PHP Security Crash Course Part 2
This PHP class presents a comprehensive overview of security and has been designed to equip PHP developers with the knowledge they need to build more secure web applications.
Audience:
This course is designed for experienced PHP application developers who want to learn or be reminded of security best practices. It is also appropriate for new PHP developers who want to learn how to build security into the applications they are learning to create.
Prerequisites:
Basic knowledge of PHP 5
Course Objectives:
Upon completing the course, participants will be prepared to:- Incorporate standard, best practice security measures into their PHP applications
- Identify the most common types of vector attacks and how best to monitor and guard against them.
Topics Include:
- What is Security
- The Defense in Depth Concept
- Security’s Basic Rules
- Guidelines for Building Secure Web Applications
- Injection Attacks (SQL, XSS, Command, Remote Code)
- XSRF Attacks
- Session Security
- Secure File Uploads
- Creating Secure Configurations
- Password Security
- Sandboxes & Tarpits
- Security through Obscurity
- Security Implications for AJAX
- Filtering for Charsets
Kevin Schroeder
Zend Technologies
Kevin Schroeder, Technical Consultant for Zend Technologies, is well versed in a wide variety of technologies pertinent to both small and large scale application deployments. He has developed production software using a wide variety of languages including PHP, Java (standalone apps and servlets), Javascript, HTML, SQL, Perl, Visual Basic, ASP and occasionally C. His software development experience is accompanied with extensive experience as a system administrator on platforms including Linux, Solaris and Windows on scales of a single server up to several hundred servers on installations that range from a few users to millions of users.
Currently for Zend, Kevin travels around the country providing PHP-based services for a variety of customers. He is also a proven instructor for many of Zend’s courses and is deeply involved in training development as well as speaking at conferences on a variety of subjects pertaining to PHP.