https://github.com/ericmann/notes-tutorial

PHP Security Tutorial
https://github.com/ericmann/notes-tutorial

security-tutorial workshop

Last synced: 11 months ago
JSON representation

PHP Security Tutorial

• Host: GitHub
• URL: https://github.com/ericmann/notes-tutorial
• Owner: ericmann
• License: mit
• Created: 2020-01-26T19:03:47.000Z (over 6 years ago)
• Default Branch: master
• Last Pushed: 2025-04-02T18:39:01.000Z (about 1 year ago)
• Last Synced: 2025-04-02T19:30:26.008Z (about 1 year ago)
• Topics: security-tutorial, workshop
• Language: PHP
• Homepage:
• Size: 1.49 MB
• Stars: 0
• Watchers: 2
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# PHP Security Tutorial - Notes

This is an iterative workshop/tutorial explaining PHP security. It's divided into multiple _modules_, each of which is a standalone lesson as part of a three-hour workshop documented through [these slides] [slides].

Each module is broken into two directories:

- `/server` - The actual PHP server, runnable through `php -S localhost:8888 -t module-N/server`

- `/client` - A command line client, also written in PHP, which interacts with the server component.

## Installation

Composer dependencies are bundled in the repository to make it easier to clone and get started with this project. If for any reason you want to _update_ your dependencies, merely do so with `composer update`.

The first step is to install Composer dependencies by running `composer install` in the root directory of the tutorial.

The modules themselves are self-contained and share their dependencies.

## Understanding the Lessons

Each lesson is built to cover a specific topic regarding PHP security. As such, there are several placeholder @TODOs throughout the code that are meant for you to complete. Each is documented explaining what's expected from you to complete the task.

The lessons are structured into the following modules:

### 1. Credentials Management

`module-1`

- `.env` files

- Flat configuration files

### 2. Authentication

`module-2`

- Password management

- Password storage

- Password hashing

### 3. Session Management

`module-3`

- PHP session configuration

### 4. Data - Validation & Sanitization

`module-4`

- Input validation

- Output sanitization

### 5. Encryption

`module-5`

- File encryption

- Database encryption

- Blind indicies

[slides]: https://speakerdeck.com/ericmann/evolution-of-php-security-2024