PHP Web Security - From Exploitation to Correction
The target attendee is a PHP developer that is not already aware of security methods and/or want to have an overview of the attacker's perspective.
By the end of the training, the participant will be able to understand the mechanics of a real attack, to identify the flawed code, to evaluate the impact and to apply the necessary corrections.
Covered Topics
In the form of a workshop, each part is an exercise for the participants with custom examples in PHP, Drupal, Symfony and Zend.
- Introduction to security
- Injection principles
- Tools and testing methods
- Find and correct vulnerabilities
The following steps will be iterative over multiple examples according to the preferences of participants:- Flaw: Finding and understanding
- Attack: Guided exploitation of found vulnerability
- Solution: Secure application principles and correction
- Verification: Validation test of the corrected vulnerability
- Conclusion on acquired knowledge
The training includes a Linux Live CD (DVD, USB or ISO file) that contains the testing environment, tools, examples and solutions.
Requirements: a laptop with a DVD drive, USB port or a virtualization solution (VirtualBox is recommended).
Jonathan Marcil
Coming from a diverse background from local SMEs to American big tech companies, Jonathan is involved in Montreal security community as part of NorthSec as a CTF challenge designer. He is passionate about Application Security and enjoys architecture analysis, code review, threat modeling and debunking security tools. Jonathan holds a bachelor's degree in Software Engineering from ETS Montreal and has 20 years of experience in Information Technology and Security.
Sponsored by
Media
