Secure Code Review for PHP Applications (TN – 206)

The aim is to create awareness within various organizations on web application vulnerabilities / security-attacks and security review of PHP application code and steps towards countermeasures through hands-on practical’s in order to minimize the risk and security attacks.

Target Audience

1. Government Departments/Ministries, PSUs, Banking/Financial and Critical sector organizations.

Mandatory Pre-requisites

1. Technical Background
2. Understanding about PHP applications

Helpful Pre-requisites

1. Knowledge of HTTP and HTML

Course Contents

Security Code Review

Why to perform?

Challenges

Secure Code Review Methodology

Automated Code Scanning Tools

Practical Strategies for Conducting Code Reviews

Authentication Bypass

• Introduction
• Code Snippets
• Authentication Bypass via Login Variable
• Unprotected Admin Control Panel
• Mitigation Techniques

Cross-Site Scripting

• Authentication Method
• Introduction
• Code Snippets
• XSS Reviewer Sample Cheatsheet
• Cross-Site Scripting Mitigations

SQL Injection

• Authorization Methods
• Introduction
• Code Snippets
• SQL Login Bypass
• SQL Injection Reviewer Sample Cheatsheet
• SQL Injection Mitigations

Remote Command Execution

• Introduction
• Code Snippets
• Mitigation Techniques

Remote Code Execution

• Introduction
• Code Snippets
• Mitigation Techniques

LFI/RFI

• Introduction
• Code Snippets
• Mitigation Techniques

Local File Disclosure/Download

• Introduction
• Code Snippets
• Mitigation Techniques

Insecure Cookie Handling

• Introduction
• Code Snippets
• Mitigation Techniques

Cross Site Request Forgery

• Introduction
• Code Snippets
• Mitigation Techniques

Insecure Permissions

• Introduction
• Code Snippets
• Read the Users/Passwords
• Download Backups
• INC Files
• Mitigation Techniques

Hands-on Practicals

• Conduct Security Code Review Against Sample Application

Q & A

For customized trainings as per your business requirements, kindly contact us at trainings@torridnetworks.com