Edward Barnard ewbarnard

## gist:aeb1dc2b579ab08e5362
“You will be about to lose, Ender, but you will win. You will learn to defeat the enemy. He will teach you how.” We got hacked.
It happens. We found that our web _site_ protections are helpless in defending a web _service_ attack. HTTPS does not protect
passwords. I show you what security techniques are not good enough _and why_. Our PHP web services architecture is tough and mean
and prickly. The attackers do not like it. I show you what we did. Here are the tools and mind-set you need to send the enemy
looking elsewhere for an easier target.

## gist:cbb1b7ead43d4efc41b2516c03f8c3a2
WHAT CHANGED: Title and description

Title: Right Attitude in Securing your Web Services
Level: Intermediate
Duration: 50 minutes including 10 for questions

Description:
Knowing how to secure your web SITE does not translate into knowing how to
secure your web SERVICE. Your website is friendly to humans. You can fend off
attacks with CAPTCHA and other ways of detecting and rejecting automated

## gist:eafaecbdc7d8e1b65dd05c56c13c571b
Title: Learning from the Enemy: Designing Your Web Service Security Architecture
Level: Intermediate to Advanced
Duration: 50 minutes including 10 for questions

Description:
Best practices don't matter once the enemy breaks through your security. What
matters is stopping the enemy. We'll let the enemy show us how.

You've heard of Authentication and Authorization. We'll learn why they do NOT
work with web services. We'll see that OAuth 2.0 does not answer our need.

## gist:98e947eea95030a54ac14c09cfbe619e
WHAT CHANGED: TITLE AND DESCRIPTION

Title: Using Encryption in PHP
Level: All
Duration: 50 minutes including 10 for questions

Description:
Using encryption sounds simple. It is! The trouble is that encryption is
extremely difficult to get right. In fact it's a great way to grab news
headlines when you get it spectacularly wrong.

## gist:3d0ef4256cf24bb3eea3d6eed65e3fd3
Title: The Rhythm of Test-Driven Development
Level: All; unit testing experience helpful
Duration: 50 minutes including 10 for questions

Description:
Test-Driven Development (TDD) would seem to be all about the tests. But if you
focus on writing the tests, you miss most of the value. In my experience, TDD
can take 2-3 times longer in initial development time. The most-often-stated
value comes with the lack of debugging time needed with production deployment.

## gist:c16b546ae81066c3f62e1305ae405962
Title: Unit Test Design with Mockery
Level: For anyone with PHPUnit working knowledge
Duration: 50 minutes including 10 for questions

Description:
When your PHP code must work through other classes, functions, APIs, and
databases, those dependencies become a formidable challenge to writing your
unit tests. You may find yourself spending an hour getting structures
set up for a three-line test. Things can easily get out of hand.

## gist:e8ded87e225a778dd1594f0543164755
Title: Securing your Web Services (half day)
Level: All
Duration: Half day (3.5 hours)

Description:
Knowing how to secure your web SITE does not translate into knowing how to
secure your web SERVICE. This three-part teaching session provides you skills
needed for securing your own RESTful web services in PHP:

1. What is different about web services, and why site protections such as

## gist:b7f096e356af2bbb7a069d2e9610e56b
EDIT: Changed title/description again, description is 470 of 500 available chars.

Title: Big Iron and Bare Metal: PHP Lessons from Cold War Supercomputing
Type: Regular (1 hour including Q&A)

Description:
The original CRAY-1 Supercomputer was a 5-ton monster with just 8 MB of main
memory, yet programming it can be a fun way to explore subtleties of
PHP coding.

## gist:8c71de8874ff8dc4271ebec6641919b8
Edit: Revised description per elezar, dfeldman, edunham

Title: Producer-Consumer Programming in CakePHP/RabbitMQ
Type: Regular (1 hour including Q&A)

Description (495 of 500 chars):
When you try to do too much during a page load, your site gets slower and
slower. Producer/Consumer programming allows us to move some of the work
offline, allowing your web server to run that much faster.

## gist:c3c7a7e6eec4a76fe270fdad45f6f49b
Edit: Changed description per edunham

Title: Beginning to Design for Scale with RabbitMQ
Type: Regular (1 hour including Q&A)

Description (479 of 500 chars):
When your app outgrows a single server, you begin to encounter logjams,
queues filling up, and other problems of scale. Code becomes more
complicated.
	“You will be about to lose, Ender, but you will win. You will learn to defeat the enemy. He will teach you how.” We got hacked.
	It happens. We found that our web _site_ protections are helpless in defending a web _service_ attack. HTTPS does not protect
	passwords. I show you what security techniques are not good enough _and why_. Our PHP web services architecture is tough and mean
	and prickly. The attackers do not like it. I show you what we did. Here are the tools and mind-set you need to send the enemy
	looking elsewhere for an easier target.
	WHAT CHANGED: Title and description

	Title: Right Attitude in Securing your Web Services
	Level: Intermediate
	Duration: 50 minutes including 10 for questions

	Description:
	Knowing how to secure your web SITE does not translate into knowing how to
	secure your web SERVICE. Your website is friendly to humans. You can fend off
	attacks with CAPTCHA and other ways of detecting and rejecting automated
	Title: Learning from the Enemy: Designing Your Web Service Security Architecture
	Level: Intermediate to Advanced
	Duration: 50 minutes including 10 for questions

	Description:
	Best practices don't matter once the enemy breaks through your security. What
	matters is stopping the enemy. We'll let the enemy show us how.

	You've heard of Authentication and Authorization. We'll learn why they do NOT
	work with web services. We'll see that OAuth 2.0 does not answer our need.
	WHAT CHANGED: TITLE AND DESCRIPTION

	Title: Using Encryption in PHP
	Level: All
	Duration: 50 minutes including 10 for questions

	Description:
	Using encryption sounds simple. It is! The trouble is that encryption is
	extremely difficult to get right. In fact it's a great way to grab news
	headlines when you get it spectacularly wrong.
	Title: The Rhythm of Test-Driven Development
	Level: All; unit testing experience helpful
	Duration: 50 minutes including 10 for questions

	Description:
	Test-Driven Development (TDD) would seem to be all about the tests. But if you
	focus on writing the tests, you miss most of the value. In my experience, TDD
	can take 2-3 times longer in initial development time. The most-often-stated
	value comes with the lack of debugging time needed with production deployment.
	Title: Unit Test Design with Mockery
	Level: For anyone with PHPUnit working knowledge
	Duration: 50 minutes including 10 for questions

	Description:
	When your PHP code must work through other classes, functions, APIs, and
	databases, those dependencies become a formidable challenge to writing your
	unit tests. You may find yourself spending an hour getting structures
	set up for a three-line test. Things can easily get out of hand.
	Title: Securing your Web Services (half day)
	Level: All
	Duration: Half day (3.5 hours)

	Description:
	Knowing how to secure your web SITE does not translate into knowing how to
	secure your web SERVICE. This three-part teaching session provides you skills
	needed for securing your own RESTful web services in PHP:

	1. What is different about web services, and why site protections such as
	EDIT: Changed title/description again, description is 470 of 500 available chars.

	Title: Big Iron and Bare Metal: PHP Lessons from Cold War Supercomputing
	Type: Regular (1 hour including Q&A)

	Description:
	The original CRAY-1 Supercomputer was a 5-ton monster with just 8 MB of main
	memory, yet programming it can be a fun way to explore subtleties of
	PHP coding.
	Edit: Revised description per elezar, dfeldman, edunham

	Title: Producer-Consumer Programming in CakePHP/RabbitMQ
	Type: Regular (1 hour including Q&A)

	Description (495 of 500 chars):
	When you try to do too much during a page load, your site gets slower and
	slower. Producer/Consumer programming allows us to move some of the work
	offline, allowing your web server to run that much faster.
	Edit: Changed description per edunham

	Title: Beginning to Design for Scale with RabbitMQ
	Type: Regular (1 hour including Q&A)

	Description (479 of 500 chars):
	When your app outgrows a single server, you begin to encounter logjams,
	queues filling up, and other problems of scale. Code becomes more
	complicated.