Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SeaPHP 2015 - Modern and Secure PHP

Ben Edmunds
February 12, 2015

SeaPHP 2015 - Modern and Secure PHP

This is not the PHP of old. Learn what's changed in the PHP world over the last few years. Classes, objects, statics, traits, unit testing, composer, password hashing; it's a whole new ballgame.

Learn what has changed in the PHP world over the last several years. We'll cover
The newest PHP language features.
Community efforts such as the PHP Framework Interoperability Group, Composer, and PHP the Right Way.
How to secure your application using up to date techniques.

Ben Edmunds

February 12, 2015
Tweet

More Decks by Ben Edmunds

Other Decks in Technology

Transcript

  1. Who is this guy? Ben Edmunds Open Source Author PHP

    Town Hall Podcast CTO at Mindfulware
  2. Traits // grouping without // strict inheritance trait baseUser {

    function getName() { return ‘Jon Snow’; } }
  3. PDO

  4. PDO $stmt = $db->prepare(‘ SELECT * FROM users WHERE id=:id

    ’); $stmt->bindParam(‘:id’, $id); $stmt->execute();
  5. Security HTTPS / SSL Encrypts traffic across the wire Trusted

    sender and receiver Required by OAUTH 2
  6. Security //safe defaults class Your Controller { protected $var1 =

    ‘default value’; function __construct() { … } }
  7. Security //safe defaults $something = false; foreach ($array as $k

    => $v) { $something = $v->foo; if ($something == ‘bar’) { … } }
  8. Security //CSRF Protection POST / PUT / UPDATE / DELETE

    behind forms with one-time use tokens
  9. Security //CSRF Protection function generateCsrf() { $token = mcrypt_create_iv( 16,

    MCRYPT_DEV_URANDOM); Session::flash('csrfToken', $token); return $token; }
  10. Built-in Server $ php -S localhost:8000 PHP 5.4.0 Development Server

    started… Listening on localhost:8000 Document root is /home/ben/htdocs Press Ctrl-C to quit
  11. Unit Testing $ phpunit tests PHPUnit 3.3.17 by Sebastian Bergmann.

    Time: 0.01 seconds OK (1 tests, 1 assertions)