Traning Bascic PHP Security Web Development diadakan
sebanyak 4 kali petemuan dengan terlebih dahulu
melakukan registrasi untuk manjadi peserta traning ini.

target :

  • Pengenalan terhadap prinsip sekuriti dan best practices dalam pemrograman
  • Dapat menulis kode program yang aman (secure code) dengan memanfaatkan fasilitas dari PHP

diharapkan dari syllabus ini peserta akan mendapat
gambaran sehingga bisa lebih optimal dalam mencapai target.

1. Introduction
PHP Features
Principles
Practices

2. Forms and URLs
Forms and Data
Semantic URL Attacks
File Upload Attacks
Cross-Site Scripting
Cross-Site Request Scripting
Spoofed Form Submission
Spoofed HTTP Requests

3. Database and SQL
Exposed Access Credentials
SQL Injection
Exposed Data

4. Sessions and Cookies
Cookie Theft
Exposed Session Data
Session Fixation
Session Hijacking

5. Includes
Exposed Source Code
Backdoor URLs
Filename Manipulation
Code Injection

6. Files and Commands
Traversing the Filesystem
Remote File Risks
Command Injection

7. Authentication and Authorization
Brute Force Attacks
Password Sniffing
Replay Attacks
Persistent Logins

8. Shared Hosting
Exposed Source Code
Exposed Session Data
Session Injection
Filesystem Browsing
Safe Mode

9. Miscelleneous
Configuration Directives
Functions
Cryptography