PHP under control

•

1 like•722 views

PHP under control
Keep an eye on your source code

Agenda

The age of industrialisation for PHP
How to keep this code under control
Technics and tools
Organizing teams for quality

Speaker
Damien Seguy
Nexen (.net), AlterWay Group
Expert services on LAMP hosting
Raise elePHPants
Monthly PHP stats
damien.seguy@nexen.net

Keep an eye on the code
Security
Performances
Code quality
But
Maintenance
Bigger teams
Changing teams
Long projects
Lots of code

Set up a coding reference

Set up the rules
Share them
Keep them simple
No bug is not a rule
Don't try to catch
everything

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

PHP under control

More Related Content

What's hot

The path of secure software by Katy Anton

The path of secure software by Katy Anton

The path of secure software by Katy Anton

Managed it support

Managed it support

Managed it support

Why should developers care about container security?

Why should developers care about container security?

Why should developers care about container security?

DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource

DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource

DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource

DevOps Indonesia

Human errors and misconfiguration-based vulnerabilities have become a major cause of data breaches and other forms of security attacks in cloud-native infrastructure (CNI). The dynamic and complex nature of CNI and the underlying distributed systems further complicate these challenges. Hence, novel security mechanisms are imperative to overcome these challenges. Such mechanisms must be customer-centric, continuous, not focused on traditional security paradigms like intrusion detection. We tackle these security challenges via Risk-driven Fault Injection (RDFI), a novel application of cyber security to chaos engineering. Chaos engineering concepts (e.g. Netflix’s Chaos Monkey) have become popular since they increase confidence in distributed systems by injecting non-malicious faults (essentially addressing availability concerns) via experimentation techniques. RDFI goes further by adopting security-focused approaches by injecting security faults that trigger security failures which impact on integrity, confidentiality, and availability. Safety measures are also employed such that impacted environments can be reversed to secure states. Therefore, RDFI improves security and resilience drastically, in a continuous and efficient manner and extends the benefts of chaos engineering to cyber security. We have researched and implemented a proof-of-concept for RDFI that targets multi-cloud enterprise environments deployed on AWS and Google cloud platform.

Chaos engineering for cloud native security

Chaos engineering for cloud native security

Chaos engineering for cloud native security

Threat Modeling workshop by Robert Hurlbut

Threat Modeling workshop by Robert Hurlbut

Threat Modeling workshop by Robert Hurlbut

Security and DevOps Overview

Security and DevOps Overview

Security and DevOps Overview

Adrian Sanabria

DevSecOps, or SecDevOps has the ambitious goal of integrating development, security and operations teams together, encouraging faster decision making and reducing issue resolution times. This session will cover the current state of DevOps, how DevSecOps can help, integration pathways between teams and how to reduce fear, uncertainty and doubt. We will look at how to move to security as code, and integrating security into our infrastructure and software deployment processes.

Infrastructure Saturday - Level Up to DevSecOps

Infrastructure Saturday - Level Up to DevSecOps

Infrastructure Saturday - Level Up to DevSecOps

AllDayDevOps 2019 AppSensor

AllDayDevOps 2019 AppSensor

AllDayDevOps 2019 AppSensor

Agile and Secure SDLC

Agile and Secure SDLC

Agile and Secure SDLC

Nazar Tymoshyk, CEH, Ph.D.

Nick Drage & Fraser Scott - Epic battle devops vs security

Nick Drage & Fraser Scott - Epic battle devops vs security

Nick Drage & Fraser Scott - Epic battle devops vs security

How the Cloud Shifts the Burden of Security to Development

How the Cloud Shifts the Burden of Security to Development

How the Cloud Shifts the Burden of Security to Development

Enterprise security teams are facing numerous challenges because of evolving threat vectors bypassing existing technology, deluge of alerts, and lack of skilled resources to stop advanced threats. Even if enterprises have a budget to bring in outside incident response and forensics teams to stop the bleeding, by then, damages and loss have already occurred. Security teams must change the shape of their security program to stop threats at the earliest and all stages of the attacker lifecycle. Join 451 Research Senior Analyst, Adrian Sanabria, and Director of Products at Endgame, Mike Nichols, talk about how earliest prevention and instant detection can change the shape and outcome of enterprise security program. This talk will outline strategies for: • Prioritizing the alerts and events that really matter • Identifying parts of the investigation workflow that can be automated • Building a detection methodology that creates confidence and continuously improves defenses

451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...

451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...

451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...

Adrian Sanabria

Secure Software Development Lifecycle - Devoxx MA 2018

Secure Software Development Lifecycle - Devoxx MA 2018

Secure Software Development Lifecycle - Devoxx MA 2018

Imola Informatica

Navigating the Unknowable: Resilience through Security Chaos Engineering When applied to Cyber Security, Chaos Engineering is advancing our ability to reveal objective information about the effectiveness of operational security measures proactively through empirical experimentation. In this session we will introduce the core concepts behind this new technique and how you can get started in building and applying it.

RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering

RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering

RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering

Even though large breaches have hit headline news in years past, some companies are still on the fence about investing in cybersecurity. As a security practitioner (or jack of all trades) how can you be expected to cover your assets with zero budget? Thankfully, there are plenty of open-source tools out there that will allow you to secure your organization. Come join me as I discuss how you can track your network assets, perform vulnerability assessments, prevent attacks with intrusion prevention systems, and even deploy HIDS. We will also jump into finding sensitive data and PII in your network, as well as incident response tools and automation. All it costs is your time (and maybe a VM or two). You really can drastically improve the security posture of your network with little to no budget, and you’ll have fun doing it! OK, maybe it won’t be fun, but at least you’ll learn something, right?

Open Source Defense for Edge 2017

Open Source Defense for Edge 2017

Open Source Defense for Edge 2017

Adrian Sanabria

Organizations enjoy the speed that DevOps brings to development and delivery. However, most security and compliance monitoring tools have not been able to keep up, becoming the most significant barrier to continuous delivery. Now some good news: you can easily integrate security into your existing processes to solve this challenge. In this session, Shiri Ivtsan, Senior Product Manager at WhiteSource, will discuss: - Leveraging the DevSecOps approach to help speed up security - Scaling security into your agile processes - 5 easy ways to start driving DevSecOps in your organization

The Challenges of Scaling DevSecOps

The Challenges of Scaling DevSecOps

The Challenges of Scaling DevSecOps

App Sec Eu08 Sec Frm Not In Code

App Sec Eu08 Sec Frm Not In Code

App Sec Eu08 Sec Frm Not In Code

Samuele Reghenzi

Devops security-An Insight into Secure-SDLC

Devops security-An Insight into Secure-SDLC

Devops security-An Insight into Secure-SDLC

Demystifying DevSecOps

Demystifying DevSecOps

Demystifying DevSecOps

What's hot (20)

The path of secure software by Katy Anton

The path of secure software by Katy Anton

The path of secure software by Katy Anton

Managed it support

Managed it support

Managed it support

Why should developers care about container security?

Why should developers care about container security?

Why should developers care about container security?

DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource

DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource

DevSecOps Beginners Guide : How to secure process in DevOps with OpenSource

Chaos engineering for cloud native security

Chaos engineering for cloud native security

Chaos engineering for cloud native security

Threat Modeling workshop by Robert Hurlbut

Threat Modeling workshop by Robert Hurlbut

Threat Modeling workshop by Robert Hurlbut

Security and DevOps Overview

Security and DevOps Overview

Security and DevOps Overview

Infrastructure Saturday - Level Up to DevSecOps

Infrastructure Saturday - Level Up to DevSecOps

Infrastructure Saturday - Level Up to DevSecOps

AllDayDevOps 2019 AppSensor

AllDayDevOps 2019 AppSensor

AllDayDevOps 2019 AppSensor

Agile and Secure SDLC

Agile and Secure SDLC

Agile and Secure SDLC

Nick Drage & Fraser Scott - Epic battle devops vs security

Nick Drage & Fraser Scott - Epic battle devops vs security

Nick Drage & Fraser Scott - Epic battle devops vs security

How the Cloud Shifts the Burden of Security to Development

How the Cloud Shifts the Burden of Security to Development

How the Cloud Shifts the Burden of Security to Development

451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...

451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...

451 and Endgame - Zero breach Tolerance: Earliest protection across the attac...

Secure Software Development Lifecycle - Devoxx MA 2018

Secure Software Development Lifecycle - Devoxx MA 2018

Secure Software Development Lifecycle - Devoxx MA 2018

RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering

RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering

RSAC 365 2021 Virtual Summit Spotlite Presentation on Security Chaos Engineering

Open Source Defense for Edge 2017

Open Source Defense for Edge 2017

Open Source Defense for Edge 2017

The Challenges of Scaling DevSecOps

The Challenges of Scaling DevSecOps

The Challenges of Scaling DevSecOps

App Sec Eu08 Sec Frm Not In Code

App Sec Eu08 Sec Frm Not In Code

App Sec Eu08 Sec Frm Not In Code

Devops security-An Insight into Secure-SDLC

Devops security-An Insight into Secure-SDLC

Devops security-An Insight into Secure-SDLC

Demystifying DevSecOps

Demystifying DevSecOps

Demystifying DevSecOps

Similar to PHP under control

Security best practices

Security best practices

Security best practices

Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore

Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore

Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore

Amazon Web Services

NessPRO Italy on CAST

NessPRO Italy on CAST

NessPRO Italy on CAST

Ernesto Di Mauro

Laura Bell (SafeStack)

Laura Bell (SafeStack)

Laura Bell (SafeStack)

AgileNZ Conference

DevSecOps overview and what one engineer can do_Dmytro Batiievskyi

DevSecOps overview and what one engineer can do_Dmytro Batiievskyi

DevSecOps overview and what one engineer can do_Dmytro Batiievskyi

Katherine Golovinova

More organizations are embracing DevOps to realize compelling business benefits, such as more frequent feature releases, increased application stability, and more productive resource utilization. However, security and compliance monitoring tools have not kept up. In fact, they often represent the largest single remaining barrier to continuous delivery. Learn how to integrate security controls in your DevOps program from experts at Alert Logic and George Miranda, engineer and evangelist at Chef. Sponsored by Alert Logic.

(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014

(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014

(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014

Amazon Web Services

Light And Dark Side Of Code Instrumentation

Light And Dark Side Of Code Instrumentation

Light And Dark Side Of Code Instrumentation

Positive Hack Days

This presentation explores how busting software bugs does more than ensure the reliability and performance of your software—it helps ensure application security. Topics covered include: How AppSec processes are really quality processes How software bugs are really security vulnerabilities How to apply coding standards as part of a continuous testing process to prevent defects from affecting the safety, security, and reliability of your applications

BUSTED! How to Find Security Bugs Fast!

BUSTED! How to Find Security Bugs Fast!

BUSTED! How to Find Security Bugs Fast!

Jason Kent - AppSec Without Additional Tools

Jason Kent - AppSec Without Additional Tools

Jason Kent - AppSec Without Additional Tools

centralohioissa

The flexibility and scale of the AWS Cloud and the emergence of DevOps have combined to allow developers to build and deploy applications faster than ever before. Assessing these applications for security risks without slowing down the development process can be a challenge with traditional vulnerability assessment tools designed for on-premises infrastructure. Amazon Inspector, an automated security assessment service, addresses this by integrating security assessments directly into the development process of applications running on Amazon Elastic Compute Cloud (Amazon EC2). In this session, we will review Amazon Inspector for performing host security assessments and how it can become a seamless part of your devops lifecycle. We will run through a demo of setting up assessment targets and templates, installing the AWS agent, and running assessments. We will explore the findings generated by an assessment and discuss how you can automate the running of assessments. Learning Objectives: An overview and the value of Security Assessment testing with Amazon Inspector How customer sign up for, configure, and use the service Understand AWS Agent and assessment data security

Getting Started with Amazon Inspector - AWS June 2016 Webinar Series

Getting Started with Amazon Inspector - AWS June 2016 Webinar Series

Getting Started with Amazon Inspector - AWS June 2016 Webinar Series

Amazon Web Services

Strengthen and Scale Security for a dollar or less

Strengthen and Scale Security for a dollar or less

Strengthen and Scale Security for a dollar or less

Mohammed A. Imran

WhiteList Checker: An Eclipse Plugin to Improve Application Security

WhiteList Checker: An Eclipse Plugin to Improve Application Security

WhiteList Checker: An Eclipse Plugin to Improve Application Security

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia

Mohammed A. Imran

Working with Legacy Code

Working with Legacy Code

Working with Legacy Code

Cloud Security vs Security in the Cloud

Cloud Security vs Security in the Cloud

Cloud Security vs Security in the Cloud

SCS DevSecOps Seminar - State of DevSecOps

SCS DevSecOps Seminar - State of DevSecOps

SCS DevSecOps Seminar - State of DevSecOps

Stefan Streichsbier

TDD in functional testing with WebDriver

TDD in functional testing with WebDriver

TDD in functional testing with WebDriver

Mikalai Alimenkou

Continuous testing the new must have skill of tomorrow's tech leaders

Continuous testing the new must have skill of tomorrow's tech leaders

Continuous testing the new must have skill of tomorrow's tech leaders

Nadav Yeheskel - Looking for a Test/QA engineer

Security is tough and is even tougher to do, in complex environments with lots of dependencies and monolithic architecture. With emergence of Microservice architecture, security has become a bit easier however it introduces its own set of security challenges. This talk will showcase how we can leverage DevSecOps techniques to secure APIs/Microservices using free and open source software. We will also discuss how emerging technologies like Docker, Kubernetes, Clair, ansible, consul, vault, etc., can be used to scale/strengthen the security program for free. More details here - https://www.practical-devsecops.com/

Scale security for a dollar or less

Scale security for a dollar or less

Scale security for a dollar or less

Mohammed A. Imran

Agile Testing, Uncertainty, Risk, and Why It All Works

Agile Testing, Uncertainty, Risk, and Why It All Works

Agile Testing, Uncertainty, Risk, and Why It All Works

Elisabeth Hendrickson

Similar to PHP under control (20)

Security best practices

Security best practices

Security best practices

Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore

Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore

Practical DevSecOps - How to Continuosly Adapt to Threats_AWSPSSummit_Singapore

NessPRO Italy on CAST

NessPRO Italy on CAST

NessPRO Italy on CAST

Laura Bell (SafeStack)

Laura Bell (SafeStack)

Laura Bell (SafeStack)

DevSecOps overview and what one engineer can do_Dmytro Batiievskyi

DevSecOps overview and what one engineer can do_Dmytro Batiievskyi

DevSecOps overview and what one engineer can do_Dmytro Batiievskyi

(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014

(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014

(SEC312) Taking a DevOps Approach to Security | AWS re:Invent 2014

Light And Dark Side Of Code Instrumentation

Light And Dark Side Of Code Instrumentation

Light And Dark Side Of Code Instrumentation

BUSTED! How to Find Security Bugs Fast!

BUSTED! How to Find Security Bugs Fast!

BUSTED! How to Find Security Bugs Fast!

Jason Kent - AppSec Without Additional Tools

Jason Kent - AppSec Without Additional Tools

Jason Kent - AppSec Without Additional Tools

Getting Started with Amazon Inspector - AWS June 2016 Webinar Series

Getting Started with Amazon Inspector - AWS June 2016 Webinar Series

Getting Started with Amazon Inspector - AWS June 2016 Webinar Series

Strengthen and Scale Security for a dollar or less

Strengthen and Scale Security for a dollar or less

Strengthen and Scale Security for a dollar or less

WhiteList Checker: An Eclipse Plugin to Improve Application Security

WhiteList Checker: An Eclipse Plugin to Improve Application Security

WhiteList Checker: An Eclipse Plugin to Improve Application Security

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia

Strengthen and Scale Security Using DevSecOps - OWASP Indonesia

Working with Legacy Code

Working with Legacy Code

Working with Legacy Code

Cloud Security vs Security in the Cloud

Cloud Security vs Security in the Cloud

Cloud Security vs Security in the Cloud

SCS DevSecOps Seminar - State of DevSecOps

SCS DevSecOps Seminar - State of DevSecOps

SCS DevSecOps Seminar - State of DevSecOps

TDD in functional testing with WebDriver

TDD in functional testing with WebDriver

TDD in functional testing with WebDriver

Continuous testing the new must have skill of tomorrow's tech leaders

Continuous testing the new must have skill of tomorrow's tech leaders

Continuous testing the new must have skill of tomorrow's tech leaders

Scale security for a dollar or less

Scale security for a dollar or less

Scale security for a dollar or less

Agile Testing, Uncertainty, Risk, and Why It All Works

Agile Testing, Uncertainty, Risk, and Why It All Works

Agile Testing, Uncertainty, Risk, and Why It All Works

More from Damien Seguy

There are tactical reasons to adopt strong typehint: easy validation, less code, fashionable. Besides, the first typehints blend in effortlessly with the current application: it is as if typehint was already there. Later, it appears that scalar types paved the way to more substantial code refactoring. Classes emerge from the initial scalar types, code congregate around important values, types gets more complex. Finally, systemic typehint arrives. Type hints become systemic when they help tame the class dependency hell, and help us plan for the new code. During the session, we'll cover the various stages of using typehints, with their advantages, and when not to overuse them.

Strong typing @ php leeds

Strong typing @ php leeds

Strong typing @ php leeds

There are tactical reasons to adopt strong typehint: easy validation, less code, fashionable. Besides, the first typehints blend in effortlessly with the current application: it is as if typehint was already there. Later, it appears that scalar types paved the way to more substantial code refactoring. Classes emerge from the initial scalar types, code congregate around important values, types gets more complex. Finally, systemic typehint arrives. Type hints become systemic when they help tame the class dependency hell, and help us plan for the new code. During the session, we’ll cover the various stages of using typehints, with their advantages, and when not to overuse them.

Strong typing : adoption, adaptation and organisation

Strong typing : adoption, adaptation and organisation

Strong typing : adoption, adaptation and organisation

Qui a laissé son mot de passe dans le code

Qui a laissé son mot de passe dans le code

Qui a laissé son mot de passe dans le code

Analyse statique et applications

Analyse statique et applications

Analyse statique et applications

Top 10 pieges php afup limoges

Top 10 pieges php afup limoges

Top 10 pieges php afup limoges

PHP has its own treasure chest of classic mistakes that surprises even the most seasoned expert : code that dies just by changing its namespace, strpos() that fails to find strings or arrays that changes without touching them. Do that get on your nerves too ? Let’s make a list of them, so we can always teach them to the new guys, spot them during code reviews and kick them out of our code once and for all. Come on, you’re not frightening us !

Top 10 php classic traps DPC 2020

Top 10 php classic traps DPC 2020

Top 10 php classic traps DPC 2020

Le typage se propage à tout PHP : la 7.4 l’ajoute aux propriétés, après les arguments et les valeurs de retours. Bien qu’opposé aux choix initiaux de typage faible de PHP, le typage augmente significativement la cohérence du code, son niveau d’auto-validation et les possibilités de dépendances inextricables. Le typage contribue à aider les outils d’introspection, à débuguer le code au plus tôt, et à adopter des techniques de développement comme le motif de l’objet null. C’est un outil supplémentaire, pratique pour les grands projets, et facilement déployé. https://event.afup.org/afup-day-2020/afup-day-2020-tours/programme/#3246

Meilleur du typage fort (AFUP Day, 2020)

Meilleur du typage fort (AFUP Day, 2020)

Meilleur du typage fort (AFUP Day, 2020)

PHP has its own treasure chest of classic mistakes that surprises even the most seasoned expert : code that dies just by changing its namespace, strpos() that fails to find strings or arrays that changes without touching them. Do that get on your nerves too ? Let’s make a list of them, so we can always teach them to the new guys, spot them during code reviews and kick them out of our code once and for all. Come on, you’re not frightening us !

Top 10 php classic traps confoo

Top 10 php classic traps confoo

Top 10 php classic traps confoo

Déjà, PHP 7.4 toque à la porte, et il arrive les bras chargés de fonctionnalités et de modernisations. Que ce soit les FFI, le support du typage pour les propriétés, l’abandon des nombres real, la covariance, et même la modernisation de strip_tags, array_merge sans argument, et l’imbrication d’opérateurs ternaires : ouf, il va falloir se retrousser les manches. Durant la session, nous passerons en revue les nouvelles fonctionnalités, les incompatibilités, et nous verrons comment préparer son code dès maintenant.

Tout pour se préparer à PHP 7.4

Tout pour se préparer à PHP 7.4

Tout pour se préparer à PHP 7.4

PHP has its own treasure chest of classic mistakes that surprises even the most seasoned expert: code that dies just by changing its namespace, strpos() that fails to find strings or arrays that changes without touching them. Do that get on your nerves too? Let's make a list of them, so we can always teach them to the new guys, spot them during code reviews and kick them out of our code once and for all. Come on, you're not frightening us!

Top 10 php classic traps php serbia

Top 10 php classic traps php serbia

Top 10 php classic traps php serbia

PHP has its own treasure chest of classic mistakes that surprises even the most seasoned expert : code that dies just by changing its namespace, strpos() that fails to find strings or arrays that changes without touching them. Do that get on your nerves too? Let’s make a list of them, so we can always teach them to the new guys, spot them during code reviews and kick them out of our code once and for all. Come on, you’re not frightening us?

Top 10 php classic traps

Top 10 php classic traps

Top 10 php classic traps

PHP a son lot de surprises qui pimente notre vie de développeur : le code qui meurt d’un coup de namespace, strpos qui ne trouve pas sa chaîne et les tableaux qui se modifient sans qu’on y touche. Ca vous énerve vous aussi ? Alors, en 20 minutes, on va dresser un florilège des erreurs les plus vicieuses, comment les corriger et comment les garder loin de votre code. Attachez vos ceintures !

Top 10 chausse trappes

Top 10 chausse trappes

Top 10 chausse trappes

Static analysis is an emerging field, in particular in the PHP world. Reviewing source code at the speed of a computer requires powerful theoretical tools: control flow diagram, abstract syntactic trees, acyclic dependency graph. If all this seems far and remote from PHP, come and learn how they apply to your favorite language! They are all useful when it comes to detecting early those errors that end up in production, and sometimes, even before the code may compile. We’ll see how to combine all those aspects to build a useful auditing engine.

Code review workshop

Code review workshop

Code review workshop

Static analysis for PHP Static analysis is an emerging field, in particular in the PHP world. Reviewing source code at the speed of a computer requires powerful theoretical tools: control flow diagram, abstract syntactic trees, acyclic dependency graph. If all this seems far and remote from PHP, come and learn how they apply to your favorite language! We'll see how to combine all those aspects to build a useful auditing engine.

Understanding static analysis php amsterdam 2018

Understanding static analysis php amsterdam 2018

Understanding static analysis php amsterdam 2018

Code quality is not just for christmas, it is a daily part of the job. So, what do you do when you're handed with a five feet long pole a million lines of code that must be vetted ? You call static analysis to the rescue. During one hour, we'll be reviewing totally unknown code code : no name, no usage, not a clue. We'll apply a wide range of tools, reaching for anything that helps us understand the code and form an opinion on it. Can we break this mystery and learn how everyone else is looking at our code ?

Review unknown code with static analysis php ce 2018

Review unknown code with static analysis php ce 2018

Review unknown code with static analysis php ce 2018

PHP 7.3 is already bet3 and we will get the final version shortly after Sinterklaas. A wide range of new features are already available for testing, including the relaxed syntax for Heredocs, the final comma in function calls, and a crowd of smaller increments. We’ll review those evolutions, check the incompatibilities, and try to find the in PHP code. Finally, we’ll present the RFC process that leads to new features : we can start to discover PHP 7.4 together!

Everything new with PHP 7.3

Everything new with PHP 7.3

Everything new with PHP 7.3

PHP 7.3 sera en beta à la fin de l'été, et cible une sortie avant Noel. De nombreuses nouveautés sont prévues de longue date, comme l'évolution de la syntaxe heredoc, ou les , finales pour les appels de fonctions, tandis qu'une rafale de nouveautés se bousculent au portillon, et ont même généré une alpha 4. Nous passerons en revue toutes ces évolutions, ainsi que les incompatibilités, comment les trouver dans du code, et comment fonctionnent les RFC de PHP.

Php 7.3 et ses RFC (AFUP Toulouse)

Php 7.3 et ses RFC (AFUP Toulouse)

Php 7.3 et ses RFC (AFUP Toulouse)

PHP 7.3 sera en beta à la fin de l'été, et cible une sortie avant Noel. De nombreuses nouveautés sont prévues de longue date, comme l'évolution de la syntaxe heredoc, ou les , finales pour les appels de fonctions, tandis qu'une rafale de nouveautés se bousculent au portillon, et ont même généré une alpha 4. Nous passerons en revue toutes ces évolutions, ainsi que les incompatibilités, comment les trouver dans du code, et comment fonctionnent les RFC de PHP.

Tout sur PHP 7.3 et ses RFC

Tout sur PHP 7.3 et ses RFC

Tout sur PHP 7.3 et ses RFC

Code quality is not just for christmas, it is a daily part of the job. So, what do you do when you’re handed with a five feet long pole a million lines of code that must be vetted ? You call static analysis to the rescue. During one hour, we’ll be reviewing totally unknown code code : no name, no usage, not a clue. We’ll apply a wide range of tools, reaching for anything that helps us understand the code and form an opinion on it. Can we break this mystery and learn how everyone else is looking at our code ?

Review unknown code with static analysis php ipc 2018

Review unknown code with static analysis php ipc 2018

Review unknown code with static analysis php ipc 2018

Everyone fear the review of his own code. And to start with, there is no time. Because, what will happen once we have found something to detail ? In fact, a good code review means being ready to discuss a mere few lines, assess the context and evaluate an alternative, or not. It also means that when the code has become a dense jungle, there may hide monsters worse than a few errors. Using automated tools that are not scared by volume, we’ll keep everything under control, without anyone else knowing about it.

Code review for busy people

Code review for busy people

Code review for busy people

More from Damien Seguy (20)

Strong typing @ php leeds

Strong typing @ php leeds

Strong typing @ php leeds

Strong typing : adoption, adaptation and organisation

Strong typing : adoption, adaptation and organisation

Strong typing : adoption, adaptation and organisation

Qui a laissé son mot de passe dans le code

Qui a laissé son mot de passe dans le code

Qui a laissé son mot de passe dans le code

Analyse statique et applications

Analyse statique et applications

Analyse statique et applications

Top 10 pieges php afup limoges

Top 10 pieges php afup limoges

Top 10 pieges php afup limoges

Top 10 php classic traps DPC 2020

Top 10 php classic traps DPC 2020

Top 10 php classic traps DPC 2020

Meilleur du typage fort (AFUP Day, 2020)

Meilleur du typage fort (AFUP Day, 2020)

Meilleur du typage fort (AFUP Day, 2020)

Top 10 php classic traps confoo

Top 10 php classic traps confoo

Top 10 php classic traps confoo

Tout pour se préparer à PHP 7.4

Tout pour se préparer à PHP 7.4

Tout pour se préparer à PHP 7.4

Top 10 php classic traps php serbia

Top 10 php classic traps php serbia

Top 10 php classic traps php serbia

Top 10 php classic traps

Top 10 php classic traps

Top 10 php classic traps

Top 10 chausse trappes

Top 10 chausse trappes

Top 10 chausse trappes

Code review workshop

Code review workshop

Code review workshop

Understanding static analysis php amsterdam 2018

Understanding static analysis php amsterdam 2018

Understanding static analysis php amsterdam 2018

Review unknown code with static analysis php ce 2018

Review unknown code with static analysis php ce 2018

Review unknown code with static analysis php ce 2018

Everything new with PHP 7.3

Everything new with PHP 7.3

Everything new with PHP 7.3

Php 7.3 et ses RFC (AFUP Toulouse)

Php 7.3 et ses RFC (AFUP Toulouse)

Php 7.3 et ses RFC (AFUP Toulouse)

Tout sur PHP 7.3 et ses RFC

Tout sur PHP 7.3 et ses RFC

Tout sur PHP 7.3 et ses RFC

Review unknown code with static analysis php ipc 2018

Review unknown code with static analysis php ipc 2018

Review unknown code with static analysis php ipc 2018

Code review for busy people

Code review for busy people

Code review for busy people

Recently uploaded

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Dubai, known for its towering skyscrapers, luxurious lifestyle, and relentless pursuit of innovation, often finds itself in the global spotlight. However, amidst the glitz and glamour, the emirate faces its own set of challenges, including the occasional threat of flooding. In recent years, Dubai has experienced sporadic but significant floods, disrupting normalcy and posing unique challenges to its infrastructure. Among the critical nodes in this bustling metropolis is the Dubai International Airport, a vital hub connecting the world. This article delves into the intersection of Dubai flood events and the resilience demonstrated by the Dubai International Airport in the face of such challenges.

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Juan lago vázquez

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

rafiqahmad00786416

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

AXA XL - Insurer Innovation Award Americas 2024

AXA XL - Insurer Innovation Award Americas 2024

AXA XL - Insurer Innovation Award Americas 2024

The Digital Insurer

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

Andrey Devyatkin

The Good, the Bad and the Governed - Why is governance a dirty word? David O'Neill, Chief Operating Officer - APIContext Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

Passkeys: Developing APIs to enable passwordless authentication Cody Salas, Sr Developer Advocate | Solutions Architect - Yubico Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

In the thrilling conclusion to 2023, ransomware groups had a banner year, really outdoing themselves in the "make everyone's life miserable" department. LockBit 3.0 took gold in the hacking olympics, followed by the plucky upstarts Clop and ALPHV/BlackCat. Apparently, 48% of organizations were feeling left out and decided to get in on the cyber attack action. Business services won the "most likely to get digitally mugged" award, with education and retail nipping at their heels. Hackers expanded their repertoire beyond boring old encryption to the much more exciting world of extortion. The US, UK and Canada took top honors in the "countries most likely to pay up" category. Bitcoins were the currency of choice for discerning hackers, because who doesn't love untraceable money?

Ransomware_Q4_2023. The report. [EN].pdf

Ransomware_Q4_2023. The report. [EN].pdf

Ransomware_Q4_2023. The report. [EN].pdf

Overkill Security

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

presentation ICT roal in 21st century education

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

ICT role in 21st century education and its challenges

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

AXA XL - Insurer Innovation Award Americas 2024

AXA XL - Insurer Innovation Award Americas 2024

AXA XL - Insurer Innovation Award Americas 2024

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

AWS Community Day CPH - Three problems of Terraform

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

[BuildWithAI] Introduction to Gemini.pdf

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Ransomware_Q4_2023. The report. [EN].pdf

Ransomware_Q4_2023. The report. [EN].pdf

Ransomware_Q4_2023. The report. [EN].pdf

PHP under control

1. PHP under control Keep an eye on your source code

2. Agenda The age of industrialisation for PHP How to keep this code under control Technics and tools Organizing teams for quality

3. Speaker Damien Seguy Nexen (.net), AlterWay Group Expert services on LAMP hosting Raise elePHPants Monthly PHP stats damien.seguy@nexen.net

4. Keep an eye on the code Security Performances Code quality But Maintenance Bigger teams Changing teams Long projects Lots of code

5. Set up a coding reference Set up the rules Share them Keep them simple No bug is not a rule Don't try to catch everything