Web applications are under attack every day. PHP, being one of the most widely-used programming languages on the web, is one of the main targets. Some oddities, especially those of older versions, facilitate some of the attacks. This course, PHP Web Application Security, helps developers to understand security risks, how vulnerabilities can be exploited, and how to avoid those attacks. First you'll learn about how to defend against cross-site scripting, including new approaches such as content security policy. Next, you'll learn about how cross-site request forgery works, why it works so well, and how you can implement protection using PHP. Finally, the course will wrap up by teaching you how to protect against SQL injection attacks, covering not only MySQL, but also other relevant databases PHP supports. By the end of this course, you'll have the knowledge to anticipate and defend against the major threats against web applications today.
Christian Wenz is an author, consultant and trainer focusing on web technologies. He wrote or co-wrote over 100 books, is a fixture at international developer conferences since 2001, is a Microsoft Most Valuable Professional (MVP) for ASP.NET, an ASPInsiders member, and main author of the Zend PHP 5.5 certification.
Course Overview Hi everyone. My name is Christian Wenz, and welcome to my course PHP Web Application Security. I'm a partner at Arrabiata Solutions, and support several companies in everything web including web performance and web application security. About 15 years ago, I discovered the topic web application security for myself thinking that I work on that for a year or two. Well, I'm still here and according to a study, 9 out of 10 web applications do have security issues. Recent high profile incidents prove that the topic is still around today and more important than ever. In this course, we're going to learn how our PHP web applications may become number 10 out of 10 avoiding as many security issues as possible. We discuss attacks, counter measures, and what PHP brings to the table. Some of the major topics that we will cover include defending against cross-site scripting including new approaches, such as content security policy, how cross-site request forgery works, why it works so well, and how to implement protection using PHP, protecting against SQL injection attacks covering not only my SQL, but also other relevant databases PHP supports, and several more attacks and what to do against them. By the end of this course, you'll know how to anticipate and defend against the major threats for web applications today. Before beginning the course, you should be familiar with PHP in general. You might consider the PHP Get Started course as a good basis. I hope you'll join me on this journey with the PHP Web Application Security course at Pluralsight.