PHP Web Application Security

Pluralsight

Course Summary

PHP is one of the most widely-used web programming languages in the world. In this course, you'll learn to write more secure PHP code.

+
Course Description

Web applications are under attack every day. PHP, being one of the most widely-used programming languages on the web, is one of the main targets. Some oddities, especially those of older versions, facilitate some of the attacks. This course, PHP Web Application Security, helps developers to understand security risks, how vulnerabilities can be exploited, and how to avoid those attacks. First you'll learn about how to defend against cross-site scripting, including new approaches such as content security policy. Next, you'll learn about how cross-site request forgery works, why it works so well, and how you can implement protection using PHP. Finally, the course will wrap up by teaching you how to protect against SQL injection attacks, covering not only MySQL, but also other relevant databases PHP supports. By the end of this course, you'll have the knowledge to anticipate and defend against the major threats against web applications today.

Course Description

Web applications are under attack every day. PHP, being one of the most widely-used programming languages on the web, is one of the main targets. Some oddities, especially those of older versions, facilitate some of the attacks. This course, PHP Web Application Security, helps developers to understand security risks, how vulnerabilities can be exploited, and how to avoid those attacks. First you'll learn about how to defend against cross-site scripting, including new approaches such as content security policy. Next, you'll learn about how cross-site request forgery works, why it works so well, and how you can implement protection using PHP. Finally, the course will wrap up by teaching you how to protect against SQL injection attacks, covering not only MySQL, but also other relevant databases PHP supports. By the end of this course, you'll have the knowledge to anticipate and defend against the major threats against web applications today.

+
Course Syllabus

Course Overview
- 1m 54s

â€”Course Overview 1m 54s

PHP Web Application Security
- 19m 46s

â€”Introduction 2m 10s
â€”Is PHP Insecure? 5m 24s
â€”Security Principles 7m 16s
â€”OWASP 3m 27s
â€”Summary 1m 27s

Input Validation
- 40m 14s

â€”Introduction 1m 10s
â€”Online Shop 4m 22s
â€”What Is Input? 9m 21s
â€”Hacking the Shop 4m 59s
â€”Validating Mandatory Input 5m 2s
â€”More Validation With PHP 4m 42s
â€”The ctype Extension 2m 9s
â€”The filter Extension 5m 32s
â€”PHP 7+ Typing 1m 56s
â€”Summary 0m 56s

Cross-site Scripting (XSS)
- 1h 6m

â€”Introduction 0m 48s
â€”Cracking the Shop 5m 9s
â€”Anatomy of XSS 3m 53s
â€”Same-origin Policy 3m 28s
â€”Consequences of XSS 4m 43s
â€”Types of XSS 5m 44s
â€”Filtering Input 3m 3s
â€”Escaping Output 8m 42s
â€”Preventing XSS in JSON 4m 25s
â€”Cross-site Script Inclusion (XSSI) 3m 22s
â€”Browser XSS Protection 4m 1s
â€”Understanding Content Security Policy (CSP) 2m 43s
â€”Using Content Security Policy 6m 54s
â€”Allowing Inline Code in CSP 5m 22s
â€”Testing a Content Security Policy 2m 45s
â€”Summary 1m 32s

SQL Injection
- 48m 2s

â€”Introduction 1m 15s
â€”Cracking the Shop 2m 4s
â€”Famous SQL Injection Incidents 3m 29s
â€”How SQL Injection Works 3m 39s
â€”Vulnerable Code Patterns 3m 40s
â€”Finding SQL Injection 6m 21s
â€”Preventing SQL Injection 6m 25s
â€”PHP Database Escaping Functions 4m 38s
â€”Prepared Statements with PDO 3m 34s
â€”Prepared Statements with MySQL 3m 14s
â€”Prepared Statements with PostgreSQL 2m 9s
â€”Prepared Statements with SQLite 1m 44s
â€”Prepared Statements with Oracle 2m 5s
â€”Prepared Statements with Microsoft SQL Server 2m 42s
â€”Summary 0m 56s

State Management
- 37m 17s

â€”Introduction 1m 45s
â€”Cracking the Shop 2m 35s
â€”Cookies Explained 6m 43s
â€”Securing Cookies 4m 57s
â€”Sessions with PHP 5m 29s
â€”Session Attacks and Countermeasures 6m 36s
â€”Securing PHP Sessions 2m 46s
â€”HTTP Strict Transport Security (HSTS) 5m 2s
â€”Summary 1m 20s

Cross-site Request Forgery (CSRF)
- 37m 46s

â€”Introduction 0m 58s
â€”Cracking the Shop 4m 23s
â€”Cross-site Request Forgery Explained 5m 10s
â€”CSRF Countermeasures 7m 13s
â€”Token Creation with PHP 9m 6s
â€”Clickjacking 3m 2s
â€”Preventing Framing 6m 38s
â€”Summary 1m 12s

Storing Passwords
- 24m 51s

â€”Introduction 1m 15s
â€”Hashing or Encryption? 3m 29s
â€”Hashing Algorithms 3m 29s
â€”Cracking MD5 5m 6s
â€”PHP Hashing Algorithms 2m 28s
â€”PHP Password Hashing API 5m 10s
â€”More Hashing 2m 39s
â€”Summary 1m 12s

Error Handling
- 29m 50s

â€”Introduction 0m 59s
â€”Hacking the Shop 3m 40s
â€”PHP Error Levels 7m 9s
â€”PHP Error Configuration Settings 5m 27s
â€”Custom Error Handling 7m 50s
â€”Disabling Revealing Information 3m 35s
â€”Summary 1m 7s

Conclusion
- 12m 13s

â€”Introduction 1m 53s
â€”OWASP Top Ten 1-5 4m 22s
â€”OWASP Top Ten 6-10 4m 30s
â€”Summary 1m 27s

Course Fee:

USD 29

Course Type:	Self-Study
Course Status:	Active
Workload:	1 - 4 hours / week

This course is listed under Open Source , Development & Implementations , Data & Information Management and IT Security & Architecture Community

Attended this course? Write a Review

Course Fee:

USD 29

Course Type:	Self-Study
Course Status:	Active
Workload:	1 - 4 hours / week

IT Career Development Platform

PHP Web Application Security

Pluralsight

Course Summary

Course Description

Course Description

Course Syllabus

Course Type:

Course Status:

Workload:

PHP

SQL (Structured Query Language)

SQL injection

Cross-Site Scripting (XSS)

Hashing

Web application (Web app)

Security policy

Cross-Site Request Forgery (CSRF)

Application Security

OWASP (Open Web Application Security Project)

Attended this course? Write a Review

Course Type:

Course Status:

Workload: