The course will present security guidelines and considerations in PHP Web Applications Development. Participants will learn basics of application security, how to enforce security on a PHP based application in the code level, and security best practices to be followed in each phases of software development life cycle. The course revolves around testing and fixing of issues filed under OWASP TOP 10.
Objectives of the course
Upon completion of this course, participants will be able to:
- Understand the need for security
- Understand the security threats
- Design and develop secured PHP applications
- Design & develop application using ESAPI (Enterprise Security API by OWASP)
Who should attend this course?
- PHP developers wishing to improve their security skills
- Testers who wants to improve their security skills
- Development & System Architects wishing to improve their security skills and awareness
- Module 1: Introduction & Case Study
- Module 2: Knowing Security Testing Methodologies
- Module 3: Application Security – Overview
- Threat Modeling Objective
- Terminologies Used
- Threat Profiling
- STRID Model
- DREAD Model
- Practical Consideration
- Threat Modeling Tools
- Using Web Application Proxy
- Burp Suite
- OWASP Top 10
- A2-Broken Authentication and Session Management
- A3-Cross-Site Scripting (XSS)
- A4-Insecure Direct Object References
- A5-Security Misconfiguration
- A6-Sensitive Data Exposure
- A7-Missing Function Level Access Control
- A8-Cross-Site Request Forgery (CSRF)
- A9-Using Components with Known Vulnerabilities
- A10-Unvalidated Redirects and Forwards
- Beyond OWASP
- Abuse of functionality
- Denial of Service
- Server Vulnerabilities
- Authentication & Authorization Issues
- From File Inclusion to Remote Code Execution
- API/CMS Based Vulnerabilities
- Diving from WEB to LAN
- Business Logic Testing
- Flash Based Attacks
- iFrame Attacks
- Automated Scanner
- Profiling Scans
- Interpreting Results
- Identifying False Positives
- Validation Concerns
- Session Management Best Practices
- Authentication & Authorization Issues
- CSRF Fixes
- Secure File Upload
- Preventing File Inclusions
- Issues with Randomization
- Understanding Cryptography
- Error handling and logging
- Security in .htaccess
- Security in php.ini
- Developer v/s InfoSec Team
- Why SCA
- SCA during SDLC
- Languages and Framework Supported
- Vulnerability Checks
- Integration in the Software Development Process
- Report Reading
- Identification of False Positive
- Getting ROI of an SCA
Faculty is great, knowledgeable, approachable instructor. I enjoyed & learnt a lot from the course & from him. My only suggestion is to give the course structure (i:e break time & time –table) before hands.
Azam Al Fayor, Personnal Department, Aramco
Faculty is outstanding instructor who simplified this course into an interactive course.
Abdulaziz Alanmed , Aramco
Faculty is an excellent instructor.
Mujed Rasheed, Aramco
Faculty has well established his credibility by showing real cases, that demonstrated his great knowledge
Sultan Almutairi, Aramco
Good topic on OWASP 10. Content was very good. Over all Satisfied.
Nilesh Pujari, Software Developer- IndusInd bank
It is very good session covered all OWASP top 10 points
Amit Kumar, DM- IndusInd bank
The session was very good, covered all OWASP Top 10 points
Kalpesh Sanghani, AM- IndusInd bank
It is very good experience to learn Web Security and the teacher is very Technically sound and the classes are very good.
Joseph Chacko, Analyst Programmer- IndusInd bank
It is very good experience to learn about Web Security and the way teacher teach us, it is very good and understanding.
Bilal Dafedure, Manager IT- IndusInd bank.
The training helped in understanding application security and its importance along with implementation of Secure Coding Practices.
Deepak Sahu, Analyst Programmer- IndusInd bank
The course has given me comprehensive knowledge of application security and enhance the same highly secure Web Application development.
Zujar Kanchwala, Module Lead- IndusInd Bank
Session is very good, covered all the OWASP Top 10 with proper fixes and available examples. Great training session and interesting. Challenging topics- have learned lots of new things.
Swapnil Dube, Analyst Programmer- IndusInd bank
Very knowledgeable and good with teaching to the point and convincing
Aniket Dorwat, Sr Software Engineer, Xoriant Solutions
Clear on knowledge and ability to explain complex concepts in simple term which could be easily be understood. It created an awareness about the intensity of Security Threats to Application
Yogesh Kadhav, Software developer, Xoriant Solutions
Faculty is having excellent knowledge in this area. Tries to clear out at his best. It has created awareness for security in coding and also, in other leads, increased my interest to go further in detail
Manisha Palan, Software developer, Xoriant Solutions
This is a very good course. Rohit has a very knowledge of security with good capacity to explain and present the subject. A good knowledge about the implementation of security is gained. This will be helpful in future
Mali Digambar, Software developer, Xoriant Solutions
It was an eye opener and the faculty was extremely good, informative from end to end. Completely curved by the knowledge possessed and the training was extremely good.
Arun Gopava Krishnan, Senior Manager, Standard Chartered
Training was great
Sivaraman Pathsavy, Manager Technical, Standard Chartered
Very good and useful training with online demos
Rajkumar K, Associate Vice President, Standard Chartered
Course coverage is excellent
K Thanigaivasan, Business Solution Manager, Standard Chartered
Very good and Interactive session.
Murugaraj, Development, Standard Chartered