OWASP Top 10 for PHP: A2 - Broken Authentication

Keeping your PHP applications secure doesn't have to be hard, you just need to be armed with the right knowledge. In this lesson you'll learn about authentication and one of the many potential types of issues: protecting secrets and credentials.

Topics Covered

In this lesson you'll learn:

  • The difference between authentication and authorization
  • How poor hashing could lead to credential exposure
  • Using bcrypt to protect secrets
  • Using the PHP password hashing functions to implement a more robust system

Learn in a Virtual Environment

In this lesson you'll be provided with a virtual environment where you can follow along and fix the code, giving you practical experience performing and fixing a SQL injection issue.

Your Instructor

Chris Cornutt
Chris Cornutt

For the last 12+ years, Chris has been involved in the PHP community in one way or another. These days he's the Senior Editor of PHPDeveloper.org, lead author for Websec.io, a site dedicated to teaching developers about security, and the Securing PHP project. He's also written for several PHP publications and has spoken at conferences in both the U.S. and Europe on security-related topics. He's also an organizer of the Dallas PHP User Group and the Lone Star PHP Conference and works as an Application Security Engineer for Duo Security.

Course Curriculum

  A2: Broken Authentication
Available in days
days after you enroll

Frequently Asked Questions

When does the course start and finish?
The course starts now and never ends! It is a completely self-paced online course - you decide when you start and when you finish.
How long do I have access to the course?
How does lifetime access sound? After enrolling, you have unlimited access to this course for as long as you like - across any and all devices you own.
What if I am unhappy with the course?
We would never want you to be unhappy! If you are unsatisfied with your purchase, contact us in the first 30 days and we will give you a full refund.

Get started now!