Mon To Friday
10am to 5pm Including lunch break) Monday to Friday
14-18th July
Please apply with your CV, Please see the syllabus below
Whatsapp +447552693317
Role Description
This is a contract remote role for a Secure PHP Development: Building Safe and Resilient Applications Tutor. The Tutor will be responsible for delivering online educational sessions, creating lesson plans, and instructing students in best practices for secure PHP development. The Tutor will also be responsible for providing individualized support to students, evaluating student performance, and staying updated with the latest trends and developments in PHP security.
Qualifications
* Software Development and Programming skills
* Analytical Skills
* Excellent Communication skills
* Must have industrial experience
* Bachelor's degree in Computer Science, Information Technology, or related field
* Prior experience in teaching or tutoring is a plus
Day 1: Foundations of Secure Web Development Topics Covered:
Introduction to Web Security
PHP: Overview of Current Version (latest stable release)
Security Terminology: CIA Triad, Threats, Vulnerabilities
PHP Configuration & Hardening (php.ini, secure headers, error handling)
Secure Development Lifecycle (SDLC)
Hands-On Labs:
Configuring a secure PHP environment
Secure coding walkthrough using insecure and corrected examples
Day 2: Authentication, Sessions, and Access Control Topics Covered:
Authentication vs. Authorization
Implementing secure login forms (rate limiting, error handling, CSRF tokens)
Session management: best practices (secure cookies, session fixation prevention)
Role-based Access Control (RBAC) in PHP
Password hashing using password_hash() and password_verify()
Hands-On Labs:
Implementing a secure login/logout flow
Preventing session hijacking and fixation
Creating a basic role-based access control system
Day 3: Input Validation, Output Escaping & Common Attacks Topics Covered:
Input validation and sanitization: filter_var(), custom validators
Output escaping for HTML, JS, and SQL
Common PHP vulnerabilities:
oSQL Injection
oCross-Site Scripting (XSS)
oCross-Site Request Forgery (CSRF)
oRemote File Inclusion (RFI) & Local File Inclusion (LFI)
Hands-On Labs:
Exploiting and fixing SQLi and XSS vulnerabilities
Implementing CSRF protection manually and via frameworks
Securing file upload forms
Day 4: Advanced Topics in PHP Security Topics Covered:
Secure API development (REST/GraphQL in PHP)
JSON Web Tokens (JWT) - Secure usage
Secure error handling and logging
Rate limiting, CAPTCHA, and brute force protection
Using security headers (Content-Security-Policy, Strict-Transport-Security, etc.)
Hands-On Labs:
Building and securing a simple RESTful API
Implementing JWT authentication securely
Testing security headers with browser tools and scanners
Day 5: Threat Modeling, Testing, and Final Project Topics Covered:
Threat modeling for PHP applications (STRIDE approach)
Tools for security testing: OWASP ZAP, Burp Suite (Intro)
Static analysis tools for PHP (e.g., SonarQube, PHPStan)
Secure deployment practices
Final Project:
Team-based challenge: secure an intentionally vulnerable PHP application
Peer review and feedback session
Wrap-Up:
Review key takeaways
Q&A and personalized feedback
#J-18808-Ljbffr