With more and more companies falling victim to data theft, you’ve probably read the list of things (not) to do to write secure code. But what else should you do to make sure your code and the rest of your web stack is secure ? In this tutorial we’ll go through the basic and more advanced techniques of securing your web and database servers, securing your backend PHP code and your frontend javascript code. We’ll also look at how you can build code that detects and blocks intrusion attempts and a bunch of other tips and tricks to make sure your customer data stays secure.

This is a 2-day training course (14h) which will cover the following subjects :

  • Most common attacks and how they work exactly
    • SQL Injection (and other injections)
    • Session fixation, hijacking
    • XSS
    • CSRF
  • Validation vs filtering
  • Proper escaping
  • Clickjacking and other modern attacks
  • Authentication and access control
  • Protecting the web stack
  • Bot / flood protection
  • Intrusion detection
  • Correct data storage (password hashing, encryption, …)
  • 2 factor authentication
  • Restricting secure files
  • Protecting your infrastructure (web, DNS, caching environments, …)
  • Properly securing your database (MySQL as example)
  • GDPR compliancy and privacy control
  • You’ve been hacked… now what ?


€ 950 per person

Class format & requirements

This is a classroom training course. Participants should have a computer with root/administrative access in order to install tools that will be used during the training course.

Code samples and exercises will be provided during the training course.