Find online courses made by experts from around the world.
Take your courses with you and learn anywhere, anytime.
Learn and practice real-world skills and achieve your goals.
This course teaches the programmers on how to exploit(hack) and defend against various attacks on PHP language. The course is designed around OWASP Top10 which is common standard which is used in design, architecture, testing of web applications.
The course contains video/audio lectures. It has Theory on PHP programming(Exploit, Defense) . It also has Demos of exploitation and Defense. It gives students practical insight into coding web application in PHP securely.
We recommend students to study the course over a period of 15 days and attempt the quiz at the end of the period. we also recommend students to study various resource material available on the internet in various forums including OWASP official website.
The course is structured according to OWASP Top 10 from A1 to A10. In each of the OWASP Top10 sessions we have categorized presentation, exploitation, defense.
Any programmer who is programming in PHP, should take this course. Secure PHP programmers are prefered by organisations across the globe.
Not for you? No problem.
30 day money back guarantee.
Learn on the go.
Desktop, iOS and Android.
Certificate of completion.
|Section 1: Injection(A1) - OWASP Top10|
Injection - OWASP Top10 (A1) - PresentationPreview
Blind SQL Injection PresentationPreview
Time based SQLI
Union Exploitation Technique
SQL Injection Union - Demo - Exploitation
SQL Injection Login Bypass - Demo
SQL Injection - Demo - Defense
|Section 2: Injection(A1) - Command Injection|
Command Injection Presentation
Command Injection - Demo
Command Injection Prevention - Demo
|Section 3: Injection(A1) - XML & XPath Injection|
XML & XPath Injection Presentation
XPath Injection - Demo
XPath Injection Prevention - Demo
|Section 4: Injection(A1) - PHP Code Injection|
PHP Code Injection Presentation
PHP Code Injection Demo
PHP Code Injection Prevention
|Section 5: Injection(A1) - PHP Object Injection|
PHP Object Injection Presentation
PHP Object Injection Demo 1
PHP Object Injection Demo 2
PHP Object Injection Prevention
|Section 6: Injection(A1) - SSI Injection|
SSI Injection Presentation
SSI Injection Demo
SSI Injection Prevention
|Section 7: Injection(A1) - LDAP Injection|
LDAP Injection Presentation
|Section 8: Injection(A1) - HTML Injection|
HTML Injection Presentation
HTML Injection Demo
|Section 9: Broken Authentication and Session Management(A2) - OWASP Top10|
Broken Authentication and Session Management - OWASP Top10(A2) - Presentation
Broken Authentication and Session Management - Demo - Exploit
|Section 10: Cross-Site Scripting (XSS) - A3 - OWASP Top10|
Cross Site Scripting(XSS) - Introduction
Cross Site Scripting - Reflected
Cross Site Scripting - Demo - Reflected - Get
Cross Site Scripting(XSS) - Demo - Reflected - Post
Cross Site Scripting(XSS) Stored - Presentation
Cross Site Scripting(XSS) - Demo - Stored
|Section 11: Cross Site Scripting - A3 - Defense|
Cross-Site Scripting (XSS) - OWASP Top10 - Presentation - Defence
Cross-Site Scripting (XSS) - FIlters
Cross Site Scripting(XSS) - HTTP Flag
Cross Site Scripting - Demo - Modsecurity
|Section 12: Insecure Direct Object References - A4 - OWASP Top10|
Insecure Direct Object Reference - OWASP Top10 - A4 - Presentation
Insecure Direct Object Reference -DEMO- Exploitation
Insecure Direct Object Reference - Demo - Defense
|Section 13: Security Misconfiguration - A5 - OWASP Top10|
Security Misconfiguration - OWASP Top10 - A5 - Presentation
Security Misconfiguration - Demo - Exploit
Security Misconfiguration - Demo - Defense
|Section 14: Sensitive Data Exposure - A6 - OWASP Top10|
Sensitive Data Exposure - OWASP Top10 - A6 - Presentation
Sensitive Data Exposure - A6 - Demo - Exploit
Sensitive Data Exposure - A6 - Demo - Defense
|Section 15: Missing Function Level Access Control - A7 - OWASP Top10|
Missing Function Level Access Control - OWASP Top10 - A7 - Presentation
Missing Function Level Access Control - Demo - Exploitation(1)
Missing Function Level Access Control - Demo - Exploitation(2)
Missing Function Level Access Control - Demo - Defence
|Section 16: Cross-Site Request Forgery (CSRF) - A8 - OWASP Top10|
Cross-Site Request Forgery (CSRF) - OWASP Top10 - A8 - Presentation
Cross-Site Request Forgery (CSRF) - OWASP Top10 - A8 - Defense Presentation
CSRF - Demo - Get Exploit
CSRF - Demo - Get Defence
CSRF - Demo - Post Exploit
CSRF - Demo - Post Defence
|Section 17: Using Components with Known Vulnerabilities - A9 - OWASP Top10|
Using Components with Known Vulnerabilities - OWASP top10 - A9 - Presentation
Using components with Known Vulnerabilities - A9 - Demo
|Section 18: Unvalidated Redirects and Forwards - A10 - OWASPTop10|
Unvalidated Redirects and Forwards - OWASP Top10 - A10 - Presentation
Unvalidated Redirects and Forwards - OWASP Top10 - A10 - Presentation Defense
Unvalidated Redirects and Forwards - Demo - Exploit
Unvalidated Redirects and Forwards - Demo - Defense
|Section 19: Certification|
|Quiz 1||10 questions|
This is the Hacking & Securing PHP (OWASP Top10 A1 - A10)
Cyber Security and Privacy Foundation Pte Ltd. is a Consulting, Services & Training Company based in Singapore. We do Vulnerability Assessment, Penetration Testing, Web Application Security Testing, Mobile Application Security Testing and Cyber Security Training. We do zero day security assessment and APT analysis and technical security certifications for organisation.
Cyber Security & Privacy Foundation, India is setup with objective to do non commercial work. It has around 14000+ members and almost 9000+ students and CISO's of major companies on its board. We are involved in active research in field on cyber security, web portal security management, product research which is useful for all computer users.
J Prasanna : 20+ year full time experience in field of computer security. He has worked for anti virus companies & run my own consulting companies. He have worked on standards implementation, consulting, testing, handled team of security experts, coders & networking experts. Can provide value to any organization by thinking out of box,implementing ideas from conceptual stage. Great networking ability, have handled media relating to Cyber security issue on many occasions and good at training(both technical, non technical subjects). Taking ownership, delivering results, crisis management and cross functional skills are key strengths.
Specialties: Managing technical team, handling delivery & taking ownership of team. Virus analysis, Antivirus & Security products testing, Application security design & review, Secure enterprise architecture & design, ISO 27001 Standards implementation, Training. Presented in various CII conference on Cyber Security and Defense IT consultative committee(DITCC). He has Got numerous commendations from Indian army. He has done guest lecturing for various law enforcement and military academy in india.