Workshop in English - US at CascadiaPHP 2024
Track Name:
Willamette
View Slides: https://speakerdeck.com/ericmann/evolution-of-php-security-25aef7bb-a2f7-427f-971e-8461f5c42a36
Checkout the code: https://github.com/ericmann/notes-tutorial
Short URL: https://joind.in/talk/8d532
(QR-Code (opens in new window))
Regardless of reports to the contrary, PHP is a modern, scalable, secure programming language suitable for any number of applications. As with any other language or tool, PHP can only be used securely if the developers using it wield their tools safely.
This training class will walk through best practices in:
Password management (including hashing)
Credentials management (API keys)
Data encryption (both local and remote)
Data integrity (i.e., signing and authentication)
Server hardening
Attendees will leave with a better understanding of PHP and how to use it in secure applications.
Attendees should have an operable PHP environment before arriving. They will be given a code repo to use during the training class which will demonstrate the principles being discussed and allows them to practice from-scratch implementations in code.
Comments
Please login to leave a comment
You are never finished learning about security
I picked up so many tricks here on PHP security. I really like the git project broken into modules, a solid README, and easy-to-find TODOs. I also like that the code base is very real world and it was so easy to get started.
One suggestion in future workshops would be to include success criteria. I frequently went in rabbit holes of trying to see if I was successful with my code changes.