Code reviews are not about catching bugs; code reviews are tools for your entire team to understand the changes being made to your codebase. This talk will cover some best practices on when code reviews should be done (spoiler alert: always!), what the author should be providing in the code review, and what you can do to make sure that both you and the author get the most out of the review. Finally we'll discuss things that aren't part of the review process.
APIs are everywhere. Some companies sell theirs for profit and publish documentation alongside it. Others expose just enough APIs to provide value to the end users, without ever intending them to be used for any other purpose. Your API is the purveyor to some valuable data, and attackers are eager to get at it. This session will cover some of the methods attackers use to reverse engineer your API and some steps you can take to thwart them. The session will begin by demonstrating more...a few methodologies on how traffic to an API can be "sniffed" and analyzed. We will then discuss authentication with API keys and OAuth2 and the differences and pitfalls of each. We'll touch on some low hanging fruit on hardening your API: TLS encryption, certificate pinning, and some less obvious techniques including HMAC request signing, obfuscation, compilation protection, and more. At the end of the session you'll have a better understanding of the cat and mouse game that is API security, the knowhow of the tools and techniques attackers might be using to get at your data, and some steps you can implement to better your API's security.
With 28 years out in the wild, PHP has changed a lot over the years. And so has the way we write PHP applications. An application created today is virtually unrecognizable from an app made 20 years ago. What makes these apps different and why has there been so much change? How is a modern app structured, and why do new apps look so much different than old ones? This talk will discuss application flow, dependencies, file structure and more.
APIs are everywhere. Some companies sell theirs for profit and publish documentation alongside it. Others expose just enough APIs to provide value to the end users, without ever intending them to be used for any other purpose. Your API is the purveyor to some valuable data, and attackers are eager to get at it. This session will cover some of the methods attackers use to reverse engineer your API and some steps you can take to thwart them. The session will begin by demonstrating a few more...methodologies on how traffic to an API can be "sniffed" and analyzed. We will then discuss authentication with API keys and OAuth2 and the differences and pitfalls of each. We'll touch on some low hanging fruit on hardening your API: TLS encryption, certificate pinning, and some less obvious techniques including HMAC request signing, obfuscation, compilation protection, and more. At the end of the session you'll have a better understanding of the cat and mouse game that is API security, the knowhow of the tools and techniques attackers might be using to get at your data, and some steps you can implement to better your API's security.
With 28 years out in the wild, PHP has changed a lot over the years. And so has the way we write PHP applications. An application created today is virtually unrecognizable from an app made 20 years ago. What makes these apps different and why has there been so much change? How is a modern app structured, and why do new apps look so much different than old ones? This talk will discuss application flow, dependencies, file structure and more.
APIs are everywhere. Some companies sell theirs for profit and publish documentation alongside it. Others expose just enough APIs to provide value to the end users, without ever intending them to be used for any other purpose. Your API is the purveyor to some valuable data, and attackers are eager to get at it. This session will cover some of the methods attackers use to reverse engineer your API more...and some steps you can take to thwart them. The session will begin by demonstrating a few methodologies on how traffic to an API can be "sniffed" and analyzed. We will then discuss authentication with API keys and OAuth2 and the differences and pitfalls of each. We'll touch on some low hanging fruit on hardening your API: TLS encryption, certificate pinning, and some less obvious techniques including HMAC request signing, obfuscation, compilation protection, and more. At the end of the session you'll have a better understanding of the cat and mouse game that is API security, the knowhow of the tools and techniques attackers might be using to get at your data, and some steps you can implement to better your API's security.
APIs are everywhere. Some companies sell theirs for profit and publish documentation alongside it. Others expose just enough APIs to provide value to the end users, without ever intending them to be used for any other purpose. Your API is the purveyor to some valuable data, and attackers are eager to get at it. This session will cover some of the methods attackers use to reverse engineer your API and some steps you can take to thwart them. The session will begin by demonstrating a few more...methodologies on how traffic to an API can be "sniffed" and analyzed. We will then discuss authentication with API keys and OAuth2 and the differences and pitfalls of each. We'll touch on some low hanging fruit on hardening your API: TLS encryption, certificate pinning, and some less obvious techniques including HMAC request signing, obfuscation, compilation protection, and more. At the end of the session you'll have a better understanding of the cat and mouse game that is API security, the knowhow of the tools and techniques attackers might be using to get at your data, and some steps you can implement to better your API's security.
Tabris.js is a mobile framework that lets you develop native iOS and Android apps from a single code base written entirely in JavaScript. Tabris.js is fully native (no WebViews!) and allows you to use existing JavaScript libraries, node modules and Cordova plugins to build your apps. The developer app lets you reload your code at the push of a button for a fast develop/test cycle. Tabris.js also has an online build service eliminating the need to set up SDKs to generate packages for mobile devices.
We've all used echo, print_r, and var_dump to figure out why our code doesn't work. But did you know there's an easier way? This talk will demonstrate the use of two popular PHP tools: Xdebug and PhpStorm. Instead of littering your code with statements to send variable values to the browser, using these tools it's possible to pause script execution on a specific line, allowing you to view and edit any variable as well as arbitrary code. Never again will you forget to remove test code before sending it to production!
We've all used echo, print_r, and var_dump to figure out why our code doesn't work. But did you know there's an easier way? This talk will demonstrate the use of two popular PHP tools: Xdebug and PhpStorm. Instead of littering your code with statements to send variable values to the browser, using these tools it's possible to pause script execution on a specific line, allowing you to view and edit any variable as well as arbitrary code. Never again will you forget to remove test code before sending it to production!
We've all used echo, print_r, and var_dump to figure out why our code doesn't work. But did you know there's an easier way? This talk will demonstrate the use of two popular PHP tools: Xdebug and PhpStorm. Instead of littering your code with statements to send variable values to the browser, using these tools it's possible to pause script execution on a specific line, allowing you to view and edit any variable as well as arbitrary code. Never again will you forget to remove test code before sending it to production!
Tabris.js is a mobile framework that lets you develop native iOS and Android apps from a single code base written entirely in JavaScript. Tabris.js is fully native (no WebViews! and allows you to use existing JavaScript libraries, node modules and Cordova plugins to build your apps. The developer app lets you reload your code at the push of a button for a fast develop/test cycle. Tabris.js also has an online build service eliminating the need to set up SDKs to generate packages for mobile devices.
Tabris.js is a mobile framework that lets you develop native iOS and Android apps from a single code base written entirely in JavaScript. Tabris.js does not use WebViews for rendering and allows you to use existing JavaScript libraries, node modules and Cordova plugins to build your apps. Tabris.js also has an online build service eliminating the need to set up SDKs to generate packages for mobile devices.
