I worked hard on the PHP security tutorial that I gave at OSCON this year, and I have been delighted by the attention it has been receiving since. The PHP Security Workbook that accompanied the talk is still a frequent recommendation among PHP sites worldwide, and people continue to express their interest in attending a similar course.
For those who don't have the time or money to attend this course at a conference (I'll be giving it next at ApacheCon in Las Vegas), Zend has a solution: Zend Online Training. These courses are delivered online using Interwise iClass. While this appears to be an excellent training platform, it only runs on Windows, which is a bummer. Personally, I'll be emulating Windows on my Apple PowerBook using VirtualPC (yes, I bought a Microsoft product to help me teach a security course). I realize that the platform restriction likely poses a problem for many PHP developers, but hopefully you can emulate Windows or borrow a friend's computer for a few hours.
I'll be giving a 3 hour course entitled Securing PHP Code, and the cost is only $99 (USD). The course is described as follows:
Security is critical to every PHP application - don't let insecure programming practices leave you vulnerable. Firewalls and secure servers cannot compensate for an insecure application, and the majority of the responsibility lies in the hands of the developer.
This class teaches secure programming practices by demonstrating common types of attacks and practical methods to defend against those attacks.
Through careful examination of each attack, you not only gain a better appreciation, but also a deeper understanding of the protective measures being discussed. You can use the best practices you learn in this class to improve the security of both your current and future PHP applications.
If you have 3 hours and $99 to spare, join me on 18 Oct 2004 at 11 AM EST (3 PM GMT) and learn how to improve the security of your PHP applications.