This course was created with the
course builder. Create your online course today.
Start now
Create your course
with
Autoplay
Autocomplete
Previous Lesson
Complete and Continue
PHP Security Mastery - Base
Welcome
Why PHP security is important
How to use this course
Help and contacts
Chapter 1 - Validation basics
Variable validation
Type checking
Integer checking
Float checking
Numbers limits
Text strings limits
JSON validation
JSON validation: example
String functions and filters
Custom validation functions
Regular expressions
Blacklists
Static and dynamic blacklists
Whitelists
Static and dynamic whitelists
Type casting for validation?
Quiz time
Chapter 2: Sessions security
Sessions attacks
Basic Fixation attacks
Two-step Fixation attacks
How to prevent Session Hijacking
How to mitigate Session Hijacking
One-time tokens
Session access timeout
Virtual Sessions
Sessions configuration
Quiz time
Chapter 3: XSS prevention
XSS attacks
Reflected and Stored XSS
How to prevent XSS attacks
HTML elements and sanitization
URLs sanitization
Nested contexts
Further steps
Quiz time
Chapter 4: Cross-Site Request Forgery (CSRF)
Introduction to CSRF
How to execute CSRF attacks
Anti-CSRF tokens
HTML-based tokens
Cookie-based tokens
Sessions login with Samesite Strict
Custom HTTP headers
Token timeout
Login CSRF attacks
Referer and Origin headers
Stateless tokens
Quiz time
Chapter 5: Remote file upload
File upload security
File name validation
File extension validation
Preventing name collisions
Forced file names
The files' size
File content validation
The upload location
Database file storage
Quiz time
Appendix: PHP configuration
Introduction
Execution control
Information exposure
Defense
Sessions
Session access timeout
Lesson content locked
If you're already enrolled,
you'll need to login
.
Enroll in Course to Unlock