Schedule: Best Practices sessions

This class presents a comprehensive overview of security and has been designed to equip developers with the knowledge they need to build more secure web applications Read more.

Working with a team of developers can be either like herding cats or fine-tuning a well-oiled engine, and the distinction is often the result of whether or not you have established a set of standard practices for your team. During this tutorial session, we will cover a number of best practices you can institute in your organization or in your personal coding toolbox. Read more.

This workshop will introduce the attendees to writing unit tests for the backend and system tests for the frontend of a web application as well as managing the quality from development to deployment and maintainance using tools such as PHPUnit, Selenium RC, phpUnderControl, PHP_CodeSniffer, and PHP_Depend. Read more.

This class presents a comprehensive overview of security and has been designed to equip developers with the knowledge they need to build more secure web applications. Read more.

Once upon a time, a young application developer embarked on a journey to master the art of database application tuning. Her path led to studying at the feet of the Drunken Query Master. After years studying the arts of join-fu and table-kee-do, she returned to her home. Jay has catalogued the lessons she learned from the Drunken Query Master and shares her knowledge with tutorial goers... Read more.

Join-fu is the art of performance-tuning your application's SQL. Join Jay in a fun, irreverent look at the common ways application developers misuse and abuse their database. Read more.

Ning's "Your Own Social Network" application is 160,000 lines of PHP that powers hundreds of thousands of social networks, each different than the others. This talk discusses the static and dynamic analysis techniques that we use at Ning to understand and optimize our platform, including the PHP tokenizer, regular expressions, the vld and xdebug extensions, and the PHP DTrace provider. Read more.

With security (finally) taking it’s righteous place within the PHP development world a new phenomenon is occurring that negates all the hard work and energy devoted to making security a hot issue for the developers. Read more.

As all children of the 80's know, Knight Rider was a story about an otherwise 'normal' law enforcement officer who through the use of Technology (KITT) become an unstoppable machine. In this talk find out how programmers should be using technology/tools to make themselves better and more productive. Read more.

Testing is not something that traditional PHP developers are being familiar with. This session introduces the needs and means for testing, and the test-driven development model to create rock-solid PHP applications. Read more.

Rich Internet Applications that use Ajax are a must today; unfortunately, these kind of applications are very often vulnerable to attacks. This session features old attacks with new Ajax twists, and new and creative attacks that exploit certain behaviors of Ajax web sites. A must-see session if you want to keep your modern web site safe. Read more.

Murphy was right: things will go wrong in any given situation if you only give them a chance. Therefore this session will discuss ways of limiting the risk of things going wrong in your application. Read more.

Does your application merely run on PHP5? Do you write complicated code unaware that PHP5 has a built in solution that is twice as fast? PHP5 is an evolutionary step forward from PHP4 but everyone can find new weapons for their toolbelt and enhance their applications for speed and maintainability. Learn how to make your project "Written for PHP5" not “Runs on PHP5”. Read more.

Learn how to display "earned value" financial and schedule information for the Department of Defense and the Department of Energy contracts with the system that the government called a "best practice in the industry", making your government client sing your company's praises, your praises and the praises of PHP! Read more.

When the security of PHP applications is in focus usually standard XSS vulnerabilities, SQL Injections, Remote File Inclusions, Header Injections and CSRF are discussed. However there are a number of different vulnerability classes and non obvious exploitation paths that are as dangerous but lesser known. This talk will give an insight in such vulnerabilities and how to defend against them. Read more.

Anyone who has ever disabled a certain proprietary software firewall because of its constant, irritating demands for approval knows that secure development practices are useless if you don't design your product so that the security solutions are usable. In this talk, I demonstrate both usable and unusable security solutions and give you practical techniques for creating a secure user experience. Read more.

This session is about best practices and awareness to server specific programming and how to avoid it. How to write code that will run on any server with any configuration – things like file functions, directories, locale issues, EGPCS; Maybe even design patterns to help do that Read more.

With all the conversations around Web 2.0 it can be hard to figure out the real dos and do-nots of a RIA application. In this talk we'll talk about the direct experiences I've had in the creation of RIAs using PHP, ZF, and Adobe Flex/AIR. Read more.

This session will uncover some useful, but not so well known VIM features as well as go over a number of VIM plugins that are essential for programmers. Read more.

Continuous Integration is a software development practice where members of a team integrate their work frequently, usually each person integrates at least daily - leading to multiple integrations per day. Each integration is verified by an automated test to detect integration errors as quickly as possible. Read more.

This talk will discuss issues and solutions when attempting to scale PHP and MySQL to high volume websites (such as digg.com). It will discuss some of the problems at hand, and go into (at a high level) some of the solutions, such as using memcache, DB partitioning, etc. As well as how to handle these solutions within PHP. Read more.

PHP has come a long way. What started as a tool to help Rasmus track his online resume, is now used by millions of websites and applications worldwide. Many of these are becoming business critical. With the growth of PHP, there is also a demand for mature PHP development. In this talk, Ivo discusses ways to improve the development process in order to build more stable, more robust applications. Read more.

It has long been said that web sites and web applications are notoriusly hard to test. Not any more. This session will introduce you to the free testing tool Selenium. With Selenium, you can automate browser-based tests. In extensive live demonstrations, you will learn how to create tests for plain web pages and AJAX appplications with Selenium IDE. Read more.

How do you configure and tune your PHP applications to handle 20,000 or more concurrent connections to your database on your desktop? This technical session describes how to implement and tune PHP's OCI8 extension with Oracle's Database Resident Connection Pool (DRCP). Read more.

An exploration of the features of PHP used in the Ajax-driven user interface of IBM Rational Build Forge, with a focus on inheritance, interfaces, and Iterators. This talk will demonstrate how we built its user interface on a solid foundation of PHP. Read more.