COD 315: Creating Secure PHP Code
This course teaches PHP programmers the security principals they need to know to build secure PHP applications. This class teaches programming principles for security in PHP such as proper session management, error handling, authentication, authorization, data storage, use of encryption and defensive programming as well as avoiding and mitigating vulnerabilities such as SQL Injections, Cross-Site Scripting (XSS), File Inclusion, Command Injection, Cross Site Request Forgery (CSRF) and Null Byte attacks. With interactive knowledge checks in each of the modules, after completing the course, the student will be able to program securely and defensively in PHP.
Upon completion of this course, participants will be able to:
- Describe how to control user access
- Describe how to handle and report errors
- Understand common mistakes made when protecting transport layer communication
- Describe how to secure user authentication sessions and explore common errors in broken authentication and authorization schemes
- Explain the CSRF attack process and how to prevent CSRF attacks
- Describe how to securely connect to a database
- Explain file inclusion and command injection vulnerabilities
- Describe how to prevent XSS attacks
- Understand best practices and principles for secure PHP code
This course is also available as an Instructor-Led training course.