Training Calendar

 ◄◄  ◄  ►►  ► 
August 2017
Mon Tue Wed Thu Fri Sat Sun
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
No Image
Kuala Lumpur
Date :  22-08-2017
23
No Image
Kuala Lumpur
Date :  23-08-2017
24
25
26
27
28
29
No Image
Kuala Lumpur
Date :  29-08-2017
30
No Image
Kuala Lumpur
Date :  30-08-2017
31

psmb

Total Visitors

40.1%Malaysia Malaysia
23.9%United States United States
5.1%Philippines Philippines
4.5%India India
2.8%Australia Australia
2.8%Indonesia Indonesia
2.5%China China
2.5%Singapore Singapore
1.4%Canada Canada
1.1%Bangladesh Bangladesh

Today: 1
Yesterday: 9
This Week: 11
Last Week: 20
This Month: 157
Last Month: 169
Total: 12129

PHP Secure Programming

 

Course Overview

PHP as a programming language is easy to learn and easy to use. This is also the reason for its popularity. Unfortunately, PHP does not only make it easy to write applications, it also comes with certain features that make it easy to write insecure code. This course gives guidelines on how to avoid dangerous language constructs and features. Moreover, it gives instructions on how to perform proper security checks that help to defend against common attacks. Each section deals with a specific security problem or function group and is accompanied by a list of recommendations. These recommendations can be used as a checklist during the development phase and for security assessments.

 

 

Prerequisites

Have knowledge and/or experience in HTML, SQL, and PHP programming.

 

PHP Security – Schedule

Day 1

09.00am – 10.00am

Overview

  • What is PHP security?
  • Basic steps
  • Register globals
10.00am – 10.30am

Breakfast

10.30am – 01.00pm

Security Principles

  • Defense in depth
  • Least privilege
  • Simple is beautiful
  • Minimum Exposure

01.00pm – 02.00pm

Lunch

02.00pm – 05.00pm

Security Practices

  • Balance risk & usability
  • Track data
  • Filter input
  • Escape output

Forms & URLs

  • Forms & data
  • Semantic URL attacks
  • File upload attacks
  • Cross-site scripting
  • Cross-site Request Forgeries
  • Spoofed form submissions
  • Spoofed HTTP requests

Day 2

09.00am – 10.00am

Database & SQL

  • Exposed access credentials
  • SQL Injection
  • Exposed data

10.00am – 10.30am

Breakfast

10.30am – 01.00pm

Sessions and Cookies

  • Cookie theft
  • Exposed Session data
  • Session fixation
  • Session hijacking

01.00pm – 02.00pm

Lunch

02.00pm – 05.00pm

Include Files

  • Exposed source code
  • Backdoor URLs
  • Filename manipulation
  • Code injection

Files & Commands

  • Travesing the filesystem
  • Remote file risks
  • Command injection

                                                                        Day 3

09.00am – 10.00am

Authentication and Authorization

  • Brute force attacks
  • Password sniffing
  • Reply attacks
  • Persistent Logins

10.00am – 10.30am

Breakfast

10.30am – 01.00pm

Secure operations

  • Captcha
  • Input validations

01.00pm – 02.00pm

Lunch

02.00pm – 05.00pm

Secure Environment

  • mod_security
  • Suhosin
  • Intrusion detection system