More Related Content Similar to Speed and security for your PHP application (20) More from Zend by Rogue Wave Software (20) Speed and security for your PHP application1. 1© 2017 Rogue Wave Software, Inc. All Rights Reserved. 1
Speed and security
for your PHP application
2. 2© 2017 Rogue Wave Software, Inc. All Rights Reserved. 2
Slavey Karadzhov
Senior solutions consultant
Rogue Wave Software
Presenters
Dr. Johannes Dahse
CEO & Co-Founder
RIPS Technologies
Kai Schmithuesen
Account executive - Zend
Rogue Wave Software
3. 3© 2017 Rogue Wave Software, Inc. All Rights Reserved. 3
Agenda
4. 4© 2017 Rogue Wave Software, Inc. All Rights Reserved. 4
Agenda
• The importance of speed and security for your business
• Boosting your PHP with Zend Server
– Understand and analyze bottlenecks
– Optimize Code / Tune Settings
– Develop
• Fast but is it secure
– Analyze your source code with ease
– Protect production servers from vulnerabilities
• Competition
• Q&A
5. 5© 2017 Rogue Wave Software, Inc. All Rights Reserved. 5
Click to watch the full webinar
6. 6© 2017 Rogue Wave Software, Inc. All Rights Reserved. 6
The importance of speed and security
for your business
7. 7© 2017 Rogue Wave Software, Inc. All Rights Reserved. 7
How performance impacts your business
If an e-commerce site is making $100,000 per day, a 1 second page
delay could potentially cost you $2.5 million in lost sales every year
Mobile sites that loaded in 5 seconds earned almost double the
revenue of sites that took 19 seconds to load
73%
of mobile internet users
have encountered a
website that was
too slow to load
51%
of mobile internet users
have encountered a
website that crashed, froze, or received
an error
A 1 second delay in page
response can result in a 7%
reduction in conversions
47%
of consumers expect a web page to
load in
2 seconds or less
8. 8© 2017 Rogue Wave Software, Inc. All Rights Reserved. 8
How security impacts your business
● Cyber criminals perform 1,000,000 web attacks per day
● General web attacks affect everyone
○ Website infection for malware/phishing campaigns
○ Web server compromise for botnets, DDoS attacks
● Targeted web attacks
○ Steal intellectual property
○ Steal sensitive data (credit cards, PII, passwords)
● $200,000 average data breach costs
● 50,000 websites are hacked daily
9. 9© 2017 Rogue Wave Software, Inc. All Rights Reserved. 9
Get up to speed with Zend Server
10. 10© 2017 Rogue Wave Software, Inc. All Rights Reserved. 10
Speed depends on ...
11. 11© 2017 Rogue Wave Software, Inc. All Rights Reserved. 11
Speeding up an app is ...
Continuous process that involves
● Understand and analyze bottlenecks
○ auto-scaling
○ caching
● Optimize Code / Tune Settings
○ with or without human intervention
● Develop
12. 12© 2017 Rogue Wave Software, Inc. All Rights Reserved. 12
In PHP speed depends on ...
•The Zend PHP Engine
•Proven PHP modules
•PHP components to allow OpCache, DataCache and PageCache
•First class monitoring tools
13. 13© 2017 Rogue Wave Software, Inc. All Rights Reserved. 13
Zend Server is speed
•Perfected from the developers of the Zend PHP engine
•With seamless optimizations built in the core
•With multiple components that boost your PHP applications
•And monitoring that helps you understand your PHP application.
14. 14© 2017 Rogue Wave Software, Inc. All Rights Reserved. 14
Peace of mind with RIPS Technologies
15. 17© 2017 Rogue Wave Software, Inc. All Rights Reserved. 17
Top security vulnerabilities used in web attacks
websites have at least one
medium-severe vulnerability
40%
Cross-site scripting
Inject malicious JavaScript code
rendered by visitors
24%
SQL injection
Manipulate database query to
retrieve sensitive data
7%
Path traversal
Manipulate file operation to steal
sensitive files
4%
File inclusion
Induce a file for code execution
84%
16. 18© 2017 Rogue Wave Software, Inc. All Rights Reserved. 18
Security challenges
Challenge:
Stay up-to-date with
all attack
techniques / pitfalls
Security
awareness
Challenge:
Growing code and
team sizes
Secure
development
Challenge:
Time to market
pressure
Security
testing
Compliance requirements
GDPR, PCI DSS, HIPAA, OWASP ASVS, OWASP Top 10
17. 19© 2017 Rogue Wave Software, Inc. All Rights Reserved. 19
RIPS Code Analysis scans your application
● RIPS scans your source code and detects security bugs
● Technology leader for PHP Static Application Security Testing (SAST)
● Unique language-specific approach, built by security experts
18. 20© 2017 Rogue Wave Software, Inc. All Rights Reserved. 20
RIPS Code Analysis detects unknown security issues
● Supports PHP 3-7, large code bases, and frameworks
● Scans your source code within minutes for
○ 100+ security vulnerability categories
○ 60+ code quality issue categories
○ 40+ misconfiguration categories
● Track record of unknown vulnerabilities reported in popular cores:
19. 21© 2017 Rogue Wave Software, Inc. All Rights Reserved. 21
RIPS Code Analysis protects your application
● Seamless integration into every step of your SDLC setup
● Block vulnerable code before it is deployed on your production server
sonarqube
20. 22© 2017 Rogue Wave Software, Inc. All Rights Reserved. 22
Visit us at ZendCon → 15th – 17th October Las
Vegas
Sponsored by:
21. 23© 2017 Rogue Wave Software, Inc. All Rights Reserved. 23
Visit us at PHP.Ruhr → 11th November Dortmund
Sponsored by:
22. 24© 2017 Rogue Wave Software, Inc. All Rights Reserved. 24
Interested to give it a test drive?
23. 25© 2017 Rogue Wave Software, Inc. All Rights Reserved. 25
Competition
What we will do:
We will contact you to review your projects and pick the three most interesting in terms of scope and complexity. We will help you to
install Zend Server including RIPS plugin on your infrastructure for your project and support you during a three month trial phase
We are looking to give three projects the chance to test Zend Server and RIPS
What you will do:
Type “Interested” into the Q&A panel
24. 26© 2017 Rogue Wave Software, Inc. All Rights Reserved. 26
Click to watch the full webinar
26. 28© 2017 Rogue Wave Software, Inc. All Rights Reserved. 28
Thank You
27. 29© 2017 Rogue Wave Software, Inc. All Rights Reserved. 29
Speed and security for your PHP
application
Kai Schmithüsen
Account Executive Zend EMEA
Slavey Karadzhov
Senior Consultant, Professional Services @ RogueWave
Johannes Dahse
CEO & Co-founder @ RIPS Technologies
28. 30© 2017 Rogue Wave Software, Inc. All Rights Reserved. 30
References
•https://developer.akamai.com/blog/2016/09/14/mobile-load-time-user-
abandonment
•https://pages.zend.com/rs/zendtechnologies/images/PHP7-
Performance%20Infographic.pdf
•https://www.zimuel.it/blog/strong-cryptography-in-php
•https://www.infopoint-security.de/media/Trustwave_2018-
GSR_20180329_Interactive.pdf
29. 31© 2017 Rogue Wave Software, Inc. All Rights Reserved. 31
Click to watch the full webinar