HSC   Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Training courses > Hands on PHP secure programming
Search:  
 Version française
   Training courses   
o Planning
o LSTI Training courses
o Certifications
o Formations universitaires
   E-learning   
o E-learning HSC
o ISO 27001
o PHP security
   Contacts   
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|Hands on PHP secure programming  
Training courses
See also...
o Organization of the courses
o Training sessions planning
o E-learning PHP secure programming
o Goals
o Duration
o Instructor(s)
o Pre-requisite for attendants
o Teaching method
o Related courses
o Material
o Agenda
o Methods of inscription

Dates of the coming sessions:
> 7-9 April 2010 (Paris)
> 3-5 November 2010 (Paris)
Dates subject to modification without prior notice. The sessions will only take place if the number of registered attendants is high enough.

PHP Web application are easy and fast to develop. Numerous PHP applications exposed on the internet are vulnerable to common vulnerabilities like SQL injections. This course is one way to increase the security level of your Web application.The content of this course is based on the feedback of all PHP code audit HSC performed. A laptop and a virtual machine containing Web applications will be given to each attendant. The attendant's main goal is to fix the vulnerabilities located in the installed Web applications.
Each type of vulnerability is described in 4 steps:

  • overview
  • exploitation risks exposure
  • secure implementations description
  • exercices in order to check that attendants really understand how to fix the vulnerability

Goals

The aim of this course is to expose most well-known web application vulnerabilities so the attendant will be able to implement secure PHP code.

Duration

3 days.

Instructor(s)

This training is given by:

  • Nicolas Collignon

Pre-requisite for attendants

The target audience for this course is PHP developers, PHP projects leaders and IT security consultants focused on Web applications security.
Attendants must be familiar with PHP programming and databases interactions (basic SQL level).

Teaching method

Related courses

Web Servers and applications Security

Material

The course is delivered in french only. Course material include slides and exercices in French.

Agenda

Rappels

  • HTTP Protocol
  • Client/Server model
  • Cookies and users sessions
  • HTTPS Protocol
Architecture
  • Code organisation
  • Files naming issues
Authentication and authorization
  • User profiles management
  • User passwords management
  • Implementing access controls
Databases
  • Introduction
  • SQL injections
  • Implementing secure database accesses without "SQL prepared statements"
  • Implementing secure database accesses with "SQL prepared statements"
  • Minimizing risks
Sensitive code
  • Files handling
  • Uploads handling
  • External programs execution
  • Dynamic code execution
  • safe_mode
Cross Site Scripting
  • Introduction
  • Attacks sample cases
  • Implementing XSS-free code
  • CSRF

Methods of inscription

For registering an HSC course, please contact our training department by phone : +33 141 409 704 or by email at formations@hsc.fr, with first and last name of every student, your postal address and your company VAT number. Thoses informations enable us to send your the training agreement. The training agreement must be return agreed with signature and company stamp with you purchase order, at least 6 days before the course. The purchase order should precise your billing address and our payment regulations : net 30 days from our invoice date. Registration is completed as soon as we received those two documents.

Last modified on 19 October 2009 at 14:24:06 CET - webmaster@hsc.fr
Information on this server - © 1989-2009 Hervé Schauer Consultants