PHP Web Application Security

PHP is one of the most widely-used web programming languages in the world. In this course, you'll learn to write more secure PHP code.
Course info
Rating
(32)
Level
Intermediate
Updated
Sep 1, 2016
Duration
5h 19m
Table of contents
Course Overview
PHP Web Application Security
Input Validation
Cross-site Scripting (XSS)
SQL Injection
State Management
Cross-site Request Forgery (CSRF)
Storing Passwords
Error Handling
Conclusion
Description
Course info
Rating
(32)
Level
Intermediate
Updated
Sep 1, 2016
Duration
5h 19m
Description

Web applications are under attack every day. PHP, being one of the most widely-used programming languages on the web, is one of the main targets. Some oddities, especially those of older versions, facilitate some of the attacks. This course, PHP Web Application Security, helps developers to understand security risks, how vulnerabilities can be exploited, and how to avoid those attacks. First you'll learn about how to defend against cross-site scripting, including new approaches such as content security policy. Next, you'll learn about how cross-site request forgery works, why it works so well, and how you can implement protection using PHP. Finally, the course will wrap up by teaching you how to protect against SQL injection attacks, covering not only MySQL, but also other relevant databases PHP supports. By the end of this course, you'll have the knowledge to anticipate and defend against the major threats against web applications today.

About the author
About the author

Christian Wenz is an author, consultant and trainer focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for ASP.NET, an ASPInsiders member, and main author of the Zend PHP 5.5 certification.

More from the author
PHP: Getting Started
Beginner
3h 23m
Sep 24, 2019
Building a Site with Angular and PHP
Intermediate
3h 52m
Dec 20, 2017
More courses by Christian Wenz
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Hi everyone. My name is Christian Wenz, and welcome to my course PHP Web Application Security. I'm a partner at Arrabiata Solutions, and support several companies in everything web including web performance and web application security. About 15 years ago, I discovered the topic web application security for myself thinking that I work on that for a year or two. Well, I'm still here and according to a study, 9 out of 10 web applications do have security issues. Recent high profile incidents prove that the topic is still around today and more important than ever. In this course, we're going to learn how our PHP web applications may become number 10 out of 10 avoiding as many security issues as possible. We discuss attacks, counter measures, and what PHP brings to the table. Some of the major topics that we will cover include defending against cross-site scripting including new approaches, such as content security policy, how cross-site request forgery works, why it works so well, and how to implement protection using PHP, protecting against SQL injection attacks covering not only my SQL, but also other relevant databases PHP supports, and several more attacks and what to do against them. By the end of this course, you'll know how to anticipate and defend against the major threats for web applications today. Before beginning the course, you should be familiar with PHP in general. You might consider the PHP Get Started course as a good basis. I hope you'll join me on this journey with the PHP Web Application Security course at Pluralsight.