[hemmerling] PHP

Conferences and Workshops

Conferences

Workshops

Runtime

    • PHP 5.2 Windows Binaries” are the latest version with W2k support, compiled with legacy Visual Studio 6 compiler.
    • PHP 5.3 Windows Binaries” run on WinXP, Win2003, Vista, Win2008, Win7..., compiled with Visual Studio 2008 compiler.
  • As of 2016-08, there are 2 versions of PHP:
    1. PHP 5.6 stable.
    2. PHP 7 with new features ( similar to JS 4,5,..).

PHP IDEs

Free PHP IDEs

  1. Code Lobster PHP Edition - “Free Portable PHP IDE (HTML, PHP, CSS, JavaScript code editor)”, “Free portable IDE for PHP/HTML/CSS/JavaScript development”, “PHP/HTML/CSS/JavaScript highlighting; advanced PHP/HTML/CSS/JavaScript autocomplete; a powerful PHP debugger; context and dynamic Help; a code validator; a SQL manager”.
  2. Eclipse - “Eclipse for PHP Developers”.
  3. phpIDE "PHP Coder" - “A free IDE developed for PHP programmers. Through tight integration of the PHP interpreter and the PHP documentation, PHP Coder gives you a time-saving Development Interface”.
  4. Sourceforge "Dev-PHP", Sourceforge "Dev-PHP" - “A well-featured integrated development environment (IDE)”.
  5. Padre - the Perl IDE”.
  6. PhpEd 2.96.1.2 - latest freeware edtion of the commercial PHP editor NuSphere PhpEd for Windows, which was shipped at that time with Apache and MySQL servers.
  7. “Software Studio” - discontinued free IDE for C#, Java, VB.Net, Aspx, C++, Html, Xml, Php, JavaScript, TeX.

Just-commercial PHP IDEs

Free PHP Debuggers

Free PHP Tools

  • PHP Cleaner - “This little script removes the PHP line brakes you find in a lot of PHP source codes”.

Packages

Composer - Dependency Manager for PHP

Packagist - The PHP Package Repository

Application Execution in Taint Mode

Testing

Free PHP Frameworks / PHP Extensions

Neos & Flow

The Frameworks

  • The OpenSource Neos, GitHub "neos".
    • “Content Application Platform based on its own PHP framework Flow. The content management features are resting within a larger context that allows you to build a perfectly customized experience”.
    • “An open source Content Application Platform based on Flow. A set of core Content Management features is resting within a larger context that allows you to build a perfectly customized experience for your users”.
    • “A PHP web application framework focussed on Domain-Driven Design and clean code. Based on strong conventions and best practices, it allows you to rapidly create powerful web applications”.
    • “Flow Application Framework, provides MVC, DI, AOP, Security, …”.

Resources

Kohana: The Swift PHP Framework

LampLighter

  • LampLighter - “OpenSource rapid application development framework for PHP based on a Model-View-Controller (MVC) architecture.
    • The predecessor FUSE - “A Model View Controller framework for PHP”.

PECL

  • George Schlossnagle "PECL" - “A repository for PHP Extensions, providing a directory of all known extensions and hosting facilities for downloading and development of PHP extensions”.

PEAR - PHP Extension and Application Repository

PHPforFB

  • The OpenSource PHP Web Framework PHPforFB - “welches das Entwickeln und Betreiben von Facebook Anwendungen und Page-Apps vereinfacht”.

Symfony

Zend

Embedded Software Projects with PHP

Commercial Development Tools

Cronjob Services

Free Cronjob Services

Affordable Webspace & Webhosting with Cronjob Services

Resources

Design Tips for Secure Web Applications

    • Github " airbone42/nsa-anti-patterns" - “Talk about security at PHP Unconference 2013 in Hamburg”.
      1. ”';” - SQL injection → “prepare”.
      2. Broken authenification and session management
        1. Don‘t expose session IDs.
        2. Reduce session lifetime.
        3. Regenerate session IDs.
      3. ”<” - XSS → “htmlspecialchars”.
        1. Validate input.
        2. Escape output.
        3. X-content security policy.
        4. X-frame options.
        5. Template engine.
      4. Insecure direct object reference → “require”.
        1. Validate user input.
        2. Use indirect object references.
        3. Check access permissions.
      5. Security misconfiguration.
        1. Keep your system up-to-date.
        2. Remove setup/deployment routines.
        3. Disable exposure of sensitive data.
        4. Review server settings.
      6. Sensitive data exposure passwords.
        1. Add a salt.
        2. Use different salts.
        3. Use a strong algorithm (NOT md5).
        4. Store data and keys separated.
      7. Sensitive data exposure - PHP
        1. “expose_phpOff”.
        2. Remove “phpinfo();”.
      8. Sensitive data exposure - Secure URLs.
        1. Use TLS for all pages.
        2. Use secure cookie flag.
        3. Keep sensitive data out of the URL.
      9. Missing function level access control.
        1. Standard should disallow all access.
        2. Use roles to keep ACL simple.
        3. ACL model should be very flexible.
        4. Check privileges on each step.
      10. Cross-site request forgery.
        1. Use one-time-token and secure it.
        2. Authenticate user.
          1. Credentials.
          2. Captcha.
      11. Unvalidated redirects and forwards.
      12. Using components with known vulnerabilities.
        1. Keep libraries up-to-date ( versioneye.com ).
        2. Review third party libraries.
        3. Check mailing lists, boards, news- and vendor-sites.
      13. Mail header injection.
      14. Security by obscurity “The neighbours have better stuff”.

Literature

Paper Magazines

Books

Resources

Forums, Newsgroups

Appropriate OpenDirectory Directory Pages

 
en/php.html.txt · Last modified: 2017/06/23 20:56 (external edit) · []
Recent changes RSS feed Powered by PHP Valid XHTML 1.0 Valid CSS Driven by DokuWiki