Package managers like Composer make it quick and easy to add third-party libraries to an application. Unfortunately, they can also make it easy to import code that’s not meant to run in production—and might intentionally expose certain vulnerabilities—if your development team isn’t careful.

Writing clean code, managing technical debt, testing with Mockery, Toxic Tech, API specifications, and more.

Every successful development team has two things in common: they’ve shipped a product, and they accepted compromises to make that shipment possible. Every team and every project has technical debt. It comes with the territory when you start building software. Usually, the term “technical debt” is seen as a negative, but that’s not always true.

PHP Unit, Mockery, Type Hints, Async PHP, building a REST API, training programs, PHP isolation and security, serverless computing, Laravel auth, and more.

Developers the world over were in shock this past May as thousands of computers in the UK’s National Health System were rendered inoperable due to a malware attack. Thanks to a previously leaked vulnerability in Windows’ operating system, and the notoriously slow rate at which large enterprises apply system patches, hackers were able to infiltrate […]

Authentication is the foundation of your application’s security. Authentication separates guests from users and restricts functionality in your application to authenticated users. We can also take authentication a step further and completely offload the grunt work to some other service such a GitHub, Google, or any other third party authentication service provider.

Developers often conflate two different modes of data encryption when protecting the systems on which their applications run. One is encryption at rest. The other is application-level encryption. These approaches are similar, but they are not the same. It behooves the savvy developer to understand the difference.

Why wait until production deployment to identify security vulnerabilities? Using tools like Burp Suite, you can find security vulnerabilities before they’re on the web. In this article, you will see examples of vulnerabilities which were detected early, and how to integrate these practices into your daily workflow.

Last November, the Open Web Application Security Project (OWASP) published a new list of their “top ten” application security risks (ASRs). These are the most commonly encountered coding and security issues on the web according to an industry survey and the opinion of leading developers in the field. One of the newer ASRs to make […]

By the time you read this, the PHP community should have introduced the world to the newest version of our favorite language. This latest version adds better support for type annotations, allows trailing commas in lists (just like JavaScript and other dynamic languages) and introduced several security improvements. The most notable security addition, however, is […]