Evolution of PHP Security
PHP is a secure, modern programming language suitable for any number of applications. As with any other language or tool, PHP can only be used securely if the developers using it wield their tools safely.
This training class will walk through best practices in:
- password management (including hashing)
- credentials management (API keys)
- data encryption (both local and remote)
- data integrity (e.g., signing and authentication)
- server hardening
Attendees will leave with a better understanding PHP and how to use it in secure applications. Attendees should have an operable PHP environment before arriving (preferably PHP 7.2). They will be given a code repo to use during the training class which will demonstrate the principles being discussed and allow them to practice from-scratch implementations in code.
Attendees will need:
- A local PHP installation, preferably 7.2 but 7.1 at the absolute minimum
- The PHP installation must support SQLite with the PDO SQLite extension
- If running 7.1, the Libsodium extension is required.
On a Mac, this can be fully satisfied with ‘brew install PHP’
On other systems, this can be accomplished using Docker: ‘docker pull PHP’
If you are using any other system installed with Homebrew or Docker, you are responsible for ensuring it’s functional and has support for both SQLite via PDO & Libsodium.