Evolution of PHP Security

Rivanna A

(This is a full-day training class that requires a separate ticket to attend.)

Regardless of reports to the contrary, PHP is a modern, scalable, secure programming language suitable for any number of applications. As with any other language or tool, PHP can only be used securely if the developers using it wield their tools safely.

This training class will walk through best practices in:

  • Password management (including hashing)
  • Credentials management (API keys)
  • Data encryption (both local and remote)
  • Data integrity (i.e., signing and authentication)
  • Server hardening

Attendees will leave with a better understanding of PHP and how to use it in secure applications.

Attendees should have an operable PHP environment before arriving (preferably PHP 7.2). They will be given a code repo to use during the training class which will demonstrate the principles being discussed and allows them to practice from-scratch implementations in code.

Attendees will need:

  • A local PHP installation, preferably 7.2 but 7.1 at the absolute minimum
  • The PHP installation must support SQLite with the PDO SQLite extension
  • If running 7.1, the Libsodium extension is required.

On a Mac, this can be fully satisfied with ‘brew install PHP’

On other systems, this can be accomplished using Docker: ‘docker pull PHP’

If you are using any other system installed with Homebrew or Docker, you are responsible for ensuring it’s functional and has support for both SQLite via PDO & Libsodium.

Intermediate Training