Training Calendar

 ◄◄  ◄  ►►  ► 
October 2017
Mon Tue Wed Thu Fri Sat Sun
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
No Image
Bangi
Date :  17-10-2017
18
No Image
Bangi
Date :  18-10-2017
19
No Image
Bangi
Date :  19-10-2017
20
21
22
27
28
29
30
31

psmb

Total Visitors

48%Malaysia Malaysia
24%United States United States
3.6%Philippines Philippines
3.3%Singapore Singapore
2.7%Australia Australia
2.4%India India
2.1%Pakistan Pakistan
2.1%Indonesia Indonesia
1.5%China China
1.2%United Kingdom United Kingdom

Today: 2
Yesterday: 4
This Week: 6
Last Week: 14
This Month: 26
Last Month: 94
Total: 12263

PHP Secure Programming

 

Course Overview

PHP as a programming language is easy to learn and easy to use. This is also the reason for its popularity. Unfortunately, PHP does not only make it easy to write applications, it also comes with certain features that make it easy to write insecure code. This course gives guidelines on how to avoid dangerous language constructs and features. Moreover, it gives instructions on how to perform proper security checks that help to defend against common attacks. Each section deals with a specific security problem or function group and is accompanied by a list of recommendations. These recommendations can be used as a checklist during the development phase and for security assessments.

 

 

Prerequisites

Have knowledge and/or experience in HTML, SQL, and PHP programming.

 

PHP Security – Schedule

Day 1

09.00am – 10.00am

Overview

  • What is PHP security?
  • Basic steps
  • Register globals
10.00am – 10.30am

Breakfast

10.30am – 01.00pm

Security Principles

  • Defense in depth
  • Least privilege
  • Simple is beautiful
  • Minimum Exposure

01.00pm – 02.00pm

Lunch

02.00pm – 05.00pm

Security Practices

  • Balance risk & usability
  • Track data
  • Filter input
  • Escape output

Forms & URLs

  • Forms & data
  • Semantic URL attacks
  • File upload attacks
  • Cross-site scripting
  • Cross-site Request Forgeries
  • Spoofed form submissions
  • Spoofed HTTP requests

Day 2

09.00am – 10.00am

Database & SQL

  • Exposed access credentials
  • SQL Injection
  • Exposed data

10.00am – 10.30am

Breakfast

10.30am – 01.00pm

Sessions and Cookies

  • Cookie theft
  • Exposed Session data
  • Session fixation
  • Session hijacking

01.00pm – 02.00pm

Lunch

02.00pm – 05.00pm

Include Files

  • Exposed source code
  • Backdoor URLs
  • Filename manipulation
  • Code injection

Files & Commands

  • Travesing the filesystem
  • Remote file risks
  • Command injection

                                                                        Day 3

09.00am – 10.00am

Authentication and Authorization

  • Brute force attacks
  • Password sniffing
  • Reply attacks
  • Persistent Logins

10.00am – 10.30am

Breakfast

10.30am – 01.00pm

Secure operations

  • Captcha
  • Input validations

01.00pm – 02.00pm

Lunch

02.00pm – 05.00pm

Secure Environment

  • mod_security
  • Suhosin
  • Intrusion detection system