Overview
The PHP learning path includes a variety of security courses that will vary depending on whether you are seeking core, advanced or elite paths. It is designed to provide PHP developers with a solid foundation of security features necessary to develop server-side web application logic.
The PHP learning path offers secure coding best practices to develop back-end web services connection components and support front-end, developers. Learners will be able to apply these security best practices to the entire web application development life cycle from concept stage to delivery and post-launch.
- AWA 101 – Fundamentals of Application Security
- AWA 102 – Secure Software Concepts
- COD 102 – The Role of Software Security
- COD 103 – Creating Software Security Requirements
- COD 104 – Designing Secure Software
- COD 105 – Secure Software Development
- COD 106 – The Importance of Software Integration and Testing
- COD 107 – Secure Software Deployment
- COD 108 – Software Operations and Maintenance
- DES 101 – Fundamentals of Secure Architecture
- COD 251 – Defending AJAX-Enabled Web Applications
- COD 255 – Creating Secure Code: Web API Foundations
- COD 256 – Creating Secure Code: Ruby on Rails Foundations
- COD 258 – Creating Secure PHP Web Applications
- COD 259 – Node.js Threats & Vulnerabilities
- COD 261 – Threats to Scripts
- COD 262 – Fundamentals of Shell and Interpreted Language Security
- COD 263 – Secure Bash Scripting
- COD 264 – Secure Perl Scripting
- COD 265 – Secure Python Scripting
- COD 266 – Secure Ruby Scripting
- COD 281 – Java Security Model
- COD 283 – Java Cryptography
- COD 284 – Secure Java Coding
- DES 204 – Role of Cryptography in Application Development
- DES 207 – Mitigating OWASP API Security Top 10
- DES 212 – Architecture Risk Analysis & Remediation
- DES 232 – Mitigating OWASP 2021 Injection
- DES 233 – Mitigating OWASP 2021 Identification and Authentication Failures
- DES 234 – Mitigating OWASP 2021 Cryptographic Failures
- DES 235 – Mitigating OWASP 2021 Insecure Design
- DES 236 – Mitigating OWASP 2021 Broken Access Control
- DES 237 – Mitigating OWASP 2021 Security Misconfiguration
- DES 238 – Mitigating OWASP 2021 Server-Side Request Forgery (SSRF)
- DES 239 – Mitigating OWASP 2021 Software and Data Integrity Failures
- DES 240 – Mitigating OWASP 2021 Vulnerable and Outdated Components
- DES 241 – Mitigating OWASP 2021 Security Logging and Monitoring Failures
- ENG 205 – Fundamentals of Threat Modeling
- ENG 211 – How to Create Application Security Design Requirements
- ENG 212 – Implementing Secure Software Operations
- LAB 223 – Defending Node.js Applications Against SQL Injection
- LAB 228 – Defending Java Applications Against Weak AES ECB Mode Encryption
- LAB 229 – Defending Java Applications Against Weak PRNG
- LAB 230 – Defending Java Applications Against XSS
- LAB 233 – Defending Node.js Applications Against XSS
- LAB 234 – Defending Java Applications Against Parameter Tampering
- LAB 235 – Defending Java Applications Against Plaintext Password Storage
- LAB 236 – Defending Java Applications Against Sensitive Information in Error Messages
- LAB 237 – Defending Java Applications Against SQL Injection
- LAB 240 – Defending Java Applications Against eXternal XML Entity (XXE) Vulnerabilities
- LAB 242 – Defending Node.js Applications Against eXternal XML Entity (XXE) Vulnerabilities
- LAB 244 – Defending Java Applications Against Security Misconfiguration
- LAB 245 – Defending Node.js Applications Against Plaintext Password Storage
- LAB 246 – Defending Node.js Applications Against Weak AES ECB Mode Encryption
- LAB 247 – Defending Node.js Applications Against Weak PRNG
- LAB 248 – Defending Node.js Applications Against Parameter Tampering
- LAB 262 – Defending Node.js Applications Against Sensitive Information in Error Messages
- LAB 263 – Defending Java Applications Against Sensitive Information in Log Files (NEW)
- LAB 265 – Defending Node.js Applications Against Sensitive Information in Log Files (NEW)
- LAB 267 – Defending Java Applications Against Deserialization of Untrusted Data (NEW)
- LAB 269 – Defending Node.js Applications Against Deserialization of Untrusted Data (NEW)
- LAB 271 – Defending Java Applications Against SSRF (NEW)
- LAB 273 – Defending Node.js Applications Against SSRF (NEW)
- COD 361 – HTML5 Secure Threats
- COD 362 – HTML5 Built in Security Features
- COD 363 – Securing HTML5 Data
- COD 364 – Securing HTML5 Connectivity
- DES 311 – Creating Secure Application Architecture
- DSO 304 – Securing API Gateways in a DevSecOps Framework
- DSO 307 – Secure Secrets Management
- ENG 312 – How to Perform a Security Code Review
- SDT 301 – Testing for Injection
- SDT 302 – Testing for Identification and Authentication Failures
- SDT 304 – Testing for Insecure Design
- SDT 305 – Testing for Broken Access Control
- SDT 306 – Testing for Security Misconfiguration
- SDT 307 – Testing for Server-Side Request Forgery (SSRF)
- SDT 308 – Testing for Software and Data Integrity Failures
- SDT 309 – Testing for Vulnerable and Outdated Components
- SDT 310 – Testing for Security Logging and Monitoring Failures
- SDT 314 – Testing for Unrestricted Upload of File with Dangerous Type
Learning Path Details
Number of Courses: 81
Number of Labs: 25
Total Duration: 22 hours
Total CPE Credits: 26