Agile Applications with ExtJS and Zend Framework
The API Dilemma
Creating a good, useful and functional API for your application can be one of the most difficult parts of a project. With more and more things becoming API-powered, it’s important to plan well and provide what the user expects. I’ll look at some principles you can follow to make sure the API you write is the right one, both from the developer perspective and what you, as a user, should expect of a quality web service API.
Beyond the Basics: Security with PHP
You’ve seen some of the basics of securing your application – validating input, filtering output and the like. Let me take you a step further into more advanced security in PHP. Protecting your application from things like XML injection, insecure sessions & upload issues can be tricky. This session is a how-to on keeping your app safe.
CodeIgniter Loves You
Ever wanted a framework that got out of the way and let you do what you wanted to do? Want it fast? Want it light? CodeIgniter might just be what you’re looking for. I’ll walk you through the basics of the framework and talk about how it relates to some of the other tools that’re out there as well as give you an in-depth look at creating a sample application and a look inside a larger Open Source application using CodeIgniter – Joind.in.
B-S-T, Easy as 1-2-3
Your code knows there’s something better out there, do you? I’m going to talk about three things – Best practices, Standards and some Tools – that can help you and your applications move to the next level.
Building a Web Services API
When is a web application more than just a web application? Hook up an API and you’ll see! I’ll walk you through the basics of what an API is and the concepts behind it as well as key pieces of technology you can use to create both the client and server. There’s a focus on PHP but other languages and tools will be touched on as well.
The Hardened Application: Testing Principles from OWASP
Secure development has become a necessary part of any development process, there’s no way around that. Protecting the various parts of your application (and users) is also becoming more and more complex. Writing the code is only half the battle – it still needs to be tested. What tests do you need to worry about, though? There’s just not enough time to test all the things – a more targeted approach is necessary. Join me as I walk you through the most recent version of the OWASP Testing Guide, pointing out interesting points along the way and recommend some effective testing techniques.
Keeping Your PHP Lean
Want to take your PHP development to the next level while still keeping things tight? Think simple, think easy, think lean. Lean development practices aim to reduce complexity and amplify simplicity in you development process. You’ll learn how to apply basic lean thinking and principles relate to Aglie methods and how they can build quality into your code from the start.
No Really, It’s All About You
You’ve heard it all before – this framework can do this, this other one can do it faster. The lists of features and comparisons go on and on, but there’s one thing those lists forget – the human element.
Frameworks are only as good as the developers using them and in this talk I’ll focus on these developers and how they interact with the tools. How easy is it to create an application in CodeIgniter? What kinds of things does Solar make simpler than others? Is the Zend Framework the best choice for some of the more ‘business applications’?
I’ll take a developer-centric approach to four popular PHP frameworks: CodeIgniter, CakePHP, Solar and the Zend Framework. Topics include speed of application development, how simple they make the simple things and maybe a few benchmarks thrown in for fun.
Auth*: Dispelling the Myths
There’s a lot of bad practices and myths floating around about authentication and authorization these days. Using passwords just isn’t good enough anymore. Come with me as I explore and dispel some of these common misconceptions and myths about these two important and often misunderstood topics. I’ll talk about some of the most common techniques and look forward to tools and options that can help make your applications even more secure.
- SkiPHP 2014 [slides, Joind.in feedback]
- True North PHP 2013 [slides]
- NomadPHP Europe (online) [Joind.in feedback]
A (PHP) Security State of Mind
There’s no doubt about it, you can’t afford to ignore security in your applications these days. With things like SQL injection and CSRF becoming more and more common, you need the knowledge to keep them from happening in your apps. It’s not just backend either – there’s frontend concerns too! I’ll share with you some of the most common security issues that you need to consider and how to avoid them and harden your apps.
Securing Your REST API
With APIs becoming the de-facto standard for getting things done on the web, it’s more important than ever to provide the right kind of security for your application. The options can be overwhelming with things like OAuth, signed queries, shared certificates and token authentication just to name a few. I’ll go through these and some of the questions you’ll need to ask as you think about protecting your API and the data that lies within.
Right Where You Belong: The PHP Community
It doesn’t matter if you’re an expert PHP developer or just getting started – there’s always a place in the community for you to get involved! I’ll take a look at various ways developers can find their perfect fit whether it be in local user groups, IRC or just releasing your apps under Open Source licenses. Businesses can participate too – I’ll cover how they can give back as well!
Taming the Deployment Beast
Tired of the “cross your fingers” deployment method? Good news, there’s something better out there! This session will give you an overview of some of the technologies – from writing the code to pushing it live – that can help you and your team tame the deployment beast. Technologies like version control systems, unit testing libraries build tools and continuous integration will be discussed.
Top 10 Developer Security Misconceptions
When it comes to security in development, there’s a lot of things developers have the wrong idea about – things like “I don’t have enough time” or “I don’t know enough to be effective.” Join me as a I run through the “top ten” of the list and help dispel them and make your life as a developer easier.
The Rise of 2-Factor Authentication
Two-factor authentication has gotten a lot of attention lately. It’s being praised as a way to help eliminate identify theft online and already has several major companies adapting their practices to use it. Let me guide you through the world of two-factor authentication and explain some of the basic concepts and dive deeper into the associated protocols and RFCs. I’ll also show you some common implementations with standalone and web service options to get you started quickly.
- Confoo 2014 [slides]
- PHP Master Series, v2 (online training session) [Joind.in feedback]
Writing Secure PHP Applications
Being secure on the web is getting harder and harder – the attacks are happening more and more and we, as web app developers, have to respond. The session will share tips you can follow in your code to ensure that your app stays safe and some tips to help improve investigation and preventing your app from becoming the next statistic.
Secure PHP Development Bootcamp
The web is becoming a more and more dangerous place every day. You, as a PHP application developer, need to be armed with the tools and knowledge to make your applications as secure as possible. Come get hands-on training in applying secure design principles, testing code for vulnerabilities and fixing the problems we find together. We”ll be using a vulnerable application to illustrate some of the most common vulnerabilities like cross-site scripting, SQL injection and other notables from the OWASP Top 10 list. You”ll walk away with a grasp of good secure coding practices and a platform for future experimentation.
PHP Roundtable – Coding Securely in PHP
With big security breaches becoming the norm these days, security is something we simply cannot ignore. In this discussion we’ll ask the experts how we can become more responsible developers by learning about specific security threats we should be most concerned with.
With Anthony Ferrara and Daniel Lowery
Coding Securely in PHP
PHP Security, Redefined
Let’s be honest, PHP has had a rocky history with security. Over the years the language has been highly criticized for it’s lack of a focus on security and secure development practices. In more recent years, however, a resurgence has happened in the language and community, bringing secure development back into focus. With PHP 7 on the horizon, the language is making even more strides to improve some of its wayward ways of the past and reinvent itself. I’ll share practical code examples, tools, libraries and best practices that are making it easier than ever to keep PHP applications safe.
Come along with me as I guide you through both the language improvements and community encouragement making PHP a more secure place.