Top PHP Secure Coding Practices for a Team
This whitepaper will discuss basic PHP secure coding practices that should be followed when working in a team environment. In this paper you will learn how to write code that is protected from the most common types of attacks including file uploads, SQL injection, XSS, CSRF and other injection attacks. Best practices for session management, error handling, proper password protection and protection against remote code execution are also covered in detail.
[download]Click Here to Download[/download]
Prateek Gianchandani
Prateek Gianchandani, a recent IIT graduate, has interests in the field of Penetration Testing, Web Application Security and Intrusion Detection. He is currently a researcher for InfoSec Institute. In the past he has worked for security-based startups. You can contact him at prateek.searchingeye@gmail.com and on twitter @prateekg147 or you can visit his personal website at highaltitudehacks.com
- Top PHP Secure Coding Practices for a Team
- DevSecOps Tools of the trade
- Secure software deployment for APIs
- Software dependencies: The silent killer behind the world’s biggest attacks
- Software composition analysis and how it can protect your supply chain
- Only 20% of new developers receive secure coding training, says report
- Container security implications when using Iron vs VM vs cloud provider infrastructures
- Introduction to Secure Software Development Life Cycle
- How to implement common logic constructs such as if/else/loops in x86 assembly
- How to control the flow of a program in x86 assembly
- Mitigating MFA bypass attacks: 5 tips for developers
- How to diagnose and locate segmentation faults in x86 assembly
- How to use the ObjDump tool with x86
- Debugging your first x86 program
- How to build a program and execute an application entirely built in x86 assembly
- Overview of common x86 instructions
- x86 basics: Data representation, memory and information storage
- What is x86 assembly?
- Introduction to x86 assembly and syntax
- Introduction to variables
- How to mitigate Race Conditions vulnerabilities
- How to avoid Cryptography errors
- Cryptography errors Exploitation Case Study
- How to exploit Cryptography errors in applications
- Race Conditions Exploitation Case Study
- How to exploit race conditions
- Email-based attacks with Python: Phishing, email bombing and more
- Attacking Web Applications With Python: Recommended Tools
- Attacking Web Applications With Python: Exploiting Web Forms and Requests
- Attacking Web Applications With Python: Web Scraper Python
- Python for Network Penetration Testing: Best Practices and Evasion Techniques
- Python for network penetration testing: Hacking Windows domain controllers with impacket Python tools
- Python Language Basics: Variables, Lists, Loops, Functions and Conditionals
- How to Mitigate Poor HTTP Usage Vulnerabilities
- Poor HTTP Usage Exploitation Case Study
- How to Exploit Poor HTTP Usage
- Introduction to HTTP (What Makes HTTP Vulnerabilities Possible)
- How to Mitigate Integer Overflow and Underflow Vulnerabilities
- Integer Overflow and Underflow Exploitation Case Study
- How to exploit integer overflow and underflow
- Introduction to Parallel Processing
- What are Race Conditions?
- How Are Credentials Used In Applications?
- How To Mitigate Least Privilege Vulnerabilities
- How To Exploit Least Privilege Vulnerabilities
- Why Are Privileges Important For Secure Coding?
- XSS Vulnerabilities Exploitation Case Study
- What is is integer overflow and underflow?
- SQL Injection Vulnerabilities Exploitation Case Study
- SQL Injection Vulnerabilities: Types and Terms
- Introduction to Databases (What Makes SQL Injections Possible)