Speaker

Vinícius Campitelli

Vinícius Campitelli

DevRel @ FusionAuth

DevRel @ FusionAuth

São Paulo, Brazil

I've been a developer for 15 years and am extremely passionate about technology and education. I've worked on dozens of projects in several areas, like email marketing, network automation, e-commerce, cybersecurity, video streaming and I even founded my own e-learning startup.

Desenvolvedor há mais de 15 anos, apaixonado por tecnologia e principalmente Web. Já atuei em projetos em diversas áreas, como email marketing, automação de redes, e-commerce, cibersegurança e e-learning, onde inclusive fundei uma startup. Gosto de falar principalmente sobre DevOps, arquitetura de sistemas, boas práticas de codificação e segurança da informação.

Area of Expertise

  • Information & Communications Technology

Topics

  • PHP
  • IT Security
  • Application Security
  • Web API
  • REST API
  • Docker
  • DevOps
  • Linux
  • AWS DevOps

libsodium: the modern cryptographic library for PHP 7

libsodium is a great and modern cryptography library and it is part of the PHP core since the 7.2 version (being the first language to do that!). We will see how to use it to securely encrypt and decrypt data with both symmetric and asymmetric approaches, how to safely store passwords and how to correctly hash data to guarantee authenticity. By doing that, you will surely boost your software security to a new level!

Using PHP outside the Web

We all know PHP was initially made for the Web, but it is very simple to use it to create CLI scripts and even daemon processes. Of course we should always assess the right languages and tools for every project, but we can leverage of reusing backend PHP code and the current experience of our development team! We will see how to:
- create these CLI scripts by dealing with the arguments and command routing;
- use PCNTL to manage process creation and execution;
- truly create threads with the redesigned pthreads lib.

Applying best coding practices

Everyone heard of (or should have) SOLID, Object Calisthenics and other Clean Code patterns. But the theory often distances itself from the practice, because the Internet examples are far more simple than we see in real life. We will see more practical examples, showing how to really use and apply these concepts in our applications.

Introduction to Cryptography

Cryptography is the practice of transforming a clear text into a ciphered code, so that only the desired people (or system) can decipher it. PHP has several functions to achieve this, but is very common to misuse them, leading to vulnerable applications. We will see about the different types of cryptography (symmetric and assymetric); ciphers and modes of operation; randomness and initialization vectors; hashing and signatures.

Creating secure authentication mechanisms

When creating an application, we often don't pay the necessary attention to the authentication process. We implement a simple form and start the session to keep the user logged in. Then, we proceed to what really matters to us: the "core" of our system.

But the login step is the main entrance to it, and not spending the needed time is why "Broken Authentication" is 2nd place at OWASP Top Ten Project of Web Application Security Risks.

That's why we need to learn how to create more secure authentication mechanisms, by:
- Really protecting against CSRF
- Creating strong Two Factor Authentication process
- Avoiding user enumeration
- Implementing secure "forgot my password" and "remember me" features

Vinícius Campitelli

DevRel @ FusionAuth

São Paulo, Brazil