Course

Skills Expanded

PHP 8 Web Application Security

by Christian Wenz

PHP is one of the most widely-used web programming languages in the world. In this course, you'll learn to write more secure PHP code.

Preview this course

Try for free

Get this course plus top-rated picks in tech skills and other popular topics.

$45.00

per month after 10 day trial

Your 10 day Premium free trial includes

Expanded library

This course and over 7,000+ additional courses from our full course library.

Hands-on library

Practice and apply knowledge faster in real-world scenarios with projects and interactive courses.

*Available on Premium only

For teams

Give up to 50 users access to our full library including this course free for 30 days

Course info

Rating

(51)

Level

Intermediate

Updated

May 5, 2022

Duration

5h 19m

What you'll learn

Web applications are under attack every day. PHP, being one of the most widely-used programming languages on the web, is one of the main targets. Some oddities, especially those of older versions, facilitate some of the attacks. This course, PHP Web Application Security, helps developers to understand security risks, how vulnerabilities can be exploited, and how to avoid those attacks. First you'll learn about how to defend against cross-site scripting, including new approaches such as content security policy. Next, you'll learn about how cross-site request forgery works, why it works so well, and how you can implement protection using PHP. Finally, the course will wrap up by teaching you how to protect against SQL injection attacks, covering not only MySQL, but also other relevant databases PHP supports. By the end of this course, you'll have the knowledge to anticipate and defend against the major threats against web applications today.

Course Overview

1min

Course Overview 2m

PHP Web Application Security

19mins

Input Validation

40mins

Introduction 1m
Online Shop 4m
What Is Input? 9m
Hacking the Shop 5m
Validating Mandatory Input 5m
More Validation With PHP 5m
The ctype Extension 2m
The filter Extension 6m
PHP 7+ Typing 2m
Summary 1m

Cross-site Scripting (XSS)

66mins

Introduction 1m
Cracking the Shop 5m
Anatomy of XSS 4m
Same-origin Policy 3m
Consequences of XSS 5m
Types of XSS 6m
Filtering Input 3m
Escaping Output 9m
Preventing XSS in JSON 4m
Cross-site Script Inclusion (XSSI) 3m
Browser XSS Protection 4m
Understanding Content Security Policy (CSP) 3m
Using Content Security Policy 7m
Allowing Inline Code in CSP 5m
Testing a Content Security Policy 3m
Summary 2m

SQL Injection

48mins

Introduction 1m
Cracking the Shop 2m
Famous SQL Injection Incidents 3m
How SQL Injection Works 4m
Vulnerable Code Patterns 4m
Finding SQL Injection 6m
Preventing SQL Injection 6m
PHP Database Escaping Functions 5m
Prepared Statements with PDO 4m
Prepared Statements with MySQL 3m
Prepared Statements with PostgreSQL 2m
Prepared Statements with SQLite 2m
Prepared Statements with Oracle 2m
Prepared Statements with Microsoft SQL Server 3m
Summary 1m

State Management

40mins

Introduction 2m
Cracking the Shop 3m
Cookies Explained 7m
Securing Cookies 7m
Sessions with PHP 5m
Session Attacks and Countermeasures 7m
Securing PHP Sessions 4m
HTTP Strict Transport Security (HSTS) 5m
Summary 1m

Cross-site Request Forgery (CSRF)

38mins

Introduction 1m
Cracking the Shop 4m
Cross-site Request Forgery Explained 5m
CSRF Countermeasures 7m
Token Creation with PHP 10m
Clickjacking 3m
Preventing Framing 7m
Summary 1m

Storing Passwords

24mins

Introduction 1m
Hashing or Encryption? 3m
Hashing Algorithms 3m
Cracking MD5 5m
PHP Hashing Algorithms 2m
PHP Password Hashing API 5m
More Hashing 3m
Summary 1m

Error Handling

29mins

Introduction 1m
Hacking the Shop 4m
PHP Error Levels 7m
PHP Error Configuration Settings 5m
Custom Error Handling 8m
Disabling Revealing Information 4m
Summary 1m

Conclusion

10mins

Introduction 1m
OWASP Top Ten 1-5 4m
OWASP Top Ten 6-10 4m
Summary 1m

About the author

Christian Wenz

Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an... mored web technology mix.

See more courses by Christian Wenz

Try for free

Get this course plus top-rated picks in tech skills and other popular topics.

$45.00

per month after 10 day trial

Your 10 day Premium free trial includes

Expanded library

This course and over 7,000+ additional courses from our full course library.

Hands-on library

Practice and apply knowledge faster in real-world scenarios with projects and interactive courses.

*Available on Premium only

For teams

Give up to 50 users access to our full library including this course free for 30 days

Course info

Rating

(51)

Level

Intermediate

Updated

May 5, 2022

Duration

5h 19m

Ready to upskill? Get started

Contact Sales

PHP 8 Web Application Security

What you'll learn

Table of contents

About the author

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill up
your entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Contact Sales

PHP 8 Web Application Security

What you'll learn

Table of contents

About the author

Get access now

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Ready to skill upyour entire team?

With your Pluralsight plan, you can:

With your 30-day pilot, you can:

Support

Community

Company

Industries

Newsletter

Ready to skill up
your entire team?

Ready to skill up
your entire team?