Application Security | Trainings

Secure Coding in PHP (TN – 205)

Course will help the professionals involved in software development lifecycle to understand PHP web application vulnerabilities and countermeasures and the risk posed by application security. It will help them learn common attacks and mitigations to bridge application security gap between development and information security staff.

Target Audience

  1. Government Departments/Ministries, PSUs, Banking/Financial and Critical sector organizations

Mandatory Pre-requisites

  1. Technical Background
  2. Understanding about PHP applications

Helpful Pre-requisites

  1. Knowledge of HTTP and HTML

Course Contents

Introduction & Application Security Essentials

  • Goals of Application Security
  • Top Dumb Reasons for Insecure Code
  • Application Security Challenges
  • Traditional SDLC Vs Secure SDLC
  • Secure Application Design Principles
  • Introduction to Vulnerable PHP Application

Secure PHP Platform

  • PHP Security Features
  • Checklist for Securing PHP Configuration
  • Secure PHP Installation

Authentication

  • Authentication Method
  • Weak Authentication
  • Brute-Force Attacks
  • Implementing Authentication in PHP Framework
  • Kerberos Authentication Module for Apache
  • Exploiting Authentication
  • Countermeasures to Stop Authentication Attacks
  • Password Storage and Password Policies
  • Password Reset Method
  • Account Lockout Schemes

Authorization

  • Authorization Methods
  • Broken Authorization
  • Implementing Authorization in PHP Framework
  • Attacking Broken Authorization
  • Preventing Authorization Attacks

Session Management

  • Session Management Mechanisms and Problems
  • Session Fixation Attacks
  • Attacking Poor Session Management application
  • Preventing Session Management Attacks

Data Validation

  • Data Validation Mechanisms
  • SQL Injection
  • Cross-Site Scripting (XSS) Attack
  • LFI (Local File Inclusion)
  • RFI (Remote File Inclusion)
  • Command Execution
  • Preventing Data Validation Attacks
  • Regular Expressions
  • Directory Traversal

Error Handling/Information Leakage

  • Error Handling Management
  • Insecure Error Messages
  • HTML Comments/Information Leakage On Public Mailing Lists
  • PHP Exception Framework and Options
  • Preventing Information Leakage

Cryptography

  • Overview
  • Types of Cryptography
  • Cryptography Problems
  • Exploiting Weak Cryptography application
  • Recommended Algorithms for PHP Framework

Logging

  • Why Logging?
  • Logging Requirements
  • Insecure Logging
  • Logging Best Practices

Hands-on Practicals

  • Hacking a Demo Web Application

Q & A
For customized trainings as per your business requirements, kindly contact us at trainings@torridnetworks.com

Tags:

Comments are closed.