Quality & Security - International PHP Conference

Automated Detection of Complex Vulnerabilities with Static Code Analysis

datasyncer@sandsmedia.com — Mon, 05 Sep 2022 07:21:46 +0000

With the ever-growing threat of data and compliance breaches, the security of web applications and APIs is business critical. The Sonar ecosystem enables developers to Clean Code by automatically detecting code quality and security issues during development. Security issues are typically very complex and detecting them is technically significantly more challenging than the detection of everyday code quality issues. In this talk, we talk about the techniques used behind the scenes to automatically detect such vulnerabilities. In particular, we will present a technology known as symbolic analysis, a sophisticated type of taint analysis that can detect vulnerabilities even in complex and large applications, yet remains reasonably efficient. We will focus on vulnerabilities often found in PHP applications and talk about how to solve some of the challenges encountered in this context.

The post Automated Detection of Complex Vulnerabilities with Static Code Analysis appeared first on International PHP Conference.

Xdebug 3

datasyncer@sandsmedia.com — Thu, 23 Jun 2022 05:55:38 +0000

In this talk I explain how to use Xdebug 3 to get more productive writing PHP code. It is for developers who want to know how to debug their code in a better way, through single step debugging, profiling,and simpler debugging tools.

Xdebug is a PHP extension that implements many debugging aids and features. In this presentation we are going to look at this new versionof Xdebug 3. The new version is a near total rewrite, and brings manyimprovements over its older releases. You will learn how to optimally use the new features and settings to make your development life easier.

Besides introducing the redone functionality, we will also have a
cursory look at how these features are implemented, just to provide a
better understanding of what a debugging extension can, and cannot do.

The post Xdebug 3 appeared first on International PHP Conference.

Domain-Driven Design for Developers and Architects

datasyncer@sandsmedia.com — Wed, 22 Jun 2022 12:16:20 +0000

In times of microservices, it becomes clear how important Domain Driven Design (DDD) still is. In this workshop, you will learn the most important concepts and terms of software modelling with DDD and try them out in the group using practical interactive exercises.

The post Domain-Driven Design for Developers and Architects appeared first on International PHP Conference.

Hardening Nginx and PHP-FPM for Production

datasyncer@sandsmedia.com — Wed, 22 Jun 2022 08:00:09 +0000

No matter if they’re running on a classic physical server, cloud VMs, or in containers, NGINX and PHP-FPM have established themselves as the de-facto standard runtime environment for PHP applications. But what about a production-ready and secure configuration of these two components? Even though, of course, the default settings seemingly work just fine, a really...

The post Hardening Nginx and PHP-FPM for Production appeared first on International PHP Conference.

PHP 8.2 – Just Upgrade and Go?

datasyncer@sandsmedia.com — Wed, 22 Jun 2022 08:00:09 +0000

Life could be so easy: Just roll out the latest PHP version on all systems, immediately benefit from the new features and otherwise get back to implementing new requirements. In reality, however, it usually isn’t that simple: Who has time to read through all the changes in PHP and check for possible side effects in their own software? But does that really have to be the case? In this talk, we’ll explore what better approaches there are to prepare for an upgrade, what tools might help, and how you can almost completely avoid the stress of a version bump.

The post PHP 8.2 – Just Upgrade and Go? appeared first on International PHP Conference.

Challenges in UI Automation and How to Solve Them

datasyncer@sandsmedia.com — Wed, 22 Jun 2022 08:00:08 +0000

It’s impossible to imagine software development without UI tests. Despite technological progress, the automation of UI tests is still considered too complex to function completely without manual intervention. Especially when automating canvas elements, embedded maps, or shadow DOM elements, many approaches reach their limits. That is why more and more image-based approaches are being pursued, in addition to classical ones such as Selenium. This talk will cover modern UI automation approaches with an overview of tools and techniques. In particular, current problems and future developments will be addressed. We show exemplarily how several tools like Taiko and SikuliX can be used and how AI will help us approach such challenges in the future.

The post Challenges in UI Automation and How to Solve Them appeared first on International PHP Conference.

Extending PHPUnit with its New Event System

datasyncer@sandsmedia.com — Wed, 22 Jun 2022 08:00:07 +0000

PHPUnit’s new event system has been a long time coming. As one of the contributors to PHPUnit’s event system, I will show how to extend PHPUnit using the new event system. One possibility could be to show how to detect tests taking up exceptionally more resources (time and memory).

The post Extending PHPUnit with its New Event System appeared first on International PHP Conference.

OWASP Top Ten 2021: Better Paranoid Than Offline

datasyncer@sandsmedia.com — Wed, 22 Jun 2022 08:00:06 +0000

Since 2003, the Open Web Application Security Project curates a list of the top ten security risks for web applications. After several delays, the 2021 list was finally released in late September of that year. Time to have a look at what’s new, what has changed, and to get an up-to-date refresh on how to...

The post OWASP Top Ten 2021: Better Paranoid Than Offline appeared first on International PHP Conference.

The PHP Stack’s Supply Chain

datasyncer@sandsmedia.com — Wed, 22 Jun 2022 08:00:05 +0000

All modern software is built using third-party software components, which may come with their own dependencies. Do you know everything about the components that make up the foundation of your software? What is the PHP software stack’s supply chain? In this presentation, Sebastian Bergmann paints a picture as completely as possible, covering topics from software...

The post The PHP Stack’s Supply Chain appeared first on International PHP Conference.

How to Monitor Your PHP application with Scout APM

datasyncer@sandsmedia.com — Wed, 11 May 2022 07:30:22 +0000

Scout APM empowers software developers to spend their time building products customers love by minimizing the effort required to identify and resolve performance issues. As a leading Application Performance Monitoring (APM) solution, Scout’s developer-centric approach pinpoints issues such as memory bloat, N+1 queries and other abnormalities, enabling customers to quickly resolve performance issues.
In this demo, Samantha walks you through how to monitor your PHP application using Scout. Scout APM offers a 14-day free trial with no credit card required! Learn more at scoutapm.com

The post How to Monitor Your PHP application with Scout APM appeared first on International PHP Conference.