Workshop in English - US at SunshinePHP 2018
View Slides: https://www.slideshare.net/MarkNiebergall/defensive-coding-crash-course-tutorial
Short URL: https://joind.in/talk/d80c2 (QR-Code (opens in new window))
Ensuring software reliability, resiliency, and recoverability is best achieved by practicing effective defensive coding. Take a crash course in defensive coding with PHP and learn about attack surfaces, input validation, canonicalization, secure type checking, external library vetting, cryptographic agility, exception management, code reviews, and unit and behavioral testing. Learn some helpful tips and tricks from experienced professionals within the PHP community as we review the latest blogs and discussions on best practices to defend your project.
Comments are closed.
Good hands-on activities and super relevant for what I do with PHP. The break up of discussion followed by activities made the time manageable. A suggestion I would have for the first exercise would be to have the file and stubs for the getters set up so we can focus on the validation part. I think I wasted a lot of time just trying to get my file set up to read (I had to google methods to use) and then stubbing out methods.
Good intro to defensive coding.
Fantastic tutorial! I really liked the interaction and how you covered a lot of the low hanging fruit of defensive coding. I also liked that you grouped us up in teams to work together. It was a great hands on tutorial!
Really good tutorial! You covered a huge breadth of ideas efficiently and effectively, and I really liked the game of trying to decrypt those strings. In the first practice activity, if there was a way to get the CSV data into the getters class, I couldn't find it, and I wasted the first 15 minutes just writing my own, so some clarity on that point would have been appreciated. Thanks for the great tutorial!
This was a great hands-on tutorial. Working with someone else during the activities really caused me to step outside of my comfort zone. It was a great experience for me. I wasn't able to participate in the Unit Testing activity because I had no idea how to start. So unless you've already had experience with Unit Testing, I don't think this activity was helpful. For me, I guess it would have been helpful to start with an example that everyone can follow along with.
It was a good introduction and I learnt a few good tips. I thought the exercises were unnecessary, the time would have been better spent looking at common errors in code or doing some code reviews.