Training Rogue Wave

Training goals dlearning

code: RW-BSPA

Security is paramount when developing applications for the web. Every year we hear about high profile companies losing sensitive data to intruders, and mainly compromises originate from their web presence. The best way to achieve a truly secure web application is to build that application with security in mind from the start. Join us as we investigate common mistakes and failing in web security, and teach you how to build truly secure web applications from the ground up.

What will I learn:

  • After completing this course, you will be prepared to incorporate standard, best practice security measures into your PHP applications. You will be able to identify the most common types of vector attacks and industry experienced vulnerabilities allowing you to monitor and fortify your application code against them.

What will I be able to achieve?

  • Building truly secure web applications with confidence and aptitude.
  • Ensure that your application and company avoid an embarrassing hack or data breach.
  • Be sure that you understand and can mitigate the most common web security failings, and understand why “Security First” is the best possible way to code.

Audience:

  • This course is designed for intermediate to experienced PHP application developers who are looking to enhance their skills and be able to learn or implement security best practices. It is also appropriate for intermediate PHP and professional developers who are interested in studying early on how to build security into the applications as part of their learning process.

Conspect Show list

  1. CONCEPTS
    • What is Security
    • Defense in Depth
    • Basic Security Rules
    • Building Secure Web Applications Guidelines
    • Open Web Application Security Project (OWASP)
    • Web Application Exploits
    • Risk Management
    • Injection
  2. ATTACKS
    • SQL Injection
    • XSS Injection
    • Cross-site forgeries (CSRF)
    • Brute Force
    • Broken Authentication and Session Management
    • Insecure Direct Object References
    • Security Misconfiguration
    • Insufficient Cryptographic Storage
    • Missing Function-Level Access Control
    • Using Components with Known Vulnerabilities
    • Invalidated Redirects and Forwards
  3. PREVENTION
    • Secure Configuration
    • Authentication Techniques
    • Password Cryptography
    • Hermetic Filtering/Validation/Escaping Techniques
    • Handling Asynchronous Web Calls (AJAX)
    • Lock down Database Security
    • Employing Access Controls and Handling Account Lockouts (ACL)
    • White Listing Techniques
    • Using an API Framework (Apigility)
    • Creating a Standard Review Process
    • Captchas, Tokens and Session Managment
    • Cryptographic Storage Techniques
    • Extension Evaluation
    • Securing File Uploads
    • Logging
    • Web Server Security
  4. RESOURCES
    • Additional Learning Resources
    • Security Standards
    • Penetration Testing
    • Performance Tools
Download conspect training as PDF

Additional information

Requirements

Basic to advanced knowledge of PHP 5 is recommended including experience developing PHP 5 applications.

Difficulty level
Duration 1 day
Certificate

The participants will obtain certificates signed by Rogue Wave Zend.

Trainer

Rogue Wave Zend Certified Trainer.

Other training Rogue Wave | Zend PHP

Training thematically related

Programming

Web Design and Programming

IT Security

PHP

Contact form

Please fill form below to obtain more info about this training.







* Fields marked with (*) are required !!!

Information on data processing by Compendium - Centrum Edukacyjne Spółka z o.o.

525 EUR

close

Discount codes

Discount code may refer to (training, producer, deadline). If you have a discount code, enter it in the appropriate field.
(green means entering the correct code | red means the code is incorrect)

FORM OF TRAINING ?

close

Traditional training

Sessions organised at Compendium CE are usually held in our locations in Kraków and Warsaw, but also in venues designated by the client. The group participating in training meets at a specific place and specific time with a coach and actively participates in laboratory sessions.

Dlearning training

You may participate from at any place in the world. It is sufficient to have a computer (or, actually a tablet, or smartphone) connected to the Internet. Compendium CE provides each Distance Learning training participant with adequate software enabling connection to the Data Center. For more information, please visit dlearning.eu site

TRAINING MATERIALS ?

close

Electronic materials

Electronic Materials: These are electronic training materials that are available to you based on your specific application: Skillpipe, eVantage, etc., or as PDF documents.

Ctab materials

Ctab materials: the price includes ctab tablet and electronic training materials or traditional training materials and supplies provided electronically according to manufacturer's specifications (in PDF or EPUB form). The materials provided are adapted for display on ctab tablets. For more information, check out the ctab website.

 

SELECT TERM TRAINING

No deadlines for this training.

Suggest your own appointment

Upcoming Rogue Wave training

Training schedule Rogue Wave