Secure PHP Development: Building Safe and Resilient Applications Tutor

Mon To Friday 10am to 5pm Including lunch break) Monday to Friday 14-18th July Please apply with your CV, Please see the syllabus below Role Description This is a contract remote role for a Secure PHP Development: Building Safe and Resilient Applications Tutor. The Tutor will be responsible for delivering online educational sessions, creating lesson plans, and instructing students in best practices for secure PHP development. The Tutor will also be responsible for providing individualized support to students, evaluating student performance, and staying updated with the latest trends and developments in PHP security. Qualifications Software Development and Programming skills Analytical Skills Excellent Communication skills Must have industrial experience Bachelor's degree in Computer Science, Information Technology, or related field Prior experience in teaching or tutoring is a plus Day 1: Foundations of Secure Web Development Topics Covered: · Introduction to Web Security · PHP: Overview of Current Version (latest stable release) · Security Terminology: CIA Triad, Threats, Vulnerabilities · PHP Configuration & Hardening (php.ini, secure headers, error handling) · Secure Development Lifecycle (SDLC) Hands-On Labs: · Configuring a secure PHP environment · Secure coding walkthrough using insecure and corrected examples Day 2: Authentication, Sessions, and Access Control Topics Covered: · Authentication vs. Authorization · Implementing secure login forms (rate limiting, error handling, CSRF tokens) · Session management: best practices (secure cookies, session fixation prevention) · Role-based Access Control (RBAC) in PHP · Password hashing using password_hash() and password_verify() Hands-On Labs: · Implementing a secure login/logout flow · Preventing session hijacking and fixation · Creating a basic role-based access control system Day 3: Input Validation, Output Escaping & Common Attacks Topics Covered: · Input validation and sanitization: filter_var(), custom validators · Output escaping for HTML, JS, and SQL · Common PHP vulnerabilities: o SQL Injection o Cross-Site Scripting (XSS) o Cross-Site Request Forgery (CSRF) o Remote File Inclusion (RFI) & Local File Inclusion (LFI) Hands-On Labs: · Exploiting and fixing SQLi and XSS vulnerabilities · Implementing CSRF protection manually and via frameworks · Securing file upload forms Day 4: Advanced Topics in PHP Security Topics Covered: · Secure API development (REST/GraphQL in PHP) · JSON Web Tokens (JWT) – Secure usage · Secure error handling and logging · Rate limiting, CAPTCHA, and brute force protection · Using security headers (Content-Security-Policy, Strict-Transport-Security, etc.) Hands-On Labs: · Building and securing a simple RESTful API · Implementing JWT authentication securely · Testing security headers with browser tools and scanners Day 5: Threat Modeling, Testing, and Final Project Topics Covered: · Threat modeling for PHP applications (STRIDE approach) · Tools for security testing: OWASP ZAP, Burp Suite (Intro) · Static analysis tools for PHP (e.g., SonarQube, PHPStan) · Secure deployment practices Final Project: · Team-based challenge: secure an intentionally vulnerable PHP application · Peer review and feedback session Wrap-Up: · Review key takeaways · Q&A and personalized feedback