Michael SoileauAug 3, 2015

FREELessons: 20Length: 2.1 hours

Security PHP Web Development Composer Packagist JavaScript SQL Apache .htaccess

Next lesson playing in 5 seconds

Cancel

Overview
Transcript

3.5 Authentication

In this lesson, I cover authentication: how PHP handles session data, how to store session data and encrypt it, and how to use Redis as a session handler instead of the file system.

I’ll also show you how to make modifications to session cookies in order to prevent JavaScript manipulation of cookies, how to add entropy to the cookie to prevent a brute-force attack, and how to restrict cookies so that they are transmitted only over secure connections.

Related Links

SessionHandlerInterface

1.Introduction
1 lesson, 00:40

1.1
Introduction
00:40

2.The WidgetCorp App
4 lessons, 34:39

2.1
Introducing the App
10:09

2.2
Data Modeling
04:19

2.3
Development Environment Setup
10:32

2.4
Configuration Defaults
09:39

3.OWASP Top Ten
14 lessons, 1:31:43

3.1
Injection Attacks and Defenses (Reflected, PHP, and JavaScript)
07:38

3.2
Injection Attacks (Mail, File, and SQL)
05:16

3.3
Injection Defenses (File System, Mail)
15:04

3.4
MySQL Injection Defenses
02:46