Secure by Design – June 2017

This issue packs security related articles with a focus on designing security into your applications from the start. It occurs to me it’s a little ironic for PHP since the early days of the language were littered with insecure-by-design features. Who doesn’t remember register_globals, magic_quotes, and session IDs in the query string? There are still gotchas left to trip you up if you forget to use prepared statements with your database queries or allow URL includes without whitelisting them first. But we’ve come a long way and, as the PHP community has matured, we’ve learned the security pitfalls to avoid.

Sponsored By

Nuclear Powered Software Security

There is a tendency in software development to make lists. Lists of things which you should do and those which you should not. When it comes to security, the most famous of these lists is the OWASP top ten. But lists of things are finite—the number of security problems you could have is not. In this article, instead of presenting another list, we will look at something which most PHP developers will never have been exposed to: safety critical systems. We will see how these systems are engineered for safety and how we can apply the same general purpose techniques to software security moving beyond lists and towards nuclear powered software security. by Chris Riley

Cybersecurity State of the Union

Read this Article for FREE (pdf)

The cybersecurity landscape is continuously changing as new threats appear and attackers adapt. Data breaches, cyber attacks, identity theft, and scams show up regularly in the news and can have a significant negative impact to those affected by them. Keeping up with the latest cyber security trends, understanding the threats, and keeping applications secure takes an investment of time and effort. In this article, we will review the current state of cybersecurity. Notable attacks will be highlighted, trends in attacks will be analyzed, strategies to secure projects will be identified, and PHP security-related features that can help increase application security will be covered. by Mark Niebergall

The Digital Speakeasy: Secure and Anonymous Access to Your Website

Originally intended for secure communication between intelligence agents, Tor has become infamous for its role in the less savory parts of the internet. In a post-Arab Spring world, Tor has come full circle with big names like ProPublica and Facebook using the service to provide their users with secure side entrances to their websites. Inspired by their example, I’d like to show you how to provide Tor anonymity and privacy to your website users, without modifying a single bit on your production server! by Dustin Younse

Protocol Buffers for PHP

If you have spent any significant amount of time developing applications, you have had to either consume or deliver data across multiple systems. When designing systems that need to communicate with each other, there are many formats to choose from. Your first thought might be to use JSON or XML. But are they the best choice for long-term scalability and system performance? In this article, we’ll introduce protocol buffers, compare and contrast it against the industry leaders, as well as learn how to use it within a PHP application. by Christopher Mancini

Education Station: Creating Images on the Fly With Intervention Image

While we may frequently interact with data sources such as databases, caches, and graph databases in PHP, how often do we create and manipulate images? Perhaps that’s a strange question. Perhaps it’s not. I went looking around for image manipulation and creation packages available for PHP and came across Intervention Image. It took my interest because it’s the package which Glide (which I covered last year) is based on. However, unlike Glide which exposes its API over HTTP, Intervention Image is meant to be called by other PHP code. by Matthew Setter

Leveling Up: Procrastination and Burnout

This column marks the 30th I’ve written for Leveling Up, in a row, and the 31st overall article I’ve written for php[architect]. Each month, I’m supposed to send my completed article over to Oscar for editing. Usually, the due date is the 15th of the month which allows time for Oscar and team to edit all the articles, lay them out and generally publish. Many months I have been able to meet this date. Other months, like this one, have been more difficult. by David Stockton

Community Corner: Spurring Community with Adam Culp

Yep, once again, I’m slacking in my duties and delegating my responsibilities. Like Tom Sawyer with a fence to paint, I find it much easier to let my friends do the work while I claim the credit. This month I’ve conn… er, convinced my good friend Adam Culp to take over the duties and write about community. I’ll be over here relaxing in the shade with an RC Cola and a MoonPie. by Cal Evans

Artisanal: Basic Relationships

This month we’ll deep dive into using databases with Laravel. Specifically, we’ll be covering one-to-many and many-to-many model relationships and the migrations, seeding, and factories involved in demonstrating the practical use of the relationships in Eloquent. by Joe Ferguson

Planning for the Future

In general, we as a human race, are horrible at estimating time. As computer programmers, we are all too familiar with this concept. What feels like it should just take an hour, somehow takes a full day. What you think will take you a month to complete, is done in just a week. by Eli White