Working with popular PHAR packages (PHP Archive, JAR similar to Java):
- Creating a PHAR archive from your own application,
- Starting .phar,
- Using compression,
- Security against modification, etc.
Secure sensitive information in web applications:
- Safe hash vs. recently broken algorithms,
- Automatic salting from PHP 7+,
- New hash algorithm in PHP 7.2+ using memory requirements,
- How to break data, etc.
Revolutionary cross-platform library Sodium with modern cryptographic features:
- Base usage from PHP 7.2+,
- Installation from PECL for PHP 7+.
Symmetric and asymmetric encryption in PHP:
- With Sodium extension (password vs. secret key, nonce, public key)
- With an OpenSSL alternative, to the newly removed extensions mcrypt from PHP 7.2.
Replay attack and nonce protection when encrypted.
The most current security threats to web applications and their protection in PHP:
- Cross-site Scripting (XSS),
- SQL injection and protection through Prepared Statements,
- Web Parameter Tampering,
- Injection of PHP code in web applications,
- Local File Inclusion, Remote File Inclusion,
- Path Traversal,
- PHP object injection and deserialization protection in PHP 7+.
Validation of user input in PHP 7.
Tools for tracking and modifying HTTP (S) communications, using sniffing tools to control web application security.
Creating a web application in accordance with GDPR:
- Identification of sensitive (general and special personal) data,
- Methods of their protection,
- Pseudonimization and anonymization of sensitive data, PHP creation of GDPR compliant web applications.
Sensitive data from geolocation and work with EXIF, protection against abuse according to GDPR.
