PHP 8 Web Application Security

Focused View

Christian Wenz

5:19:09

0 View

1. Course Overview

1. Course Overview.mp4

01:54

2. PHP Web Application Security

1. Version Check.mp4

00:15

2. Introduction.mp4

02:10

3. Is PHP Insecure.mp4

05:24

4. Security Principles.mp4

07:16

5. OWASP.mp4

03:17

6. Summary.mp4

01:27

03. Input Validation

01. Introduction.mp4

01:10

02. Online Shop.mp4

04:22

03. What Is Input.mp4

09:21

04. Hacking the Shop.mp4

04:59

05. Validating Mandatory Input.mp4

05:02

06. More Validation With PHP.mp4

04:42

07. The ctype Extension.mp4

02:09

08. The filter Extension.mp4

05:32

09. PHP 7+ Typing.mp4

01:56

10. Summary.mp4

00:56

04. Cross-site Scripting (XSS)

01. Introduction.mp4

00:48

02. Cracking the Shop.mp4

05:09

03. Anatomy of XSS.mp4

03:53

04. Same-origin Policy.mp4

03:28

05. Consequences of XSS.mp4

04:43

06. Types of XSS.mp4

05:44

07. Filtering Input.mp4

03:03

08. Escaping Output.mp4

08:42

09. Preventing XSS in JSON.mp4

04:25

10. Cross-site Script Inclusion (XSSI).mp4

03:22

11. Browser XSS Protection.mp4

04:01

12. Understanding Content Security Policy (CSP).mp4

02:43

13. Using Content Security Policy.mp4

06:54

14. Allowing Inline Code in CSP.mp4

05:22

15. Testing a Content Security Policy.mp4

02:45

16. Summary.mp4

01:32

05. SQL Injection

01. Introduction.mp4

01:15

02. Cracking the Shop.mp4

02:04

03. Famous SQL Injection Incidents.mp4

03:29

04. How SQL Injection Works.mp4

03:39

05. Vulnerable Code Patterns.mp4

03:40

06. Finding SQL Injection.mp4

06:21

07. Preventing SQL Injection.mp4

06:25

08. PHP Database Escaping Functions.mp4

04:38

09. Prepared Statements with PDO.mp4

03:34

10. Prepared Statements with MySQL.mp4

03:14

11. Prepared Statements with PostgreSQL.mp4

02:09

12. Prepared Statements with SQLite.mp4

01:44

13. Prepared Statements with Oracle.mp4

02:05

14. Prepared Statements with Microsoft SQL Server.mp4

02:42

15. Summary.mp4

00:56

6. State Management

1. Introduction.mp4

01:45

2. Cracking the Shop.mp4

02:35

3. Cookies Explained.mp4

06:43

4. Securing Cookies.mp4

06:56

5. Sessions with PHP.mp4

05:29

6. Session Attacks and Countermeasures.mp4

06:36

7. Securing PHP Sessions.mp4

03:33

8. HTTP Strict Transport Security (HSTS).mp4

05:02

9. Summary.mp4

01:20

7. Cross-site Request Forgery (CSRF)

1. Introduction.mp4

00:58

2. Cracking the Shop.mp4

04:23

3. Cross-site Request Forgery Explained.mp4

05:10

4. CSRF Countermeasures.mp4

07:13

5. Token Creation with PHP.mp4

09:39

6. Clickjacking.mp4

03:02

7. Preventing Framing.mp4

06:38

8. Summary.mp4

01:12

8. Storing Passwords

1. Introduction.mp4

01:15

2. Hashing or Encryption.mp4

03:29

3. Hashing Algorithms.mp4

03:29

4. Cracking MD5.mp4

05:06

5. PHP Hashing Algorithms.mp4

02:28

6. PHP Password Hashing API.mp4

05:10

7. More Hashing.mp4

02:39

8. Summary.mp4

01:12

9. Error Handling

1. Introduction.mp4

00:59

2. Hacking the Shop.mp4

03:40

3. PHP Error Levels.mp4

07:09

4. PHP Error Configuration Settings.mp4

05:27

5. Custom Error Handling.mp4

07:50

6. Disabling Revealing Information.mp4

03:35

7. Summary.mp4

01:07

10. Conclusion

1. Introduction.mp4

01:02

2. OWASP Top Ten 1-5.mp4

03:46

3. OWASP Top Ten 6-10.mp4

03:44

4. Summary.mp4

01:27

Description

PHP is one of the most widely-used web programming languages in the world. In this course, you'll learn to write more secure PHP code.

What You'll Learn?

Web applications are under attack every day. PHP, being one of the most widely-used programming languages on the web, is one of the main targets. Some oddities, especially those of older versions, facilitate some of the attacks. This course, PHP Web Application Security, helps developers to understand security risks, how vulnerabilities can be exploited, and how to avoid those attacks. First you'll learn about how to defend against cross-site scripting, including new approaches such as content security policy. Next, you'll learn about how cross-site request forgery works, why it works so well, and how you can implement protection using PHP. Finally, the course will wrap up by teaching you how to protect against SQL injection attacks, covering not only MySQL, but also other relevant databases PHP supports. By the end of this course, you'll have the knowledge to anticipate and defend against the major threats against web applications today.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

PHP

Christian Wenz

Instructor's Courses

Christian Wenz is an author, consultant and trainer focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for ASP.NET, an ASPInsiders member, and main author of the Zend PHP 5.5 certification. His day job at Munich/London-based Arrabiata Solutions (http://www.arrabiata.com/) includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy and web technology mix.

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.