration
- Environment security
- Hardening
- Configuration management
Advice and principles
- Matt Bishop’s principles of robust programming
- The security principles of Saltzer and Schroeder
Input validation
- Input validation concepts
- Remote PHP code execution
- MySQL validation errors – beyond SQL Injection
- Variable scope errors in PHP
- File uploads, spammers
- Environment manipulation
-
-
Day 3
-
Improper use of security features
- Problems related to the use of security features
- Insecure randomness
- Weak PRNGs in PHP
- Stronger PRNGs we can use in PHP
- Password management – stored passwords
- Some usual password management problems
- Storing credentials for external systems
- Privacy violation
- Improper error and exception handling
- Classification of security flaws
Time and state problems
- Concurrency and threading
- Concurrency in PHP
- Preventing file race condition
- Double submit problem
- PHP session handling
- A PHP design flaw – open_basedir race condition
- Database race condition
- Denial of service possibilities
- Hashtable collision attack
- Classification of security flaws
Using security testing tools
- Web vulnerability scanners
- SQL injection tools
- Public database
- Google hacking
- Proxy servers and sniffers
- Exercise – Capturing network traffic
- Static code analysis
-
Guaranteed results
Our boot camp guarantees
100% Satisfaction Guarantee
If you’re not 100% satisfied with your training at the end of the first day, you may withdraw and enroll in a different online or in-person course.
Knowledge Transfer Guarantee
If an employee leaves within three months of obtaining certification, Infosec will train a different employee at the same organization tuition-free for up to one year.
Unlock team training discounts
If you’re like many of our clients, employee certification is more than a goal — it’s a business requirement. Connect with our team to learn more about our training discounts.
Similar boot camps
More learning opportunities
-
Most popularBoot camp
CompTIA Security+ Training Boot Camp
Infosec’s CompTIA Security+ Boot Camp teaches you information security theory and reinforces that theory with hands-on exercises to help you learn by doing. You’ll learn how to configure and operate many different technical security controls — and leave prepared to pass your Security+ exam.
Learn More
-
#1 FOR BEGINNERSBoot camp
Cisco CCNA Associate & CyberOps Associate Training Boot Camp with Dual Certification
Infosec’s authorized CCNA Dual Certification Boot Camp helps you build your knowledge of networking and provides hands-on experience installing, configuring and operating network devices — all while preparing you to earn two Cisco certifications.
Learn More
-
Most requestedBoot camp
(ISC)² CISSP® Certification Training and Boot Camp
Take your career to the next level by earning one of the most in-demand cybersecurity certifications. Infosec’s CISSP training provides a proven method for mastering the broad range of knowledge required to become a Certified Information Systems Security Professional.
Learn More