In this video from our Secure Coding with PHP online course our instructor Munir will show you how badly coded PHP applications become vulnerable to SQL injection attacks - in this specific example, we will be looking at using information schema to retrieve data. If you want to know how to prevent and/or fix it, join the course, it's all there :). For now though, dive into the video!
With this course, if you're a security professional, it will make you more efficient and resourceful in expediting your security reviews on PHP applications. If you are a developer, you will become better at creating secure software rather than just functional software.
In this course, we start with concepts of PHP and what it has to offer. We learn how to structure applications and consider fundamentals when designing an application. You need to have a solid base to later on ensure everything is nice and secured, and it is helpful to know how developers work if you want to review their code. We also look at various good practices in regard to PHP coding and benchmark them against the top 10 threats to web applications to see how to effectively build bullet proof applications. You don't want to get stuck with code vulnerable to one of the OWASP Top 10, such as a simple SQL injection, do you? Finally, we get exposed to various tools and techniques that can be used to enable us to analyze and fix a majority of our PHP applications.
What will this course give you?
- It will get you up and running with the key concepts of PHP development and application protection.
- It will give you practical implementation of secure PHP development using different tools and techniques.
- You will master the art of detecting, mitigating, fixing, and preventing defects in PHP applications.
- You will also learn the tricks to countering scanners in PHP development.
You will be able to confidently speak about:
- Fundamentals of PHP development.
- Various application protection techniques.
- Using various tools to analyse and defend against attacks to applications.
- Fixing known bugs in PHP applications.
Tools you’ll get familiar with:
- Notepad++ / Visual studio IDE
- OWASP SKF
- Phar-based static analysis tools