13 au 15 mars, 2019
Hôtel Bonaventure
PHP Application Security
PHP Application Security
Web security is an ever-changing landscape. Protect your infrastructure and your sensitive data with this 1-day training. We'll start with the theory behind application hardening. We will then go through a multitude of common vulnerabilities, along with concrete examples. We will implement solutions together in PHP. We'll finish with an interactive risk assessement session.
This training includes the OWASP top 10 and satisfies PCI DSS Requirement 6.5.
Web security is an ever-changing landscape. Protect your infrastructure and your sensitive data with this 1-day training. We'll start with the theory behind application hardening. We will then go through a multitude of common vulnerabilities, along with concrete examples. We will implement solutions together in PHP. We'll finish with an interactive risk assessement session.
This training includes the OWASP top 10 and satisfies PCI DSS Requirement 6.5.
Course outline:
- Application hardening basics
- Injection
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken access control
- Security misconfiguration
- Cross-site scripting (XSS)
- Insecure deserialization
- Using components with known vulnerabilities
- Insufficient Logging & Monitoring
- Buffer overflows
- Cross-site request forgery
- Vulnerability identification and classification
- Threat modeling
Anna Filina
Filina Consulting
Anna has been a web developer since 1997. In her long consulting career, she developed an expertise in refactoring very old applications to be modern and testable. She is passionate about sharing her skills with fellow developers through her blog, YouTube channel, conferences and various articles. Anna also has an eye for technical debt, for which she then devises strategies that save companies a lot of money.
Montréal 2019 sponsored by
