PHP 5.5 Zend Certification - PHP Security
4.3 (8 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
63 students enrolled
Wishlisted Wishlist

Please confirm that you want to add PHP 5.5 Zend Certification - PHP Security to your Wishlist.

Add to Wishlist

PHP 5.5 Zend Certification - PHP Security

A no-fluff focus on the certification syllabus
4.3 (8 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
63 students enrolled
Created by Andy Beak
Last updated 4/2016
English
Current price: $10 Original price: $20 Discount: 50% off
5 hours left at this price!
30-Day Money-Back Guarantee
Includes:
  • 1.5 hours on-demand video
  • 1 Article
  • 18 Supplemental Resources
  • Full lifetime access
  • Access on mobile and TV
What Will I Learn?
  • Prepare for the Zend 5.5 certification exam Security section
  • Know the syllabus requirements for certification
  • Know the important basics and where to find more information
  • Confidently answer questions on PHP security
View Curriculum
Requirements
  • You should have a year of professional experience or significant hobby experience in a C based language
Description

The PHP Zend certification is well recognised in the industry as a standard of knowledge for PHP engineers. It is a certification that shows that the programmer knows the ins and outs of the PHP programming language.

This course is the second in a series of courses designed to cover the exam syllabus. It focuses on the second of the three most important sections of the syllabus.

This course is designed for programmers with some programming experience (preferably in PHP) who want to prepare for their Zend Certified Engineer 5.5 exams.

This is not a beginners course and is not aimed at people who have no programming experience. It will be assumed that you are familiar with PHP syntax and have had some experience constructing sites.

This course includes quiz questions and PDF notes drawn from my book.

Who is the target audience?
  • This course is designed for developers who already have some experience with PHP and want to progress to certification
  • It is specifically NOT for people new to programming or who are not at all familiar with languages.
Students Who Viewed This Course Also Viewed
Curriculum For This Course
21 Lectures
01:23:20
+
Introduction
2 Lectures 06:00
+
Configuring PHP Securely
2 Lectures 13:44

After completing this lecture you should know about the PHP configuration settings that are used to improve security.   You'll know about the doc_root and open_basedir settings and how they differ.  You'll know about the cgi.force_redirect setting and how it helps to protect PHP when it runs as a CGI process.

Preview 09:59

Recap lecture - Configuration
03:45

Configuration quick quiz
8 questions
+
Session Security
2 Lectures 13:20

After this lesson you will be able to understand what session hijacking and session fixation are.  You'll know the various means of improving session security and be able to describe the PHP settings and functions that you can use to mitigate attacks. 

Session Security
05:52

Recap lecture - Session Security
07:28

Session security quick quiz
10 questions
+
The Cross attacks - Cross Site Scripting and Cross Site Request Forgeries
4 Lectures 17:39

After completing this lecture you will know about three types of XSS.  You'll know the PHP functions that will help you to escape HTML and reduce your vulnerability to these attacks.  You'll know the flags like ENT_QUOTES that can be used with the htmlentities() and htmlspecialchars() functions and when to use them.

Cross Site Scripting (XSS)
04:15

Recap lecture - XSS
06:18

XSS quick quiz
7 questions

Cross Site Request Forgery (CSRF)
02:34

Recap lecture - CSRF
04:32

CSRF quick quiz
6 questions
+
Injection attacks - SQL, code, and email
6 Lectures 17:43
SQL Injection
03:31

Recap lecture - Sql Injection
03:37

SQL injection quick quiz
5 questions

You will need to know about:

  • The PHP settings that allow you to include() or require() a file specified by a url
  • The /e tag for preg_replace() is deprecated in PHP 5.5 but is still a security risk because it will run
  • The preg_quote() function
  • The shellescapecmd() and shellescapeargs() functions that you should run when passing a variable to any of eval(), exec(), shell_exec(), and system()
Remote code injection
02:56

Recap lecture - Code injection
02:00

Code injection quick quiz
6 questions

You will need to know about:

  • the filter_var() function and the flags to use with it
  • htmlentities() and htmlspecialchars(), the differences between them, and the ENT_NO_QUOTES flag
  • strip_tags() and addslashes() as incomplete filtering and escaping
  • ctype_*() functions
  • Use database native escaping strings like mysqli_real_escape_string() instead of addslashes()
Filter Input / Escape Output
03:33

Recap lecture - Filter Input Escape Output
02:06

Filter input / Escape Output quick quiz
8 questions
+
Hashing and Encryption
2 Lectures 08:14

You will need to know:

  • The following functions:
    • password_hash()
    • password_info()
    • password_needs_rehash()
    • password_verify()
    • crypt() ... hash_equals() is PHP 5.6 only
  • You would use password_needs_rehash() to check the hash of a user conforms to your current method of hashing.  For example if you increase the cost of the algorithm then this function will let you know that you must rehash the users password.
  • The difference between encryption and hashing
  • PHP encryption is performed by the mcrypt() library (there is not much focus on it in the exam though)
Encryption and Hashing
05:01

Recap lecture - Hashing and Encryption
03:13

Hashing and Encryption quick quiz
8 questions
+
Managing file uploads
2 Lectures 06:02

You will need to know:

  • What the $_FILES superglobal contains
  • Which of the keys for the details of a file in $_FILES cannot be changed by the user
  • Use the is_uploaded_file() to check a file is uploaded and the user has not specified a filename pointing to a file on your server
  • Use the move_uploaded_file() to move the file from the temporary directory and not normal PHP file functions
  • basename() returns just the file part of a name, not the directory
  • finfo_file() is a function that can help you find the MIME type
  • Generate your own filename to save the file permanently as
  • PHP deletes temporary files when it finishes running
File uploads
02:49

Recap lecture - File uploads
03:13

File Uploads quick quiz
7 questions
+
We do it for the lulz
1 Lecture 00:40
Avoid publishing your password online
00:40
+
Quizzes
0 Lectures 00:00
Security Quiz 1
10 questions

Security Quiz 2
10 questions

Security Quiz 3
10 questions

Security Quiz 4
10 questions

Security Quiz 5
8 questions
About the Instructor
Andy Beak
4.0 Average rating
35 Reviews
364 Students
3 Courses
The PHP guy

Andy is a cloud software engineer employed at a tech company that produces internet television hardware and software.

Andy is a Zend Certified Engineer and an Amazon Web Services Certified Solutions Architect. He has designed and developed distributed scaleable applications using PHP as middleware. He has been responsible for reviewing pull requests to the master repository for his company as well as enforcing coding standards and practices.

Andy has been using PHP professionally for 6 years and has evolved with the language. He's currently busy rolling PHP7 out into the staging environment of his company's web servers.

Andy has written a guide to scaling PHP applications that is available on Amazon.