How to use this course
PHP Security Mastery is organized into chapters, each of them focusing on one specific topic.
You should go through the chapters in the proposed order unless you already have a solid security background.
The first chapter, variable validation, is especially important for beginners because it explains some fundamental security concepts that will be used throughout the course.
Chapters are organized in lessons.
Each lesson, with a few exceptions, follows an "Introduction - Solution - Example" pattern:
- First, a specific problem is introduced (a vulnerability, a defense technique, a type of attack...). The problem is explained so you can clearly understand what it is about, without going into unnecessary theoretical details.
- Then, the practical solution to the problem is provided (a defense strategy, a technique implementation...). Where possible, the solution's PHP implementation is provided too.
- Finally, one or more examples show how it all works.
Lessons are written in an easy and accessible language. However, it's important that you stay focused on the lesson to understand each word or line of code.
Studying without distractions will make you finish the course earlier and learn more.
Install a local development environment
In this course you will find a lot of code examples.
I strongly advise you try replicate all the examples and make your own tests to better understand the lessons.
The best way to do that is to install a local development environment.
A local development environment will provide you with an "AMP" system: Apache (or another HTTP server), MySQL (or MariaDB, which is equivalent in this context) and of course PHP.
PHP version 7.3.0 or higher is recommended.
There are many free development environments you can use, for both Windows and Mac (if you are using Linux, you probably already know your way...)
Popular environments include:
XAMPP (Windows and Mac)
MAMP (Windows and Mac)
If you have an online hosting server, you can also use that for your tests. However, keep in mind that you may not be allowed to edit your PHP configuration. A local development environment is still the preferred choice.
I have prepared three connection scripts you can use to connect to your environment's MySQL server:
- mysqli_proc.php is a procedural-style, MySQLi connection script.
- mysqli_oop.php is an OOP-style, MySQLi connection script.
- pdo_oop.php is an OOP-style, PDO connection script.
You can download them from the link at the end of this page.
Use the one you prefer. Make sure to edit them to make them work with your own configuration (refer to the local development environment documentation).
The knights and the blackboard images used in this course have been downloaded from FreePik: