PHP 5.5 Zend Certification - PHP Security

A no-fluff focus on the certification syllabus
4.1 (4 ratings)
Instead of using a simple lifetime average, Udemy calculates a
course's star rating by considering a number of different factors
such as the number of ratings, the age of ratings, and the
likelihood of fraudulent ratings.
28 students enrolled
25% off
Take This Course
  • Lectures 21
  • Length 1.5 hours
  • Skill Level Intermediate Level
  • Languages English
  • Includes Lifetime access
    30 day money back guarantee!
    Available on iOS and Android
Wishlisted Wishlist

How taking a course works


Find online courses made by experts from around the world.


Take your courses with you and learn anywhere, anytime.


Learn and practice real-world skills and achieve your goals.

About This Course

Published 4/2016 English

Course Description

The PHP Zend certification is well recognised in the industry as a standard of knowledge for PHP engineers. It is a certification that shows that the programmer knows the ins and outs of the PHP programming language.

This course is the second in a series of courses designed to cover the exam syllabus. It focuses on the second of the three most important sections of the syllabus.

This course is designed for programmers with some programming experience (preferably in PHP) who want to prepare for their Zend Certified Engineer 5.5 exams.

This is not a beginners course and is not aimed at people who have no programming experience. It will be assumed that you are familiar with PHP syntax and have had some experience constructing sites.

This course includes quiz questions and PDF notes drawn from my book.

What are the requirements?

  • You should have a year of professional experience or significant hobby experience in a C based language

What am I going to get from this course?

  • Prepare for the Zend 5.5 certification exam Security section
  • Know the syllabus requirements for certification
  • Know the important basics and where to find more information
  • Confidently answer questions on PHP security

Who is the target audience?

  • This course is designed for developers who already have some experience with PHP and want to progress to certification
  • It is specifically NOT for people new to programming or who are not at all familiar with languages.

What you get with this course?

Not for you? No problem.
30 day money back guarantee.

Forever yours.
Lifetime access.

Learn on the go.
Desktop, iOS and Android.

Get rewarded.
Certificate of completion.


Section 1: Introduction
The certification syllabus
Section 2: Configuring PHP Securely

After completing this lecture you should know about the PHP configuration settings that are used to improve security.   You'll know about the doc_root and open_basedir settings and how they differ.  You'll know about the cgi.force_redirect setting and how it helps to protect PHP when it runs as a CGI process.

Recap lecture - Configuration
Configuration quick quiz
8 questions
Section 3: Session Security

After this lesson you will be able to understand what session hijacking and session fixation are.  You'll know the various means of improving session security and be able to describe the PHP settings and functions that you can use to mitigate attacks. 

Recap lecture - Session Security
Session security quick quiz
10 questions
Section 4: The Cross attacks - Cross Site Scripting and Cross Site Request Forgeries

After completing this lecture you will know about three types of XSS.  You'll know the PHP functions that will help you to escape HTML and reduce your vulnerability to these attacks.  You'll know the flags like ENT_QUOTES that can be used with the htmlentities() and htmlspecialchars() functions and when to use them.

Recap lecture - XSS
XSS quick quiz
7 questions
Cross Site Request Forgery (CSRF)
Recap lecture - CSRF
CSRF quick quiz
6 questions
Section 5: Injection attacks - SQL, code, and email
SQL Injection
Recap lecture - Sql Injection
SQL injection quick quiz
5 questions

You will need to know about:

  • The PHP settings that allow you to include() or require() a file specified by a url
  • The /e tag for preg_replace() is deprecated in PHP 5.5 but is still a security risk because it will run
  • The preg_quote() function
  • The shellescapecmd() and shellescapeargs() functions that you should run when passing a variable to any of eval(), exec(), shell_exec(), and system()
Recap lecture - Code injection
Code injection quick quiz
6 questions

You will need to know about:

  • the filter_var() function and the flags to use with it
  • htmlentities() and htmlspecialchars(), the differences between them, and the ENT_NO_QUOTES flag
  • strip_tags() and addslashes() as incomplete filtering and escaping
  • ctype_*() functions
  • Use database native escaping strings like mysqli_real_escape_string() instead of addslashes()
Recap lecture - Filter Input Escape Output
Filter input / Escape Output quick quiz
8 questions
Section 6: Hashing and Encryption

You will need to know:

  • The following functions:
    • password_hash()
    • password_info()
    • password_needs_rehash()
    • password_verify()
    • crypt() ... hash_equals() is PHP 5.6 only
  • You would use password_needs_rehash() to check the hash of a user conforms to your current method of hashing.  For example if you increase the cost of the algorithm then this function will let you know that you must rehash the users password.
  • The difference between encryption and hashing
  • PHP encryption is performed by the mcrypt() library (there is not much focus on it in the exam though)
Recap lecture - Hashing and Encryption
Hashing and Encryption quick quiz
8 questions
Section 7: Managing file uploads

You will need to know:

  • What the $_FILES superglobal contains
  • Which of the keys for the details of a file in $_FILES cannot be changed by the user
  • Use the is_uploaded_file() to check a file is uploaded and the user has not specified a filename pointing to a file on your server
  • Use the move_uploaded_file() to move the file from the temporary directory and not normal PHP file functions
  • basename() returns just the file part of a name, not the directory
  • finfo_file() is a function that can help you find the MIME type
  • Generate your own filename to save the file permanently as
  • PHP deletes temporary files when it finishes running
Recap lecture - File uploads
File Uploads quick quiz
7 questions
Section 8: We do it for the lulz
Avoid publishing your password online
Section 9: Quizzes
Security Quiz 1
10 questions
Security Quiz 2
10 questions
Security Quiz 3
10 questions
Security Quiz 4
10 questions
Security Quiz 5
8 questions

Students Who Viewed This Course Also Viewed

  • Loading
  • Loading
  • Loading

Instructor Biography

Andy Beak, The PHP guy

Andy is a cloud software engineer employed at a tech company that produces internet television hardware and software.

Andy is a Zend Certified Engineer and an Amazon Web Services Certified Solutions Architect. He has designed and developed distributed scaleable applications using PHP as middleware. He has been responsible for reviewing pull requests to the master repository for his company as well as enforcing coding standards and practices.

Andy has been using PHP professionally for 6 years and has evolved with the language. He's currently busy rolling PHP7 out into the staging environment of his company's web servers.

Andy has written a guide to scaling PHP applications that is available on Amazon.

Ready to start learning?
Take This Course