PHP Tek 2026
19 - 21 May 2026 at Sheraton O'Hare Suites

Abstract: In a world where zero-day exploits and supply chain attacks dominate the headlines, the conversation about security has never been more urgent or more human. We engineer firewalls, intrusion detection systems, and end-to-end encryption, yet when it comes to trust within our teams and organizations, we often leave it unpatched. What if the same principles that secure our digital ecosystems could be applied to the way we lead, collaborate, and innovate? This session introduces The Trust Protocol, a framework rooted in cybersecurity?s bedrock concepts of authentication, encryption, and resilience that reimagines how leaders and developers can build trust that is as durable as the systems they code. Through real-world parallels between cyber defense and human dynamics, you will learn how to: Authenticate worth to strengthen identity and credibility in both code reviews and leadership. Encrypt purpose to safeguard clarity and focus in high-pressure projects. Engineer resilience to recover stronger from setbacks, outages, and even failed launches. By fusing technical rigor with human-centered strategies, this talk equips you to harden both your systems and your culture against today?s most insidious vulnerabilities, including burnout, misalignment, and distrust. Expect a fresh perspective that goes beyond DevSecOps, showing how the same logic that secures data can also secure the future of your team.

5

You've read the release notes. You've seen the blog posts. But how many of PHP's modern features have actually made it into your day-to-day code? Sure, you've heard about enums. You might've even dabbled with match expressions or readonly properties. But chances are, you're still writing modern PHP with a very 7.x mindset. This talk is your invitation to ditch the boilerplate and embrace the features modern PHP has given us. We'll walk through a set of underused gems - from union types and readonly classes, to cleaner control flow, and smarter typing. Expect before/after code, real-world scenarios, and the occasional 'wait, you can do that now?' moment. Whether you're modernising a legacy app or just looking to write less code that does more, this session will leave you with a better understanding of how these features combine to make your code safer, more expressive, and easier to maintain.

All programming languages have their foundations: the engine that interprets your code and makes everything run. In PHP, this is the Zend Engine, a critical piece of software that powers millions of applications worldwide. When everything works, you don?t even think about it. You deploy to production, and the engine does its magic behind the scenes. But what happens when something goes wrong in that core? What if a subtle bug opens the door to a full security breach? Suddenly, the invisible foundation becomes the most important part of the story. Let?s shine a light on two such cases: a recent, real vulnerability in the PHP engine (which has since been patched), and a backdoor that, just a few years ago, actually made it into the release candidate and allowed remote code execution. We?ll walk through how each issue could be exploited and, most importantly, what lessons developers can draw from them. And yes, there will be live, local, sandboxed demos of both exploits in action. Ready to dive in?

7

It's easy to tell when peer code review fails: a minor one line change is blocked with a dozen comments; a massive pull request with hundreds of files is approved with just "LGTM"; a critical requirement is missed; a production-breaking bug slips through; your reviewer is being a pedantic jerk; the reviewee thinks *you* are a pedantic jerk. Giving good code reviews is a skill just as creating good code and writing good tests: it takes practice. This talk will mostly skip over the theory and various reasons why you should be doing peer code reviews. Many companies don't have a choice: code review is required explicitly or implicitly (as a standard secure coding practice) by many compliance frameworks, like SOC 2, HIPAA, PCI-DSS and GDPR. What we will cover are practical, real-world strategies for successfully reviewing code, including: - How to think through the code while reviewing it and finding issues - When to approve versus when to block a pull request - Writing review comments without being a jerk - Pair peer code reviews versus traditional peer code reviews - How to make the review process beneficial to both the reviewer and reviewee - What parts of code review can be outsourced to code quality and AI review tooling - How to review code in an unfamiliar language (e.g. Python, Rust, or Go)

Learn how to architect your component based application using comprehensive patterns. If you use Vue, React or any other component-driven framework, jump in and learn the patterns that make your client application scale. From simple atomic structure to APIs and wrapping components, you'll learn the ideas behind good reusable component architecture.

6

PHPStan is best known for its ability to catch bugs, but did you know it can do so much more? By creating custom PHPStan rules you can enforce your project-specific coding standards, automate tedious review tasks, and ensure a consistent codebase - all without manual intervention. This talk will guide you through step by step the process of creating a custom PHPStan rule. By the end of the talk, you'll have the knowledge and confidence to craft your own PHPStan rules, helping your team reduce bugs, save time, and focus on what matters most: writing great code.

1

For many developers, the terminal remains an intimidating black box -- powerful, but mysterious. This talk is a gentle introduction to the command-line interface, tailored for those who prefer quiet mastery over noisy GUIs. We'll explore how the shell can become your most trusted companion in development, unlocking speed, precision, and automation across Linux, MacOS, and even Windows. Whether you're deploying code, managing servers, or just trying to simplify your workflow, you'll leave with practical tools and a newfound confidence to crawl into your shell... and thrive there.

4

Model Context Protocol (MCP) is an open standard that enables AI applications like Claude to securely connect to your data sources and tools. Instead of copying content into chat windows or building custom integrations for every AI tool, MCP servers act as bridges that can expose your databases, APIs, and business logic through a standardized interface that any MCP-compatible client can use. In this talk, you'll learn how to build MCP servers in PHP to connect AI assistants to your existing applications. We'll cover the MCP specification, explore real-world use cases like connecting to MySQL databases or Laravel applications, and walk through building a working server that exposes your tools and data sources. You'll leave with practical knowledge to integrate AI capabilities into your PHP stack while maintaining control over your data and business logic.

Explore the power of data visualization and learn how to create interactive graphs, charts, and visualizations that bring mathematical concepts to life using core web technologies. Whether you're plotting complex equations, visualizing statistical data, or exploring mathematical patterns, this session will teach you how to build dynamic visual tools with HTML, CSS, and JavaScript. You'll use popular libraries like Chart.js to craft custom visualizations that not only convey information but also engage and educate users. Perfect for data analysts and developers, this talk provides practical techniques to make math accessible and exciting through visual representation.

Security doesn't have to be a full-time job. This talk breaks down each OWASP vulnerability with the minimum effort required to not get hacked. No academic theory ? just "do this, don't do that" with practical PHP examples. I'll show you security quick wins, how to leverage your framework's built-in protections, and the security checks you can automate so you don't have to think about them again.

2

PHP 8.5 brought us the pipe operator. PHP 8.6 will bring us the next big piece of the picture: Partial function application. Together, these seemingly minor features revolutionize how we can write and structure code. So what does that look like? What do these new language features do, and how can they help us write better, more compact, more understandable, more testable code? Is the era of functional programming in PHP finally here? In this session we'll review these and related functionality that are quietly ushering in revolution in how PHP can be written, and why the future looks so bright.

4

Event Sourcing is a powerful architectural pattern that captures application state changes as a sequence of immutable events, enabling robust, auditable, and scalable systems. In this beginner-friendly talk, we'll demystify event sourcing and show how PHP developers can implement it effectively to solve real-world problems. We'll explore the core philosophy of event sourcing - storing "what happened" instead of "what is" - and its benefits, including complete audit trails, simplified debugging, and flexibility for future features. Using practical PHP examples, we'll walk through a simple event-sourced system with a relational database (e.g., MySQL) in a Laravel example. Attendees will learn key concepts like event stores, aggregates, and how that causes optimized performance. This talk is perfect for developers new to event sourcing or those curious about its practical applications in PHP. By the end, you'll have a clear understanding of how to start incorporating event sourcing into your projects, whether for e-commerce, financial systems, or complex workflows. Join us to discover how event sourcing can make your PHP applications more resilient and adaptable!

3

As the pendulum of web development swings back towards the server, streaming has become increasingly popular. Specifically, a new concept called out-of-order streaming. Let's build our very own simplified version to explore how it works, what problems we are trying to solve, and what this future of web development looks like.

Are you ready for the 4th Annual BattleSnake Tournament this year? If not, this is the tutorial slot for you. If you've never battle snaked in the past, we'll kick things off with: a quick explanation and quick start links for those who like to dig right in, an overview of the BattleSnake docs for those who prefer detailed requirements, and a 'snake dissection' of existing code for those who learn best by seeing examples in action. After the intro, jump into coding whenever you?re ready, or if you've already thrown your exceptional snake into the fray, no worries, you can go heads down right away and tune out the introduction completely. I'll be around for the entire session to troubleshoot and guide as you build, enhance, and strategize. This is the perfect opportunity to engage in practice rounds, refine your strategies, and see how your snake performs in real-time scenarios before the main competition. One step closer to taking home the vaunted trophy snake!

3

Transform your PHP testing strategy with Codeception and Behavior-Driven Development?the powerful combination that turns testing from a developer bottleneck into a collaborative advantage. Join Alena Holligan for a hands-on exploration of how BDD bridges technical and business teams, creating executable specifications that everyone understands. What You'll Master * BDD Fundamentals That Work: Move beyond traditional testing silos by implementing Behavior-Driven Development principles that connect user stories directly to automated tests through readable Gherkin syntax. * Codeception in Action: Get practical experience setting up PHP's most versatile testing framework, from initial configuration to writing robust acceptance tests that mirror real user journeys. * Multi-Level Testing Strategy: Leverage Codeception's modular architecture to create comprehensive test suites spanning acceptance, functional, unit, and API testing?all from a unified platform. * Cross-Team Collaboration: Enable product managers, QA professionals, and stakeholders to actively participate in test creation and validation, ensuring requirements are captured accurately from day one. Live Workshop Elements * Transform abstract user requirements into concrete, executable test scenarios * Build reusable test components that scale across projects * Implement validation patterns for complex business workflows * Create living documentation that stays synchronized with your application Perfect For Developers ready to elevate their testing practices, QA professionals seeking better collaboration tools, and team leads looking to align technical delivery with business expectations. No prior BDD experience required?just bring your curiosity and prepare to revolutionize how your team approaches quality assurance. Leave with your first working BDD test suite and the confidence to implement Codeception across your entire development lifecycle.

0

Your serverless functions are running, and are memory efficient, now you want to some state. But serverless generally doesn't have state. You know what to do, but how ? Where does JavaScript make it difficult to manage state and how to solve them? This talk goes over all the questions above along with complex state management for serverless functions written in JavaScript. It starts with what are the use cases that actually needs state, how to deal with it, the commons patterns of state management you use in JavaScript and why they fail in serverless. But state management isn?t just about storage; it?s about consistency, reliability, and scalability all of these will be touched upon how they can be measured, and how to advance such strategies. Some of the problems and solutions I will be tackling: - What are the different ways to achieve state - Performing distributed transactions and compensating state actions - How to externalize state in serverless environments without sacrificing performance. - Implementation of asynchronous operations on your state - The JavaScript way of maintaining cache for state management - Case studies and real-world examples of complex state management scenarios - A roadmap for designing scalable, resilient stateful applications in the serverless era. All of these will be explained with examples, keeping in mind the quirks of JavaScript and how they play well with these cloud based solutions. As the talk closes you will be leaving with advanced knowledge and application strategies for your applications as stateful applications become the future of serverless architectures.

3

Most PHP developers learn server administration the hard way: SSHing into a box, editing config files by hand, and hoping the next deploy doesn't break what the last one fixed. This workshop introduces Ansible as the way out ? not as a checklist of commands to copy, but as a set of concepts (declarative state, idempotency, inventory, roles) that lets attendees author their own infrastructure code. Starting from zero Ansible experience, we build up the mental model: control nodes and managed nodes, modules and tasks, then roles and playbooks. From there we work through a realistic example ? provisioning a server for a PHP application, deploying the app, and performing a zero-downtime update using release directories and a `current` symlink. Attendees follow along on their own machines and leave with the concepts and working examples needed to write playbooks for their own stacks. Bring a laptop, basic Linux familiarity, and a willingness to break a few servers along the way.

Learn how to make confident changes to your web application with Playwright. In this session, we?ll explore how end-to-end testing can give developers the safety net they need to refactor, redesign, or update features without fear of breaking things. You?ll see practical examples of how to write stable, maintainable Playwright tests, integrate them into your CI pipeline, and use visual and accessibility checks to catch regressions early. We'll talk about how to think about your tests, what to test, and how to integrate tests into an existing project. Whether you?re new to Playwright or looking to strengthen your testing strategy, you?ll leave with the tools and mindset to move fast without breaking your app.

Every developer has been there: staring at impossible deadlines, drowning in technical debt, watching AI reshape everything we thought we knew about coding. When uncertainty hits, we tend to slow down, get scattered, and lose momentum. But what if the secret to thriving in this rapidly changing tech landscape isn't about learning the latest framework?it's about becoming activated? In this high-energy keynote, you'll discover how to transform from a stuck developer into an Activated Developer??one who is clear, focused, and takes decisive action even when the path forward seems uncertain. Drawing from real-world experience leading teams at global tech giants like Google and Microsoft, this isn't just motivation?it's a practical methodology you can apply immediately.

NativePHP is growing and changing every day. I have no idea where exactly we will be and what new goodies we will have in June '26, but I would love a platform to announce new features and what we're working on at the time.

Many organizations have mission-critical PHP systems that are decades old and built on monolithic architecture. In this talk we?ll explore pragmatic ways to refactor the core stored-procedures, message queues (SQS), backlog handling and data flows without doing a full rewrite. We?ll walk through actual patterns for queue purging, backlog mitigation, redesign of key logic (e.g., an flowOfData stored proc), and strategies for deploying changes with minimal downtime. Attendees will leave with an actionable roadmap to modernize legacy systems while keeping them live.

0

Your PHP application runs reliably?but on infrastructure from another era. Whether it's bare metal in a data center, VMs on a cloud provider stuck in 2015, or poorly architected AWS infrastructure deployed before your team knew better, you know it's time to modernize. But where do you start? This talk guides you through the strategic and tactical decisions involved in modernizing legacy PHP infrastructure, regardless of where it currently lives. We'll explore three critical migration paths: escaping aging data centers for modern cloud platforms, moving from stagnant cloud providers that haven't evolved (OpenStack, CloudStack, outdated hosting platforms), and re-architecting existing cloud infrastructure using modern, well-architected patterns within the same provider. You'll learn how to assess your current infrastructure's technical debt, build a migration roadmap that minimizes risk and downtime, and leverage modern tools like Docker, Kubernetes, GitHub Actions, and infrastructure-as-code to create resilient, scalable systems?all while keeping your PHP application running for your users.

0

With the active TC39 proposal in play, I think it?s about time we talk about Signals. Over the years, the concept has had many different names. From ?observables? in KnockoutJS, to ?refs? in VueJS, before Solid made ?signals? popular. We?ve seen the carcinization of frontend frameworks in the pursuit of more seamless and fine-grained reactivity in our applications. But what actually are Signals? Why do we keep coming back to them? And why is their potential adoption as a language standard such a big deal?

0

Time is one of the hardest problems in software, even if you're not working across time zones, formats, and legacy systems. In this talk, you?ll learn how to manage time effectively in PHP web applications, including how to handle daylight saving transitions, properly use `DateTimeImmutable`, and avoid pitfalls in date math. Whether you're maintaining a legacy system or building greenfield, this session will equip you with the tools and patterns to avoid time-related bugs and improve code reliability.

4

You've mastered Docker Compose for local development, but production is a different beast. Kubernetes promises scalability, self-healing, and zero-downtime deployments?but the learning curve feels vertical. This talk bridges that gap, translating Docker Compose concepts into Kubernetes patterns specifically for PHP developers. Attendees will understand the practical path from Docker Compose to Kubernetes for PHP applications, have realistic expectations about complexity and cost, and know enough to make informed decisions about whether Kubernetes is right for their projects.

3

Most PHP apps run behind nginx, but many developers only touch a small part of what it can do. In this session, we?ll walk through useful nginx features that anyone can start using, even if you?re not a DevOps specialist. We?ll cover how nginx interfaces with PHP, how to structure clean and maintainable config, and simple optimizations that can noticeably improve performance. We?ll also look at helpful features like caching, rate limiting, redirects, and ways to avoid common configuration mistakes. If nginx has ever felt like a mysterious black box, this session will help you understand it clearly and confidently, with examples you can take home and apply right away.

Abstract With JavaScript powering everything from critical APIs to mobile apps, security remains a pressing challenge. Supply chain vulnerabilities, XSS, CSRF, and dependency risks continue to dominate the landscape. In this session, I'll present a framework for securing JavaScript applications end-to-end?covering package hygiene, runtime protections, and front-end defense patterns. Using real-world incidents as case studies, we?ll explore how teams applied automated dependency scanning, Content Security Policies (CSP), and sandboxed workers to minimize risk. Attendees will walk away with practical security playbooks tailored for modern JavaScript stacks. What's your talk about? How to integrate security best practices directly into the JavaScript development lifecycle-shifting from reactive patching to proactive resilience. What audience will get: * Proven strategies for preventing supply chain and runtime attacks * Practical steps to enforce front-end and API security * Framework for embedding security checks in CI/CD pipelines Target audience: JavaScript developers, security engineers, DevSecOps practitioners, and engineering leaders.

2

Explore how AI contexts and agents can transform PHP software development. This talk demonstrates how to setup the context for AI prompts, integrate AI tooling, and automate tasks such as code generation, testing, and architectural decisions to enhance developer efficiency and code quality.

Type hints and type declarations in PHP add clarity, reduce bugs, and enable safe refactoring - cornerstones of maintainable and reliable code. While PHP?s type system improves with every release, it still has limitations. In this talk, we?ll explore how far PHP?s type system can go and uncover strategies for leveraging its full potential. Next, we?ll dive into the world of static analysis, discovering how tools like PHPStan or Psalm can bridge the gaps in PHP?s type system, providing insights and safeguards that native types can?t. By the end of this session, you?ll have the tools and knowledge to make your PHP code more robust, reliable, and future-proof. Whether you?re maintaining legacy code or building a new application, this talk will help you harness the power of types to elevate your development practices.

4

Level up your code with the power of Iterators and Generators. Iterators were added in the SPL (Standard PHP Library) for many years but is still one of the less understood parts of the language. We will cover how to easily loop over your objects via the power of Iterators, and then move into another way of doing this with Generators. Generators allow you to make almost anything able to be looped over, without the need to use the full Iterator interface. Come join us as we traverse these paths of code that will leave you looping with ease!

Have you ever thought about the parallels between online dating platforms and fundamental algorithm principles? (I?m sure that would make a great date opener.) In this session, we will cover various algorithms, highlighting their functions in online dating as well as broader applications. We?ll learn about the history of online dating, understand how different platforms predict compatibility, and what this teaches us about machine learning, pattern recognition, and data sorting. The session will include practical JavaScript code that shows how these algorithms are implemented. Whether you are intrigued by date horror stories or are simply interested in learning about algorithms, swipe right on this talk!

4

Join PHP core developer and veteran release manager Daniel Scherzer for a deep dive into the new features, syntax updates, deprecations, and surprises coming in PHP 8.6. While PHP 8.6 is still in active development, and the first alpha candidate won't be tagged until July, it is never too early to start preparing.

I will be discussing how zero-trust model is essential for modern PHP backends handling sensitive data and APIs. This talk demonstrates how to design and implement a zero-trust architecture in PHP environments, using principles like least privilege, continuous validation, secure identity, and encrypted communication. Through live examples, attendees will learn how to implement secure tokens, enforce API-level access control, and isolate trust zones within PHP applications. Key Takeaways Learn how to apply zero-trust principles to PHP microservices and APIs. Understand secure token handling, role-based access, and continuous authentication patterns. Gain practical insights into hardening PHP applications deployed in cloud or containerized environments.

Frameworks like Laravel and Symfony gives us a huge amount of flexibility through their service container and drivers system. Sometimes, PHP itself becomes the bottleneck. In this talk, we?ll go one layer deeper: writing a custom PHP extension with FrankenPHP and Go, without any C code, before plugging it directly into Laravel as if it were a native feature. Let's see how we can implement an in-memory LRU cache as a PHP extension, then expose it to Laravel and Symfony through a custom cache driver. Step by step, we'll explore how to extend the caching system with our high-performance extension. Expect to see real code and real internals! Even if you never wrote a PHP extension yourself, you?ll walk away with a deeper understanding of both Laravel?s and Symfony's flexibility, as well as PHP?s core runtime, without prior knowledge in C. It opens endless possibilities to blow-up your apps performances!

0

JavaScript now powers an enormous portion of the serverless world, but writing efficient functions requires more than just knowing the language. This session explores the JavaScript-specific nuances that determine performance, scalability, and cost across serverless platforms. Rather than focusing on providers, we?ll examine how different serverless execution models (isolates, containers, micro-VMs, and edge runtimes) influence JavaScript behavior. Examples include: - Isolate-based runtimes (Cloudflare Workers, Deno Deploy) and how they favor smaller bundles and near-instant startup - Micro-VM or container-based runtimes (AWS Lambda, Azure Functions, GCP Cloud Functions) where dependency size, I/O strategy, and initialization code matter much more - Edge vs. centralized execution, and how JavaScript?s non-blocking model fits into ultra-low-latency workloads This session includes some code snippet walkthroughs and horror stories of serverless failures. I have seen in my career and some of the gotchas that everyone misses in these hostile environments. Attendees will leave with a deep understanding of how to write JavaScript that thrives in serverless environments, how runtime architecture changes, what ?efficient? means, and how to choose the right serverless model (edge, container, isolate) for the job based on JavaScript?s strengths and constraints.

5

Regular Expressions ("RegEx") are a powerful tool in any developer's toolbox, but wrapping your mind around its cryptic syntax can be difficult. Anchors, quantifiers, and capture groups? What does it all mean?! This talk introduces the basic concepts and syntax of RegEx, focusing on the types of patterns developers may see every day. We'll discuss when and where RegEx is a great choice and ??perhaps more importantly ??where RegEx can cause a world of pain. Attendees will walk away with a greater understanding of how Regular Expressions work and can benefit their projects, regardless of language.

6

Hopefully by now, you know that testing is important, and you've integrated PHPUnit into your workflow. (If not, go watch one of those talks.) So now what? In this "testing 202" course, we'll explore some features of PHPUnit you may not be using (but should), some techniques you may not have thought of, and how to extend PHPUnit yourself for your own nefarious testing purposes. And we'll answer the question, "so what are traits actually good for?"

0

Real-time data communication is pivotal in delivering dynamic user experiences in the ever-evolving web technology landscape. In "WebSockets Made Easy with OpenSwoole" I will demystify the complexities of real-time, bidirectional communication between web clients and servers using PHP. In this presentation, we delve into the powerful capabilities of OpenSwoole, a high-performance network framework for PHP. We'll explore how OpenSwoole simplifies the implementation of WebSocket servers, enabling seamless data exchanges in real-time applications like chat systems, live updates, and interactive services. Attendees will gain a clear understanding of WebSocket concepts, the advantages of using OpenSwoole, and practical insights into setting up and scaling WebSocket servers. We'll also walk through engaging examples and best practices, demonstrating how to integrate OpenSwoole into your PHP projects to elevate them efficiently with real-time features. We will also look at integrating it with the popular framework Laravel. (due to time constraints for technical issues, we didn't cover the laravel integration, but it is done by using this package: https://github.com/kanata-php/conveyor-laravel-broadcaster) Beginners can get a very good understanding of this, but intermediaries might be the ones getting the most out of it. I'll delve into the basic PHP concepts, so it is required to know PHP programming. It is recommended that you understand the difference between PHP-CLI and PHP-FPM, and for the last part of the talk, it is recommended that you know the basics of Laravel.

Redux taught us the value of predictable state management, but what if we could keep its principles while solving modern challenges? Inspired by Entity Component System patterns from game development, I'll show how entity-based state management with event queues can dramatically simplify complex UIs?cascading dashboards, dynamic widgets, real-time collaboration?while staying 100% compatible with Redux DevTools and react-redux. We'll explore why letting reducers dispatch events isn't as crazy as it sounds, and how borrowing ideas from game engines can give us Redux's predictability with half the boilerplate. Whether you're wrestling with thunks, managing widget lifecycles, or just tired of Redux ceremony, you'll walk away with fresh perspectives on state management.

2

When users click "Submit" twice, what happens next could make or break your application. Idempotency ensures repeated API calls produce consistent results, saving systems from duplicate charges, mismanaged resources, and confused customers. This talk explains idempotency's role in building reliable APIs, with practical examples to show you how to implement it effectively in your application. We'll share real-world stories of what happens when idempotency goes wrong (or doesn't exist), and go through how some of the largest companies in the world choose to implement this technique. Whether you're a seasoned API developer or new to the concept, you'll leave with actionable insights and techniques to make your APIs smarter and more user-friendly.

2

Async PHP has come a long way from being an experimental concept to powering real, production-grade systems. But anyone who?s actually deployed async PHP in production knows ? it?s not all sunshine and benchmarks. There are sharp edges, unexpected tradeoffs, and a learning curve that goes beyond ?just install Swoole or ReactPHP.? In this advanced session, we?ll take a hard look at what running async PHP in production really means. We?ll walk through live demos comparing synchronous vs. asynchronous execution models under real-world workloads ? from database I/O and API calls to parallel job handling. You?ll see real performance benchmarks, resource usage metrics, and what happens when async code meets legacy frameworks or blocking libraries. We?ll cover: 1. When async PHP makes sense ? and when it doesn?t 2. Performance tuning with Swoole, ReactPHP, and Fibers 3. Debugging concurrency issues, race conditions, and memory leaks 4. Integrating async patterns into existing monoliths safely 5. Lessons learned from production ? what went right, what went wrong, and what we?d never do again Expect raw numbers, war stories, and code you can take home. If you?re ready to push PHP to its performance limits and understand the real-world tradeoffs of asynchronous execution, this session will give you the data, the insights, and the confidence to do it right.

2

No matter how big or small your API, no matter the audience, internal or external, you need to provide clear and precise documentation for your API. Since its inception as Swagger, OpenAPI has seen wide adoption as the de facto specification for describing APIs. Whether your API is yet to be built or has been around for a decade, you can use OpenAPI to document all the parts of your APIs. In this talk, I?ll introduce you to the basic concepts of OpenAPI, we?ll use it to create documentation for a simple API, and I?ll leave you with a few tips, tricks, and gotchas I?ve learned along the way. You should be able to take what you?ve learned and immediately begin describing your APIs with OpenAPI.

Unlock the power of gamification in your React applications to create compelling, interactive user experiences. Explore React's versatile architecture and component-based approach, perfect for integrating game mechanics like scoring, achievements, and adaptive challenges. Drawing on principles from educational settings, discover the psychology behind gamification to enhance user engagement and retention. Along the way, see how tools like the React Compiler can simplify building performant gamified features by optimizing components automatically. Join me to learn practical techniques and build a gamified app that keeps users coming back for more.

1

Maximize developer productivity with AI-driven coding assistants. Discover how AI can speed up development by generating code, suggesting improvements, and helping with debugging. This session will equip you with strategies to effectively integrate AI into your workflow, enhancing efficiency and innovation.

A hidden layer, sealed off from the world. It?s not a secret society or a Cold War bunker, it?s the Shadow DOM. Tucked quietly behind your browser?s renderer, it protects the structure within, keeping your styles and scripts from spilling out into the chaos of the global page. The Shadow DOM isn?t about hiding, it?s about harmony. We?ll explore how this quiet guardian helps us build cleaner, safer, more robust components. Shadows aren?t something to fear; they?re where the web truly comes together.

3

PHP is more than just a programming language -- it's a conversation that has shaped the web for nearly three decades. Since PHP 5.3, every major feature and deprecation has passed through the Request for Comments (RFC) process, where ideas are proposed, debated, and voted on in public. These discussions capture not only what's changing in PHP, but _why_ the language evolves the way it does. In this talk, we'll explore how reading RFCs can reveal both the future of PHP and the lessons of its past. We'll trace the language's journey from its early experimental days through the modern renaissance, and look ahead to what's coming in PHP Next and beyond. Attendees will learn how to interpret RFCs, anticipate upcoming changes, and use this knowledge to write cleaner, more intentional, and future-ready PHP.

1

In the world of web development, creating an API that users will love involves more than just providing access to data. It requires thoughtful design, efficient performance, and a clear understanding of user needs. In this talk, we'll dive into the principles of designing and building APIs that prioritize user experience. From choosing the right PHP tools to implementing RESTful practices and documentation, we'll explore the key components of a developer-friendly API. Whether you're building an API for internal use or external consumption, this session will provide you with the insights and strategies to create an API that delights your users. Or at least make them more likely to pay for your product.

Think functional programming is just for Haskell nerds? Think again. I'll show you how to use functional techniques to write PHP code that's easier to test and harder to break. We'll explore when immutable data structures make sense, how to use map/filter/reduce without looking pretentious, and why pure functions might just save your sanity. No math degree required.

6

Redis is best known as a high performance, in-memory, key-value database used for distributed caching. However, data structure databases like Redis, Valkey, and Key DB can do so much more than just operate on string values! With over a dozen different data types like hashes, lists, sets, sorted sets, bloom filters, and streams, these databases provide a number of tools that can help solve common problems. We?ll explore these basic data structures in Redis and Valkey, with real world examples of using them to solve problems like rate limiting, distributed resource locking, and efficiently checking membership in *massive* sets of data. We'll also discuss some of the newer functionality designed for AI and LLM applications, like vector similarity searches and vector sets.

0

You've probably used OAuth without realizing it. Maybe you've signed in to an app using Google, authorized an app to post to your X/Twitter account, or granted access to your GitHub repositories. What's really going on under the hood? How does this handshake of trust actually work, and why do developers love (and sometimes loathe) implementing it? In this session, we'll peel back the layers of OAuth 2.0 and OpenID Connect to understand their roles in modern authentication and authorization. We'll demystify access tokens, refresh tokens, scopes, and the dance between resource servers and clients. You'll see how OpenID Connect extends OAuth to handle identity and login flows securely. And most importantly, we'll look at practical, real-world examples to make these concepts click. If you've ever felt overwhelmed by the acronyms or confused by the specs, this talk is for you. You'll leave with a solid mental model of how OAuth and OpenID Connect work together to make the web a safer, more connected place.

For many organizations, the biggest challenges aren?t new technologies?it?s the 15?20-year-old systems still running mission-critical operations. In my role modernizing large-scale manufacturing and ERP applications, I worked directly with Classic ASP pages, VBScript business rules, UniData/ODBC lookups, and printer/label subsystems that had zero documentation. Rewriting them required more than code?it demanded AI-assisted archaeology. In this session, I will walk through how I broke down a monolithic legacy application and rebuilt it as a scalable JavaScript microservices ecosystem. Using real examples?such as migrating a VBScript-driven data collection flow into a Node.js service, converting ODBC-based ERP queries into Python micro-APIs, and using LLMs to untangle hidden business rules?I?ll show how AI speeds up the entire modernization process. You?ll learn practical patterns, migration sequences, Strangler-Fig architecture, and how AI helps validate logic while keeping production stable. If you?ve ever been afraid to touch legacy code, this talk gives you the exact playbook I used to safely refactor a 20-year-old system into an AI-native JS platform.

An orchestra succeeds when musicians listen, adapt, and communicate. A development team is no different. As a professional violinist turned software developer, I have spent years working in two high-stakes, deeply collaborative environments. In fact, for a full year, I held two full-time jobs: one as a section violinist in the Kansas City Symphony, the other as a software developer building applications for a Top3 Consulting Firm. Now, as a full-time developer at Georgetown University, I still find time to play as a substitute with the Baltimore Symphony Orchestra. While they might sound like wildly different careers (and in some ways, they are!), the skills from one world to the other are transferable. In both the music and tech worlds, success isn?t just about individual skill, it?s about how people work together. Whether playing in an orchestra or working on a new feature development with a development team, I have learned that great teams share these common traits: trust, communication, adaptability, and a shared vision. In this talk, we?ll explore: Listening as Leadership: How the best musicians and developers actively listen and respond, whether in a live performance or a sprint planning meeting. High-Trust Teams: Why an orchestra can perform concerts without a single word and what tech teams can learn from that level of trust. Rehearsal vs. Iteration: The role of preparation, structured feedback, and the importance of stepping away when stuck. Adapting Under Pressure: How performing in a live concert teaches the same resilience needed when shipping high-stakes software. The beauty of interpretation: Just as no two performances of the same piece are identical, no two developers solve a problem in the exact same way. Whether you're an engineer, designer, or team lead, you?ll walk away with a fresh perspective on teamwork, leadership, and collaboration from the lessons I have learned from the concert hall that are deeply relevant to software development.

7

Traditional keyword-based search is dying. Users expect Google-quality search that understands intent, handles typos gracefully, and finds semantically similar content even when exact keywords don't match. Thanks to embeddings and vector databases, you can now build this level of search sophistication in your PHP applications?and it's easier than you think. This talk demystifies semantic search by showing you how to transform your existing PHP search implementation into an intelligent, meaning-aware system. You'll learn how embeddings work (without needing a PhD in machine learning), how to integrate vector databases into your PHP stack, and practical strategies for implementing hybrid search that combines the best of keyword and semantic approaches. This talk includes live demonstrations of semantic search finding relevant results where traditional search fails, showing side-by-side comparisons and actual code examples. You'll see how to retrofit semantic search into existing applications without a complete rewrite, making this immediately actionable for PHP developers

3

PHPStan is a great tool that scans your entire codebase to find bugs (without writing tests!). While not a replacement for tests, it's a great addition to have in your skillset to ensure that tricky bugs don't make it into production. Come hear about it from someone who used to be a skeptic and since has made the case to implement it at 3 companies since, with an emphasis on how it can help you refactor and clean up old codebases

0

AI, React, Vue - what do all of these things have in common? They are tools meant to enhance the development experience - we must remember that. Join me in going over best practices on using AI to LEARN and not to do your job for you. I'll take you through the steps of how I used AI as a React developer to learn Vue - did I actually learn? Join this talk to find out!

PHP Installer for Extensions (PIE) is an innovative tool I am writing for the PHP Foundation to modernise how PHP extensions are installed and managed. For decades, PECL has been the go-to mechanism, but it's time for a change. In this talk, we?ll explore why PIE is poised to replace PECL, its goals, and what makes it a game-changer for PHP developers. We'll dive into PIE's features, demo its usage, and provide a glimpse of its roadmap, including exciting enhancements already in the works. Whether you're a seasoned developer or new to PHP extensions, discover how PIE is shaping the future of PHP extension installation.

1

For decades, PHP?s execution model has been simple ? one request, one thread, one response. Clean, predictable? and painfully limited when you start dealing with real-time APIs, streaming, or parallel data processing. But with Fibers, Swoole, and async I/O, PHP is finally waking up ? and it?s learning how to think concurrently. In this advanced session, we?ll go deep into how modern PHP handles concurrency. Through live demos and benchmarks, we?ll explore how Fibers let you write non-blocking code that looks synchronous but performs like a high-speed async engine. We?ll walk through parallel API calls, streaming data pipelines, and background job orchestration ? all running natively in PHP. You?ll learn: * How Fibers and event loops revolutionize PHP?s traditional blocking model * The differences between concurrency, parallelism, and async in PHP * Using Swoole, ReactPHP, and Amphp to manage high-throughput, concurrent workloads * Avoiding race conditions, deadlocks, and unpredictable state in concurrent code * Real-world performance numbers comparing sync vs async implementations This session is fast-paced, practical, and full of live code and load tests. If you?ve ever wished PHP could multitask like Go or Node.js, this talk will show you ? with proof ? that the future of PHP is not sleeping anymore. It?s thinking concurrently.

2

Every *minor* release of PHP comes with a limited number of changes that are technically considered breaking changes or backwards incompatible. These include new classes or functions, changing the behavior of existing functions in edge cases, and the addition of new errors. New minor releases of PHP libraries also frequently contain breaking changes, though unintentionally; adding a new class to a library might conflict with an existing class in user code. In this talk, Daniel will explore how to identify potentially breaking changes, review the unwieldy ways to reduce breakage, and end with a presentation of a semver-adjacent versioning policy that reflects semver practices while accounting for the realities of PHP as a language and its ecosystem. You'll leave with a clearer understanding of compatibility pitfalls in PHP, how PHP redefines breaking changes, and how to version your own packages more responsibly.

In this session, we?ll explore how to decouple a traditional content management system (CMS) using Next.js to build a modern, lightning-fast front-end application. We will dive into the technical implementations of: - fetching data via GraphQL and REST APIs - Authentication with the CMS to gate or edit content - look at the "when and how" to Prebuild (SSG/ISR) for SEO and speed, and when to Actively Fetch (SSR/CSR) for dynamic or personalized data.. While we be focusing on a single CMS, this can be applied to multiple CMSes like WordPress, Drupal, Sanity, Contentful, and more.

4

Automated testing is crucial for long-term maintainability, but not all tests are made equal: a brittle test?tightly coupled to its implementation?can be worse than having no test at all! If your test suite is more of a hindrance than a helper, you may be suffering from "Leadership said we have to write tests"-itis, a common ailment across the engineering community. Fortunately, this can be treated by taking the test suite you (might) already have and making it work *for* you instead of holding you back! In this session, we'll analyze the characteristics of "good" and "bad" unit tests and how we can massage the latter into the former. Topics of discussion will include test organization, strict types, fixtures, test doubles, and the true value of code coverage as a metric. Examples use PHPUnit as the test runner, but the lessons are broadly applicable across test runners and languages. Some testing experience is encouraged, but not required.

Modern web applications remain one of the most targeted attack surfaces, and PHP applications are frequently exploited due to insecure coding practices, outdated dependencies, weak authentication mechanisms, and misconfigured servers. When a compromise occurs, organizations often struggle to identify the attack vector, contain the breach, preserve forensic evidence, and restore services without repeating the same mistakes. This session provides a practical, real-world approach to responding to security incidents affecting PHP-based web applications. The presentation will walk through the full incident response lifecycle, including detection, triage, containment, eradication, recovery, and post-incident analysis. Using realistic attack scenarios and lessons learned from real-world incidents, the session will demonstrate how to analyze logs, identify indicators of compromise, investigate malicious web shells, preserve evidence, coordinate communication, and implement remediation strategies. The discussion will also cover secure coding practices, web application monitoring, threat detection, and preventive controls that reduce the likelihood and impact of future attacks. This presentation is designed for cybersecurity professionals, incident responders, developers, application security teams, and IT leaders seeking actionable guidance for handling modern web application breaches effectively.

For many new developers, the leap from academic coding to real-world development can feel like stepping into another universe. College projects often focus on isolated assignments, individual logic, and textbook syntax, while professional environments revolve around frameworks, version control, collaboration, and debugging someone else?s code. This talk explores what makes that transition so challenging and how to bridge the gap effectively. Drawing from personal experience as a student-developer balancing coursework with professional software development, I?ll highlight the key differences between academic and workplace coding cultures. From Git workflows and code reviews to framework based architectures and team communication, we?ll look at how new developers can prepare for the realities of writing maintainable, and collaborative software.

Modern web development has become a race for "fine-grained reactivity." We?ve traded predictable code for a complex web of Proxies, Signals, Compilers, and hidden dependency tracking. But what if we stopped trying to be clever and just embraced the simplicity of the render loop? In this talk, we?ll explore @inglorious/web, a lightweight framework that dares to do the unthinkable: re-render the entire template tree on every state change. By combining an Entity-Based state model with the surgical DOM-diffing of lit-html, we can achieve high-performance UIs with zero component state, zero lifecycle hooks, and zero memory leaks.

4

While your app sleeps, your database dreams... of being useful. This talk pulls back the curtain on powerful, often-ignored features hiding inside every relational database: triggers that act like observers, stored procedures that encapsulate logic, views that simplify access, and replication that scales without tears. We?ll walk through real examples, why these tools matter, and how you can start using them without falling into vendor traps or overengineering doom.

With recent improvements in PHP (e.g., Fibers, async libraries) and the growing demands for high-performance data systems, PHP is no longer just for simple web pages. In this talk we?ll explore how to leverage these modern features to build data-intensive, async systems in PHP?covering event loops, concurrency, how to integrate with high throughput pipelines, and case studies of real systems managing large backlogs. We?ll also discuss pitfalls, where pure PHP might hit limits, and how to interoperate with other tech stacks.

2

When I started working in a legacy application, I saw one endpoint that returned HTML instead of JSON and thought "wow, that's old school". Little did I know that HTML responses could be the future to simplify the frontend and backend. htmx makes things so simple to turn any element on your frontend to send a request to your server, handle anything, and return the HTML you want, even if you are using your framework's templating engine. htmx simplifies so much of the connection between the frontend and backend. For developers that use PHP, it can remove the need completely of heavy web apps to use a frontend framework that relies on API calls. htmx can keep all of your frontend HTML in your PHP application, without sacrificing modern AJAX style websites

Dive into the world of LLMs and how to get the most out of them. In this session you will learn about prompting techniques, agent patterns, how to mitigate hallucination and much more. This talk teaches you how LLMs work under the hood and why they do what they do so you can understand why the patterns and techniques work. This will use Node.js as the primary language of example but techniques can be applied in all other languages.

The hardest part of scaling isn?t the tech?it?s the tension. Every C-suite knows that product pivots, rapid growth, and competing priorities create friction between teams, leaders, and vision. But too often, executives treat conflict like a distraction to manage instead of the data they need most. This session unpacks what conflict actually reveals about culture, leadership, and decision-making inside high-growth tech companies. We?ll examine how conflict shows up at the top: CTOs vs. product leads, founders vs. investors, vision vs. execution. You?ll learn how to recognize when disagreement is strategic (and healthy) versus when it?s cultural (and costly). Together, we?ll break down the anatomy of high-stakes conflict?ego, communication breakdowns, power imbalance?and how to navigate them without losing credibility or alignment. You?ll leave with a leadership framework for engaging conflict early, a language for naming what?s really happening in the room, and practical tools for turning tension into traction. Because innovation doesn?t die from lack of ideas?it dies from unspoken ones.