addressalign-toparrow-leftarrow-rightbackbellblockcalendarcameraccwchatcheckchevron-downchevron-leftchevron-rightchevron-small-downchevron-small-leftchevron-small-rightchevron-small-upchevron-upcircle-with-checkcircle-with-crosscircle-with-pluscrossdots-three-verticaleditemptyheartexporteye-with-lineeyefacebookfolderfullheartglobegmailgoogleimageimagesinstagramlinklocation-pinmagnifying-glassmailminusmoremuplabelShape 3 + Rectangle 1outlookpersonplusprice-ribbonImported LayersImported LayersImported Layersshieldstartickettrashtriangle-downtriangle-uptwitteruseryahoo

Milwaukee PHP Users Group Message Board MKEPUG Discussion Forum › recommendation for website security and operations training/consulting

recommendation for website security and operations training/consulting

Warren Y.
w_young
Chicago, IL
Post #: 5
Does anyone have any recommendations of companies or individuals, who offer training or consulting services, on website security and/or operations, for the LAMP stack?

I am looking for a training class, or consulting services, that covers the basic security features and operations processes every website should implement prior to launch (e.g. modifications that should be made to .ini files, to .htaccess file; best practices for backing up data; etc.).

Any suggestions or recommendations?

If context is of any help, I have built a custom PHP site where users create an account to use the site (so there is some personal information saved: name, email, password). The site has nothing to do with information like social security numbers, banking information, investing information, medical information, etc., so I am not looking to protect data of that nature. The site is not some mission critical app for a Fortune 500 company. This is a site I have built to pursue a personal idea, and I'd like to implement standard/basic security features and operations procedures on it.
Joel C.
jclermont
Group Organizer
Cedarburg, WI
Post #: 77
I have done security reviews of PHP apps. Depending on your timeframe, I could be available. I'd be willing to show you the tools and techniques I use as I do the audit, so you could gain some training that way.

I'd highly recommend checking out OWASP https://www.owasp.org...­

Especially the Top 10 https://www.owasp.org...­
and they have an AppSec Tutorial Series https://www.owasp.org...­
Joel C.
jclermont
Group Organizer
Cedarburg, WI
Post #: 78
One more note: you said LAMP, which includes the OS (Linux) and the web server (Apache). These are generally outside the scope of what I'd audit. I can give you some pointers, but securing the server as a whole is a much different type of audit than securing a single code base.
Powered by mvnForum

Our Sponsors

People in this
Meetup are also in:

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy