by Doug Bierer | Publisher: Infinite Skills | Release Date: October 2013 | ISBN: 9781771371636

In this PHP Security training video, expert author Doug Bierer teaches you about the primary security considerations that can affect a PHP website, and how you can take preventative measures. This course is designed for users that already have a working knowledge of PHP and MySQL, and who develop PHP-based websites that contain sensitive or financial information. You will start by learning about the most common forms of attack and what the consequences can be when your website is not protected. You will then move into learning about the filtering and validation functions in PHP, and why you should use them. Doug will teach you how you can protect your website against common website vulnerabilities and how to protect file uploads. Finally, this video tutorial will teach you how to protect against SQL injection attacks, and covers topics such as database escaping, using prepared statements, and protecting a MySQL database. By the completion of this video based training course, you will have the knowledge required to ensure your website is secure against attacks and free of vulnerabilities. Working files are included, allowing you to follow along with the author throughout the lessons.

1. Getting Started
   • What Does The Course Cover? 00:09:33
   • How To Set Up For The Course 00:04:43
2. Nature And Scope Of The Problem
   • What Is The Threat? - Part 1 00:04:54
   • What Is The Threat? - Part 2 00:05:34
   • What Are The Consequences When A Website Is Not Protected Against Attacks? 00:03:19
   • Most Common Forms Of Attack - Part 1 00:05:58
   • Most Common Forms Of Attack - Part 2 00:05:42
   • Most Common Vulnerabilities Attackers Can Exploit 00:10:09
   • Helpful Resources 00:06:09
   • Lab: Hacking Into Sweets Complete - Instructions 00:03:42
   • Lab: Hacking Into Sweets Complete - Solution 00:03:42
3. Understanding Filtering, Validation, And Output Escaping
   • What Is Filtering, Validation, Output Escaping, And Why Do It? 00:09:37
   • PHP Filtering Functions And Techniques 00:09:44
   • PHP Validation Functions And Techniques 00:10:13
   • PHP Output Escaping Functions 00:04:40
   • Using filter_var() To Filter And Validate 00:06:30
   • Lab: Filtering And Validating Posted Form Data - Instructions 00:04:24
   • Lab: Filtering And Validating Posted Form Data - Solutions 00:07:14
4. Preventing The Most Common Forms Of Attack
   • Cross-Site Scripting Attacks - Part 1 00:09:02
   • Cross-Site Scripting Attacks - Part 2 00:04:17
   • Cross-Site Scripting Attacks - Part 3 00:09:36
   • Session Hijacking And Forgery Attacks - Part 1 00:05:23
   • Session Hijacking And Forgery Attacks - Part 2 00:09:37
   • Remote Code Injection Attacks - Part 1 00:07:05
   • Remote Code Injection Attacks - Part 2 00:06:37
   • Lab: Improving Security On An Existing Website - Instructions 00:02:39
   • Lab: Improving Security On An Existing Website - Solutions 00:08:17
5. Protecting Against Common Website Vulnerabilities
   • Unplanned Information Disclosure - Part 1 00:06:46
   • Unplanned Information Disclosure - Part 2 00:08:44
   • Predictable Resource Location 00:07:37
   • Insufficient Authorization 00:06:42
   • Improper Access Controls 00:11:01
   • Avoiding Misconfiguration 00:11:34
   • Protecting File Uploads 00:06:37
   • Lab: Improving Security On An Existing Website - Instructions 00:03:09
   • Lab: Improving Security On An Existing Website - Solutions 00:06:31
6. Protecting Against SQL Injection Attacks
   • How Can You Protect A MySQL Database? 00:05:42
   • MySQL Database Escaping And Quoting 00:03:44
   • Using Prepared Statements 00:06:59
   • Lab: Protecting A MySQL Database Against SQL Injection - Instructions 00:02:23
   • Lab: Protecting A MySQL Database Against SQL Injection - Solutions 00:04:50
7. About The Author
   • Wrap Up 00:03:29
   • About The Author 00:03:32