`
What's New inPHP 8.4
What's New In PHP 8.4
November 14, 2024
Merge PHP
All the new features in PHP 8.4
Code Review: It's for Me and You!
Code Review: It's for Me and You!
October 26, 2024
Cascadia PHP
Code reviews are not about catching bugs; code reviews are tools for your entire team to understand the changes being made to your codebase. This talk will cover some best practices on when code reviews should be done (spoiler alert: always!), what the author should be providing in the code review, and what you can do to make sure that both you and the author get the most out of the review. Finally we'll discuss things that aren't part of the review process.
Attackers want your data and they're getting it from your API
Attackers want your data and they're getting it from your API
October 24, 2023
Cascadia PHP
APIs are everywhere. Some companies sell theirs for profit and publish documentation alongside it. Others expose just enough APIs to provide value to the end users, without ever intending them to be used for any other purpose. Your API is the purveyor to some valuable data, and attackers are eager to get at it. This session will cover some of the methods attackers use to reverse engineer your API and some steps you can take to thwart them. The session will begin by demonstrating more...a few methodologies on how traffic to an API can be "sniffed" and analyzed. We will then discuss authentication with API keys and OAuth2 and the differences and pitfalls of each. We'll touch on some low hanging fruit on hardening your API: TLS encryption, certificate pinning, and some less obvious techniques including HMAC request signing, obfuscation, compilation protection, and more. At the end of the session you'll have a better understanding of the cat and mouse game that is API security, the knowhow of the tools and techniques attackers might be using to get at your data, and some steps you can implement to better your API's security.
What's New in PHP 8.3?
What's New in PHP 8.3?
November 9, 2023
Merge PHP PHP
All the new features in PHP 8.3
What Does A Modern PHP Application Look Like?
What Does A Modern PHP Application Look Like?
November 4, 2023
Longhorn PHP
With 28 years out in the wild, PHP has changed a lot over the years. And so has the way we write PHP applications. An application created today is virtually unrecognizable from an app made 20 years ago. What makes these apps different and why has there been so much change? How is a modern app structured, and why do new apps look so much different than old ones? This talk will discuss application flow, dependencies, file structure and more.
Attackers want your data and they're getting it from your API
Attackers want your data and they're getting it from your API
May 17, 2023
php[tek]
APIs are everywhere. Some companies sell theirs for profit and publish documentation alongside it. Others expose just enough APIs to provide value to the end users, without ever intending them to be used for any other purpose. Your API is the purveyor to some valuable data, and attackers are eager to get at it. This session will cover some of the methods attackers use to reverse engineer your API and some steps you can take to thwart them. The session will begin by demonstrating a few more...methodologies on how traffic to an API can be "sniffed" and analyzed. We will then discuss authentication with API keys and OAuth2 and the differences and pitfalls of each. We'll touch on some low hanging fruit on hardening your API: TLS encryption, certificate pinning, and some less obvious techniques including HMAC request signing, obfuscation, compilation protection, and more. At the end of the session you'll have a better understanding of the cat and mouse game that is API security, the knowhow of the tools and techniques attackers might be using to get at your data, and some steps you can implement to better your API's security.
What Does A Modern PHP Application Look Like?
What Does A Modern PHP Application Look Like?
May 17, 2023
php[tek]
With 28 years out in the wild, PHP has changed a lot over the years. And so has the way we write PHP applications. An application created today is virtually unrecognizable from an app made 20 years ago. What makes these apps different and why has there been so much change? How is a modern app structured, and why do new apps look so much different than old ones? This talk will discuss application flow, dependencies, file structure and more.
Attackers want your data and they're getting it from your API
Attackers want your data and they're getting it from your API
16 February, 2021
PHP UK
APIs are everywhere. Some companies sell theirs for profit and publish documentation alongside it. Others expose just enough APIs to provide value to the end users, without ever intending them to be used for any other purpose. Your API is the purveyor to some valuable data, and attackers are eager to get at it. This session will cover some of the methods attackers use to reverse engineer your API more...and some steps you can take to thwart them. The session will begin by demonstrating a few methodologies on how traffic to an API can be "sniffed" and analyzed. We will then discuss authentication with API keys and OAuth2 and the differences and pitfalls of each. We'll touch on some low hanging fruit on hardening your API: TLS encryption, certificate pinning, and some less obvious techniques including HMAC request signing, obfuscation, compilation protection, and more. At the end of the session you'll have a better understanding of the cat and mouse game that is API security, the knowhow of the tools and techniques attackers might be using to get at your data, and some steps you can implement to better your API's security.
Attackers want your data and they're getting it from your API
Attackers want your data and they're getting it from your API
October 15, 2021
Longhorn PHP
APIs are everywhere. Some companies sell theirs for profit and publish documentation alongside it. Others expose just enough APIs to provide value to the end users, without ever intending them to be used for any other purpose. Your API is the purveyor to some valuable data, and attackers are eager to get at it. This session will cover some of the methods attackers use to reverse engineer your API and some steps you can take to thwart them. The session will begin by demonstrating a few more...methodologies on how traffic to an API can be "sniffed" and analyzed. We will then discuss authentication with API keys and OAuth2 and the differences and pitfalls of each. We'll touch on some low hanging fruit on hardening your API: TLS encryption, certificate pinning, and some less obvious techniques including HMAC request signing, obfuscation, compilation protection, and more. At the end of the session you'll have a better understanding of the cat and mouse game that is API security, the knowhow of the tools and techniques attackers might be using to get at your data, and some steps you can implement to better your API's security.
Native Apps with Tabris.js
Native Apps with Tabris.js
November 5, 2019
Developer Week Austin
Tabris.js is a mobile framework that lets you develop native iOS and Android apps from a single code base written entirely in JavaScript. Tabris.js is fully native (no WebViews!) and allows you to use existing JavaScript libraries, node modules and Cordova plugins to build your apps. The developer app lets you reload your code at the push of a button for a fast develop/test cycle. Tabris.js also has an online build service eliminating the need to set up SDKs to generate packages for mobile devices.
Xdebug will forever change the way you debug your PHP code
Xdebug will forever change the way you debug your PHP code
September 21, 2019
Cascadia PHP Conference
We've all used echo, print_r, and var_dump to figure out why our code doesn't work. But did you know there's an easier way? This talk will demonstrate the use of two popular PHP tools: Xdebug and PhpStorm. Instead of littering your code with statements to send variable values to the browser, using these tools it's possible to pause script execution on a specific line, allowing you to view and edit any variable as well as arbitrary code. Never again will you forget to remove test code before sending it to production!
Xdebug will forever change the way you debug your PHP code
Xdebug will forever change the way you debug your PHP code
February 9, 2019
Sunshine PHP Conference
We've all used echo, print_r, and var_dump to figure out why our code doesn't work. But did you know there's an easier way? This talk will demonstrate the use of two popular PHP tools: Xdebug and PhpStorm. Instead of littering your code with statements to send variable values to the browser, using these tools it's possible to pause script execution on a specific line, allowing you to view and edit any variable as well as arbitrary code. Never again will you forget to remove test code before sending it to production!
Xdebug will forever change the way you debug your PHP code
Xdebug will forever change the way you debug your PHP code
January 10, 2019
Seattle PHP User Group
We've all used echo, print_r, and var_dump to figure out why our code doesn't work. But did you know there's an easier way? This talk will demonstrate the use of two popular PHP tools: Xdebug and PhpStorm. Instead of littering your code with statements to send variable values to the browser, using these tools it's possible to pause script execution on a specific line, allowing you to view and edit any variable as well as arbitrary code. Never again will you forget to remove test code before sending it to production!
Native Apps with Tabris.js
Native Apps with Tabris.js
November 2, 2018
Madison PHP Conference
Tabris.js is a mobile framework that lets you develop native iOS and Android apps from a single code base written entirely in JavaScript. Tabris.js is fully native (no WebViews! and allows you to use existing JavaScript libraries, node modules and Cordova plugins to build your apps. The developer app lets you reload your code at the push of a button for a fast develop/test cycle. Tabris.js also has an online build service eliminating the need to set up SDKs to generate packages for mobile devices.
Intro to Redis with PHP
Intro to Redis with PHP
July 20, 2017
Seattle Redis Meetup
An overview of Redis, what it does, and Redis' various datatypes, and how to use Redis with PHP
Creating Web Scrapers
Creating Web Scrapers
July 11, 2017
Seattle PHP User Group
An introduction to web scrapers and a few techniques for building them
Native Apps with Tabris.js
Native Apps with Tabris.js
May 11, 2017
Seattle JS Meetup
Tabris.js is a mobile framework that lets you develop native iOS and Android apps from a single code base written entirely in JavaScript. Tabris.js does not use WebViews for rendering and allows you to use existing JavaScript libraries, node modules and Cordova plugins to build your apps. Tabris.js also has an online build service eliminating the need to set up SDKs to generate packages for mobile devices.
Upgrading to PHP 7
Upgrading to PHP 7
June 14, 2016
Seattle PHP User Group
An lightning talk on the overview of the process involved and some of the pitfalls I encountered when migrating a PHP 5.6 application to 7.0.
Something About Redis
Something About Redis
April 7, 2015
Seattle PHP User Group
Introduction to Redis, what it does, and Redis' various datatypes. Also a demo of installation and of PubSub using Websockets.