This YouTube series from Codecourse gives you a good overview of the most common PHP security issues. They use a very practical approach, showing how the attacks are done and how to protect your code from them.
This course is a series of useful tips and tutorials around the basics of PHP security, which makes it really accessible to all levels of PHP developers.
And, although most of these security problems are already taken care if you use a modern MVC framework like Laravel or Symfony, it’s always good to be aware of how they work and how they are protected within those frameworks.
PHP Security Series Contents:
- Include/require file extensions – 3:10
- XSS (Cross-site Scripting) – 14:59
- Password hashing – 7:47
- Directory listing – 3:10
- HttpOnly Cookies – 3:52
- What you shouldn’t store in cookies – 3:51
- CSRF (Cross-site Request Forgery) – 11:32
- User defined file includes – 6:51
- SQL Injection – 9:16
- Error Reporting – 5:53
Total Time – ~1:10:00