OBJECTIF

PHP is a powerful language for the rapid development of websites, intranet portals or business applications. You will learn to avoid the main vulnerabilities related to web applications, as well as those specific to the PHP platform. This training will also allow you to integrate key best practices into your development cycle to minimize risk and improve the quality of your application. This training covers the essentials of secure development with PHP, from design to deployment.

In particular, the objectives of the training are:

• Understand the challenges of web application security
• Know how to use the tools to develop in a secure way

PREREQUISITES

• Bases in development

• Knowledge of the PHP language

GENERAL INFORMATION

• Code : DSWPHP
• Duration : 3 Days
• schedule : 8h30 - 17h30
• place : training center, Center Urbain Nord

TARGETED AUDIENCE

• • System Administrators
• • Developers

RESOURCES

• Course materials
• 40% demonstration
• 40% of theory
• 20% practical exercises

PROGRAM OF TRAINING

• Days 1
• Introduction to computer security

• The security context
• Risks incurred and impacts


• Introducing PHP

• History: from the scripting language to today
• The PHP ecosystem


• Main attacks

• Cross Site Scripting
• SQL injection
• File inclusion
• Logical vulnerabilities
• Race conditions
• Denial of service
• Remote Code Execution
• Cross Site Request Forgery
• Fixation session


• Days 2
• Updates

• System
• Web Applications


• The pitfalls of PHP

• Using documentation

• Low typing
• Generating random data
• Time Attacks
• Serialization


• Good practices

• Using compose
• PDO and MNOs
• Frameworks
• Captchas
• Securing flows


• Days 3
• Patterns of development

• Management of confidential information
• Validation of user input
• Redirection Management
• Management of errors and exceptions


• Deploy an application

• Unit test
• Continuous integration
• Deployment system
• Static code analysis