PHP 8 Web Application Security
PHP is one of the most widely-used web programming languages in the world. In this course, you'll learn to write more secure PHP code.
What you'll learn
Web applications are under attack every day. PHP, being one of the most widely-used programming languages on the web, is one of the main targets. Some oddities, especially those of older versions, facilitate some of the attacks. This course, PHP Web Application Security, helps developers to understand security risks, how vulnerabilities can be exploited, and how to avoid those attacks. First you'll learn about how to defend against cross-site scripting, including new approaches such as content security policy. Next, you'll learn about how cross-site request forgery works, why it works so well, and how you can implement protection using PHP. Finally, the course will wrap up by teaching you how to protect against SQL injection attacks, covering not only MySQL, but also other relevant databases PHP supports. By the end of this course, you'll have the knowledge to anticipate and defend against the major threats against web applications today.
Table of contents
- Introduction 1m
- Cracking the Shop 5m
- Anatomy of XSS 4m
- Same-origin Policy 3m
- Consequences of XSS 5m
- Types of XSS 6m
- Filtering Input 3m
- Escaping Output 9m
- Preventing XSS in JSON 4m
- Cross-site Script Inclusion (XSSI) 3m
- Browser XSS Protection 4m
- Understanding Content Security Policy (CSP) 3m
- Using Content Security Policy 7m
- Allowing Inline Code in CSP 5m
- Testing a Content Security Policy 3m
- Summary 2m
- Introduction 1m
- Cracking the Shop 2m
- Famous SQL Injection Incidents 3m
- How SQL Injection Works 4m
- Vulnerable Code Patterns 4m
- Finding SQL Injection 6m
- Preventing SQL Injection 6m
- PHP Database Escaping Functions 5m
- Prepared Statements with PDO 4m
- Prepared Statements with MySQL 3m
- Prepared Statements with PostgreSQL 2m
- Prepared Statements with SQLite 2m
- Prepared Statements with Oracle 2m
- Prepared Statements with Microsoft SQL Server 3m
- Summary 1m
About the author
Christian Wenz is an architect, consultant and author focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for Developer Technologies since 2004, and the main author of the official Zend PHP certification. His day job includes conducting security audits, migrating old code bases, implementing complex web applications and helping companies choose the right web strategy an... more