• Online, Self-Paced
Course Description

This course teaches PHP programmers the security principles they need to know to build secure PHP applications. It covers programming principles for security in PHP such as proper session management, error handling, authentication, authorization, data storage, use of encryption and defensive programming as well as avoiding and mitigating vulnerabilities such as SQL Injections, Cross-Site Scripting (XSS), File Inclusion, Command Injection, Cross Site Request Forgery (CSRF) and Null Byte attacks. With interactive knowledge checks in each of the modules, after completing the course, the student will be able to program securely and defensively in PHP.

Learning Objectives

On successful completion of this course, learners should have the knowledge and skills to:

  • Use quotation marks correctly
  • Discuss techniques for handling return codes and exceptions
  • Canonicalize paths to identify the correct files
  • Identify dangerous functions to avoid
  • Apply techniques for preventing or mitigating injection vulnerabilities
  • Recognize that regular expressions must be handled carefully
  • Describe techniques to protect sensitive data

Framework Connections

The materials within this course focus on the Knowledge Skills and Abilities (KSAs) identified within the Specialty Areas listed below. Click to view Specialty Area details within the interactive National Cybersecurity Workforce Framework.