Penetration testing for developers

SQL injection, password cracking, web content scanning... As a developer, you've probably heard of some of these terms, and might be aware of the basic measures to counter them. But how does a hacker execute such attacks? What tools do they use? And how easy would it be to attack your own application? By starting to think like our adversaries, we have a better chance of finding vulnerabilities in our software before they can be exploited.

In this talk we will look at a few tools used by attackers and ethical hackers alike to find (and exploit) vulnerabilities in web applications. By the end of the talk, you will have a better understanding of how an attacker might target your application and how you can use the same tools to discover vulnerabilities yourself first.

Previously delivered at PHPAmersfoort, Ode aan de Code, AmsterdamPHP, and PHP & Laravel Eindhoven

Manage your cloud infrastructure as code using Terraform

Developments in cloud computing over the last years have made it easier than ever to deploy and scale applications with minimal investment. However, managing cloud infrastructure by hand is a complex and error-prone task. This is where Infrastructure as Code (IaC) comes to the rescue, with Terraform being one of the most popular tools for automating infrastructure management.

Join me in this talk to learn about the benefits of IaC and how to get started with Terraform. We'll cover the basics of the Terraform language, the core Terraform workflow, how to use providers to manage resources on different cloud platforms, and how to fit Terraform into your CI/CD process.

Previously delivered at PHPAmersfoort and Ode aan de Code.

Making architecture decisions, the Agile way

For many years, the waterfall model was the standard way of developing software. Engineering teams could spend months or even years on the architecture of a new project, before even a single line of code was written. Nowadays we know that this approach is flawed, and working in small iterations and continuous delivery have become the norm. But does that mean that we should just skip making architecture decisions altogether? Of course not!

In this talk we will look at how the Agile Manifesto and the principles behind it actually promote the making of conscious architectural decisions, and how we can include architecture in our software development process while avoiding Big Design Up Front. We will look at practical tools such as Architectural Decision Records which will help to make architecture decisions in a structured way, and document them so that we will still remember the reasoning behind them in a few years from now.

So join me in this talk to find out how you can make good architectural decisions that allow you to deal with changing requirements, while delivering working software to your customers as early as possible!

This talk is aimed at developers and architects who work in an Agile environment and struggle to find the right balance between Big Design Up Front and no design at all.

Guiding the Next Generation: Mentoring Junior Developers

Guiding and mentoring junior team members is an essential part of our job as senior developers. In this talk we will look at coaching models and techniques we can apply to become more effective in guiding and mentoring teammates. I will share some of the mistakes I made in the past and some of the lessons I wish I had learned years ago.

This talk is aimed at senior developers who want to improve their skills in guiding and mentoring the next generation of junior developers.

Finding security vulnerabilities with static analysis

Writing secure code is important to prevent your users' data from being stolen. But vulnerabilities in your code can be difficult to spot and will not always be picked up during manual code reviews. In this talk, we'll look at how various static analysis tools (some of which you might already be using) can be used to detect common security vulnerabilities in your PHP applications in an automated way.