Secure Coding in PHP Training

Commitment 3 Days, 7-8 hours a day.
Language English
User Ratings Average User Rating 4.8 See what learners said
Delivery Options Instructor-Led Onsite, Online, and Classroom Live


Secure Coding in PHP Training Course discusses Web vulnerabilities through PHP-based examples going beyond the OWASP top ten, tackling various injection attacks, script injections, attacks against session handling of PHP, insecure direct object references, issues with file upload, and many others.

PHP-related vulnerabilities are introduced and grouped into the standard vulnerability types of missing or improper input validation, incorrect error, and exception handling, improper use of security features, and time- and state-related problems. For this latter, we discuss attacks like the open_basedir circumvention, denial-of-service through the magic float, or the hash table collision attack. In all cases, participants will get familiar with the most important techniques and functions to be used to mitigate the enlisted risks.

A special focus is given to client-side security tackling security issues of JavaScript, Ajax, and HTML5. A number of security-related extensions to PHP are introduced like hash, encrypt, and OpenSSL for cryptography, or Ctype, ext/filter, and HTML Purifier for input validation. Hardening best practices are given in connection with PHP configuration (setting php.ini), Apache, and the server in general. Finally, an overview is given of various security testing tools and techniques that developers and testers can use, including security scanners, penetration testing and exploit packs, sniffers, proxy servers, fuzzing tools, and static source code analyzers.

  • 3 days of Secure Coding in PHP Training with an expert instructor
  • Secure Coding in PHP Electronic Course Guide
  • Certificate of Completion
  • 100% Satisfaction Guarantee



Upon completing this Secure Coding in PHP Training course, learners will be able to meet these objectives:

  • Understand basic concepts of security, IT security, and secure coding
  • Learn Web vulnerabilities beyond OWASP Top Ten and know how to avoid them
  • Learn to use various security features of PHP
  • Get information about some recent vulnerabilities of the PHP framework
  • Learn about typical coding mistakes and how to avoid them
  • Get practical knowledge in using security testing tools
  • Get sources and further reading on secure coding practices
  • We can adapt this Secure Coding in PHP Training course to your group’s background and work requirements at little to no added cost.
  • If you are familiar with some aspects of this Secure Coding in PHP course, we can omit or shorten their discussion.
  • We can adjust the emphasis placed on the various topics or build the Secure Coding in PHP around the mix of technologies of interest to you (including technologies other than those included in this outline).
  • If your background is nontechnical, we can exclude the more technical topics, include the topics that may be of special interest to you (e.g., as a manager or policy-maker), and present the Secure Coding in PHP course in a manner understandable to lay audiences.

The target audience for this Secure Coding in PHP Training course:

  • Web developers, architects, and testers

The knowledge and skills that a learner must have before attending this Secure Coding in PHP course are::

  • None


IT security and secure coding
  • Nature of security
  • IT security-related terms
  • Definition of risk
  • Different aspects of IT security
  • Requirements of different application areas
  • IT security vs. secure coding
  • From vulnerabilities to botnets and cyber Crime
  • Classification of security flaws
2 – Web application vulnerabilities
3 – Basics of cryptography
  • Cryptosystems
  • Symmetric-key cryptography
  • Other cryptographic algorithms
  • Asymmetric (public-key) cryptography
  • Public Key Infrastructure (PKI)
4 – Secure Coding in PHP Training – Client-side security
  • JavaScript security
  • Ajax security
  • HTML5 Security
5 – PHP security services
  • Cryptography extensions in PHP
  • Input validation APIs
6 – PHP Environment
  • Server configuration
  • Securing PHP configuration
  • Environment security
  • Hardening
  • Configuration management
7 – Advice and principles
  • Matt Bishop’s principles of robust programming
  • The security principles of Saltzer and Schroeder
8 – Secure Coding in PHP Training – Input validation
  • Input validation concepts
  • Knowledge sources
  • Secure coding sources – a starter kit
  • Remote PHP code execution
  • MySQL validation errors – beyond SQL Injection
  • Variable scope errors in PHP
  • File uploads, spammers
  • Environment manipulation
9 – Improper use of security features
  • Problems related to the use of security features
  • Insecure randomness
  • Weak PRNGs in PHP
  • Stronger PRNGs we can use in PHP
  • Password management – stored passwords
  • Some usual password management problems
  • Storing credentials for external systems
  • Privacy violation
  • Improper error and exception handling
10 – Time and state problems
  • Concurrency and threading
  • Concurrency in PHP
  • Preventing file race condition
  • Double submit problem
  • PHP session handling
  • A PHP design flaw – open_basedir race condition
  • Database race condition
  • Denial of service possibilities
  • Hashtable collision attack
11 – Using security testing tools
  • Web vulnerability scanners
  • SQL injection tools
  • Public database
  • Google hacking
  • Proxy servers and sniffers
  • Exercise – Capturing network traffic
  • Static code analysis
Secure Coding in PHP TrainingSecure Coding in PHP Training Course Recap, Q/A, and Evaluations