PHP Web Security - From Exploitation to Correction
The target attendee is a PHP developer that is not already aware of security methods and/or want to have an overview of the attacker's perspective.
By the end of the training, the participant will be able to understand the mechanics of a real attack, to identify the flawed code, to evaluate the impact and to apply the necessary corrections.
Covered Topics
In the form of a workshop, each part is an exercise for the participants with custom examples in PHP, Drupal, Symfony and Zend.
- Introduction to security
- Injection principles
- Tools and testing methods
- Find and correct vulnerabilities
The following steps will be iterative over multiple examples according to the preferences of participants:- Flaw: Finding and understanding
- Attack: Guided exploitation of found vulnerability
- Solution: Secure application principles and correction
- Verification: Validation test of the corrected vulnerability
- Conclusion on acquired knowledge
The training includes a Linux Live CD (DVD, USB or ISO file) that contains the testing environment, tools, examples and solutions.
Requirements: a laptop with a DVD drive, USB port or a virtualization solution (VirtualBox is recommended).
Jonathan Marcil
JM International
Jonathan is an Application Security Consultant, has published on the topic of threat modeling and is involved in NorthSec, an applied computer security event in Montreal. He is passionate about Application Security and enjoys architecture analysis, code review, cloud security and debunking security tools. Jonathan holds a bachelor's degree in Software Engineering from ETS Montreal and has 20 years of experience in Information Technology and Security.
Commandité par
Média
