Michael SoileauAug 3, 2015Lessons: 20Length: 2.1 hours

Next lesson playing in 5 seconds

Overview
Transcript

3.9 Sensitive Data

Data leaked from an application can be used by malicious users to craft attacks.

In this lesson, I discuss using SSL and other cryptography standards to ensure that data cannot be leaked over transmission. We’ll also look at Apache SSL configuration directives.

I’ll show you how to use PHP’s built-in encryption algorithms to make the strongest password hash possible. You can transparently adjust this algorithm if it changes in the future, or if you need to change it for current users.

Finally, I’ll show you two different methods for encrypting data in PHP, either using SSL keys or Mcrypt.

Related Links

1.Introduction
1 lesson, 00:40

1.1
Introduction
00:40

2.The WidgetCorp App
4 lessons, 34:39

2.1
Introducing the App
10:09

2.2
Data Modeling
04:19

2.3
Development Environment Setup
10:32

2.4
Configuration Defaults
09:39

3.OWASP Top Ten
14 lessons, 1:31:43

3.1
Injection Attacks and Defenses (Reflected, PHP, and JavaScript)
07:38

3.2
Injection Attacks (Mail, File, and SQL)
05:16

3.3
Injection Defenses (File System, Mail)
15:04

3.4
MySQL Injection Defenses
02:46

3.5
Authentication
09:50

3.6
Broken Authentication and Session Management
04:08

3.7
Insecure Direct Access or Object Reference
05:20

3.8
Security Configuration
12:18