OWASP Top 10 for PHP: A2 - Broken Authentication
Keeping your PHP applications secure doesn't have to be hard, you just need to be armed with the right knowledge. In this lesson you'll learn about authentication and one of the many potential types of issues: protecting secrets and credentials.
In this lesson you'll learn:
- The difference between authentication and authorization
- How poor hashing could lead to credential exposure
- Using bcrypt to protect secrets
- Using the PHP password hashing functions to implement a more robust system
Learn in a Virtual Environment
In this lesson you'll be provided with a virtual environment where you can follow along and fix the code, giving you practical experience performing and fixing a SQL injection issue.
For the last 12+ years, Chris has been involved in the PHP community in one way or another. These days he's the Senior Editor of PHPDeveloper.org, lead author for Websec.io, a site dedicated to teaching developers about security, and the Securing PHP project. He's also written for several PHP publications and has spoken at conferences in both the U.S. and Europe on security-related topics. He's also an organizer of the Dallas PHP User Group and the Lone Star PHP Conference and works as an Application Security Engineer for Duo Security.