Elevator Pitch
PHP is a secure, modern programming language suitable for any number of applications. However, PHP can only be used securely if developers wield their tools safely. This training class will cover: * Password & credentials management * Encryption and authentication * Server hardening
Description
Regardless of reports to the contrary, PHP is a modern, scalable, secure programming language suitable for any number of applications. As with any other language or tool, PHP can only be used securely if the developers using it wield their tools safely.
This training class will walk through best practices in:
- Password management (including hashing)
- Credentials management (API keys)
- Data encryption (both local and remote)
- Data integrity (i.e. signing and authentication)
- Server hardening
Attendees will leave with a better understanding PHP and how to use it in secure applications.
Notes
Encryption/Signing will be leveraging Sodium, so this will focus on the newer versions of PHP (with the Pecl module supporting 7.0/7.1). Attendees should have an operable PHP environment before arriving, preferably PHP 7.2! They will be given a code repo to use during the training class that will both demonstrate the principles being discussed and allow them to practice from-scratch implementations in code.