Upgrade to Pro — share decks privately, control downloads, hide ads and more …

ZendCon 2015 - Modern and Secure PHP

Ben Edmunds
October 22, 2015

ZendCon 2015 - Modern and Secure PHP

This is not the PHP of old. Learn what's changed in the PHP world over the last few years. Classes, objects, statics, traits, unit testing, composer, password hashing; it's a whole new ballgame.

Learn what has changed in the PHP world over the last several years. We'll cover
The newest PHP language features.
Community efforts such as the PHP Framework Interoperability Group, Composer, and PHP the Right Way.
How to secure your application using up to date techniques.

Ben Edmunds

October 22, 2015
Tweet

More Decks by Ben Edmunds

Other Decks in Technology

Transcript

  1. Who is this guy? Ben Edmunds Open Source Author PHP

    Town Hall Podcast CTO at Mindfulware
  2. Traits // grouping without // strict inheritance trait baseUser {

    function getName() { return ‘Jon Snow’; } }
  3. PDO

  4. PDO $stmt = $db->prepare(‘ SELECT * FROM users WHERE id=:id

    ’); $stmt->bindParam(‘:id’, $id); $stmt->execute();
  5. Security HTTPS / SSL Encrypts traffic across the wire Trusted

    sender and receiver Required by OAUTH 2
  6. Security //safe defaults class Your Controller { protected $var1 =

    ‘default value’; function __construct() { … } }
  7. Security //safe defaults $something = false; foreach ($array as $k

    => $v) { $something = $v->foo; if ($something == ‘bar’) { … } }
  8. Security //CSRF Protection POST / PUT / UPDATE / DELETE

    behind forms with one-time use tokens
  9. Security //CSRF Protection function generateCsrf() { $token = mcrypt_create_iv( 16,

    MCRYPT_DEV_URANDOM); Session::flash('csrfToken', $token); return $token; }
  10. Built-in Server $ php -S localhost:8000 PHP 5.4.0 Development Server

    started… Listening on localhost:8000 Document root is /home/ben/htdocs Press Ctrl-C to quit
  11. Unit Testing $ phpunit tests PHPUnit 3.3.17 by Sebastian Bergmann.

    Time: 0.01 seconds OK (1 tests, 1 assertions)
  12. Resources BuildSecurePHPapps.com Coupon Code: zendcon 20% off / 5$ off

    http://buildsecurephpapps.com/?coupon=zendcon