SlideShare a Scribd company logo

Speed and security for your PHP application

Download as PPTX, PDF
Zend by Rogue Wave Software
Zend by Rogue Wave Software

Two of the most important topics on everyone’s mind when developing PHP applications are performance and security. Rogue Wave Software and RIPS Technologies are teaming up to show you how you can utilize our solutions to help make your PHP applications safe and fast. We will use a typical Magento implementation as an example to speak about finding and eliminating bottlenecks and debugging your code. We will also demonstrate how you can detect security vulnerabilities using cutting edge static code analysis.

Software
1 of 29
1© 2017 Rogue Wave Software, Inc. All Rights Reserved. 1 Speed and security for your PHP application
2© 2017 Rogue Wave Software, Inc. All Rights Reserved. 2 Slavey Karadzhov Senior solutions consultant Rogue Wave Software Presenters Dr. Johannes Dahse CEO & Co-Founder RIPS Technologies Kai Schmithuesen Account executive - Zend Rogue Wave Software
3© 2017 Rogue Wave Software, Inc. All Rights Reserved. 3 Agenda
4© 2017 Rogue Wave Software, Inc. All Rights Reserved. 4 Agenda • The importance of speed and security for your business • Boosting your PHP with Zend Server – Understand and analyze bottlenecks – Optimize Code / Tune Settings – Develop • Fast but is it secure – Analyze your source code with ease – Protect production servers from vulnerabilities • Competition • Q&A
5© 2017 Rogue Wave Software, Inc. All Rights Reserved. 5 Click to watch the full webinar
6© 2017 Rogue Wave Software, Inc. All Rights Reserved. 6 The importance of speed and security for your business
7© 2017 Rogue Wave Software, Inc. All Rights Reserved. 7 How performance impacts your business If an e-commerce site is making $100,000 per day, a 1 second page delay could potentially cost you $2.5 million in lost sales every year Mobile sites that loaded in 5 seconds earned almost double the revenue of sites that took 19 seconds to load 73% of mobile internet users have encountered a website that was too slow to load 51% of mobile internet users have encountered a website that crashed, froze, or received an error A 1 second delay in page response can result in a 7% reduction in conversions 47% of consumers expect a web page to load in 2 seconds or less
8© 2017 Rogue Wave Software, Inc. All Rights Reserved. 8 How security impacts your business ● Cyber criminals perform 1,000,000 web attacks per day ● General web attacks affect everyone ○ Website infection for malware/phishing campaigns ○ Web server compromise for botnets, DDoS attacks ● Targeted web attacks ○ Steal intellectual property ○ Steal sensitive data (credit cards, PII, passwords) ● $200,000 average data breach costs ● 50,000 websites are hacked daily
9© 2017 Rogue Wave Software, Inc. All Rights Reserved. 9 Get up to speed with Zend Server
10© 2017 Rogue Wave Software, Inc. All Rights Reserved. 10 Speed depends on ...
11© 2017 Rogue Wave Software, Inc. All Rights Reserved. 11 Speeding up an app is ... Continuous process that involves ● Understand and analyze bottlenecks ○ auto-scaling ○ caching ● Optimize Code / Tune Settings ○ with or without human intervention ● Develop
12© 2017 Rogue Wave Software, Inc. All Rights Reserved. 12 In PHP speed depends on ... •The Zend PHP Engine •Proven PHP modules •PHP components to allow OpCache, DataCache and PageCache •First class monitoring tools
13© 2017 Rogue Wave Software, Inc. All Rights Reserved. 13 Zend Server is speed •Perfected from the developers of the Zend PHP engine •With seamless optimizations built in the core •With multiple components that boost your PHP applications •And monitoring that helps you understand your PHP application.
14© 2017 Rogue Wave Software, Inc. All Rights Reserved. 14 Peace of mind with RIPS Technologies
17© 2017 Rogue Wave Software, Inc. All Rights Reserved. 17 Top security vulnerabilities used in web attacks websites have at least one medium-severe vulnerability 40% Cross-site scripting Inject malicious JavaScript code rendered by visitors 24% SQL injection Manipulate database query to retrieve sensitive data 7% Path traversal Manipulate file operation to steal sensitive files 4% File inclusion Induce a file for code execution 84%
18© 2017 Rogue Wave Software, Inc. All Rights Reserved. 18 Security challenges Challenge: Stay up-to-date with all attack techniques / pitfalls Security awareness Challenge: Growing code and team sizes Secure development Challenge: Time to market pressure Security testing Compliance requirements GDPR, PCI DSS, HIPAA, OWASP ASVS, OWASP Top 10
19© 2017 Rogue Wave Software, Inc. All Rights Reserved. 19 RIPS Code Analysis scans your application ● RIPS scans your source code and detects security bugs ● Technology leader for PHP Static Application Security Testing (SAST) ● Unique language-specific approach, built by security experts
20© 2017 Rogue Wave Software, Inc. All Rights Reserved. 20 RIPS Code Analysis detects unknown security issues ● Supports PHP 3-7, large code bases, and frameworks ● Scans your source code within minutes for ○ 100+ security vulnerability categories ○ 60+ code quality issue categories ○ 40+ misconfiguration categories ● Track record of unknown vulnerabilities reported in popular cores:
21© 2017 Rogue Wave Software, Inc. All Rights Reserved. 21 RIPS Code Analysis protects your application ● Seamless integration into every step of your SDLC setup ● Block vulnerable code before it is deployed on your production server sonarqube
22© 2017 Rogue Wave Software, Inc. All Rights Reserved. 22 Visit us at ZendCon → 15th – 17th October Las Vegas Sponsored by:
23© 2017 Rogue Wave Software, Inc. All Rights Reserved. 23 Visit us at PHP.Ruhr → 11th November Dortmund Sponsored by:
24© 2017 Rogue Wave Software, Inc. All Rights Reserved. 24 Interested to give it a test drive?
25© 2017 Rogue Wave Software, Inc. All Rights Reserved. 25 Competition What we will do: We will contact you to review your projects and pick the three most interesting in terms of scope and complexity. We will help you to install Zend Server including RIPS plugin on your infrastructure for your project and support you during a three month trial phase We are looking to give three projects the chance to test Zend Server and RIPS What you will do: Type “Interested” into the Q&A panel
26© 2017 Rogue Wave Software, Inc. All Rights Reserved. 26 Click to watch the full webinar
27© 2017 Rogue Wave Software, Inc. All Rights Reserved. 27 Q&A
28© 2017 Rogue Wave Software, Inc. All Rights Reserved. 28 Thank You
29© 2017 Rogue Wave Software, Inc. All Rights Reserved. 29 Speed and security for your PHP application Kai Schmithüsen Account Executive Zend EMEA Slavey Karadzhov Senior Consultant, Professional Services @ RogueWave Johannes Dahse CEO & Co-founder @ RIPS Technologies
30© 2017 Rogue Wave Software, Inc. All Rights Reserved. 30 References •https://developer.akamai.com/blog/2016/09/14/mobile-load-time-user- abandonment •https://pages.zend.com/rs/zendtechnologies/images/PHP7- Performance%20Infographic.pdf •https://www.zimuel.it/blog/strong-cryptography-in-php •https://www.infopoint-security.de/media/Trustwave_2018- GSR_20180329_Interactive.pdf
31© 2017 Rogue Wave Software, Inc. All Rights Reserved. 31 Click to watch the full webinar

Recommended

Develop microservices in php
Develop microservices in phpDevelop microservices in php
Develop microservices in php
Zend by Rogue Wave Software
 
Automated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAutomated Server Administration for DevSecOps
Automated Server Administration for DevSecOps
Aarno Aukia
 
Third Party Performance (Velocity, 2014)
Third Party Performance (Velocity, 2014)Third Party Performance (Velocity, 2014)
Third Party Performance (Velocity, 2014)
Guy Podjarny
 
Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?
James Wickett
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
Guy Podjarny
 
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo AppMRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
NGINX, Inc.
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software
OWASP
 
DevSecCon London 2017: Hands-on secure software development from design to de...
DevSecCon London 2017: Hands-on secure software development from design to de...DevSecCon London 2017: Hands-on secure software development from design to de...
DevSecCon London 2017: Hands-on secure software development from design to de...
DevSecCon
 

Recommended

Develop microservices in php
Develop microservices in phpDevelop microservices in php
Develop microservices in php
Zend by Rogue Wave Software
 
Automated Server Administration for DevSecOps
Automated Server Administration for DevSecOpsAutomated Server Administration for DevSecOps
Automated Server Administration for DevSecOps
Aarno Aukia
 
Third Party Performance (Velocity, 2014)
Third Party Performance (Velocity, 2014)Third Party Performance (Velocity, 2014)
Third Party Performance (Velocity, 2014)
Guy Podjarny
 
Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?Serverless Security: Are you ready for the Future?
Serverless Security: Are you ready for the Future?
James Wickett
 
Serverless Security: What's Left To Protect
Serverless Security: What's Left To ProtectServerless Security: What's Left To Protect
Serverless Security: What's Left To Protect
Guy Podjarny
 
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo AppMRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
MRA AMA: Ingenious: The Journey to Service Mesh using a Microservices Demo App
NGINX, Inc.
 
[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software[Wroclaw #9] The purge - dealing with secrets in Opera Software
[Wroclaw #9] The purge - dealing with secrets in Opera Software
OWASP
 
DevSecCon London 2017: Hands-on secure software development from design to de...
DevSecCon London 2017: Hands-on secure software development from design to de...DevSecCon London 2017: Hands-on secure software development from design to de...
DevSecCon London 2017: Hands-on secure software development from design to de...
DevSecCon
 
Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud Hack
NotSoSecure Global Services
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
NGINX, Inc.
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX Plus
Christian Folini
 
Using Puppet With A Secrets Server
Using Puppet With A Secrets ServerUsing Puppet With A Secrets Server
Using Puppet With A Secrets Server
conjur_inc
 
Automating security test using Selenium and OWASP ZAP - Practical DevSecOps
Automating security test using Selenium and OWASP ZAP - Practical DevSecOpsAutomating security test using Selenium and OWASP ZAP - Practical DevSecOps
Automating security test using Selenium and OWASP ZAP - Practical DevSecOps
Mohammed A. Imran
 
Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101
Mario-Leander Reimer
 
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverCybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection server
Amit Serper
 
Cover Your Apps While Still Using npm
Cover Your Apps While Still Using npmCover Your Apps While Still Using npm
Cover Your Apps While Still Using npm
Tierney Cyren
 
Authenticating to HashiCorp Vault in a VMware vSphere Environment
Authenticating to HashiCorp Vault in a VMware vSphere EnvironmentAuthenticating to HashiCorp Vault in a VMware vSphere Environment
Authenticating to HashiCorp Vault in a VMware vSphere Environment
Martez Reed
 
JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...
JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...
JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...
ishaigor
 
[201702]Qubit Security Pitch deck
[201702]Qubit Security Pitch deck[201702]Qubit Security Pitch deck
[201702]Qubit Security Pitch deck
Seungmin Shin
 
Tests your pipeline might be missing
Tests your pipeline might be missingTests your pipeline might be missing
Tests your pipeline might be missing
Gene Gotimer
 
Secure your Hadoop clusters with BlueTalon SecureAccess for WebHDFS
Secure your Hadoop clusters with BlueTalon SecureAccess for WebHDFSSecure your Hadoop clusters with BlueTalon SecureAccess for WebHDFS
Secure your Hadoop clusters with BlueTalon SecureAccess for WebHDFS
Isabelle Dumont
 
Mitigate potential compliance risks
Mitigate potential compliance risksMitigate potential compliance risks
Mitigate potential compliance risks
Jürgen Brüder
 
CodeFest 2014 - Pentesting client/server API
CodeFest 2014 - Pentesting client/server APICodeFest 2014 - Pentesting client/server API
CodeFest 2014 - Pentesting client/server API
Sergey Belov
 
2020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v032020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v03
Diego Gabriel Cardoso
 
Experiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD ProjectExperiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD Project
Gene Gotimer
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets management
Kevin Gilpin
 
Are you ready to be hacked?
Are you ready to be hacked?Are you ready to be hacked?
Are you ready to be hacked?
Daniel Kanchev
 
Securing your EmberJS Application
Securing your EmberJS ApplicationSecuring your EmberJS Application
Securing your EmberJS Application
Philippe De Ryck
 
Ongoing management of your PHP 7 application
Ongoing management of your PHP 7 applicationOngoing management of your PHP 7 application
Ongoing management of your PHP 7 application
Zend by Rogue Wave Software
 
Database as code in Devops - DBを10分間で1000個構築するDB仮想化テクノロジーとは?(Adam)
Database as code in Devops - DBを10分間で1000個構築するDB仮想化テクノロジーとは?(Adam)Database as code in Devops - DBを10分間で1000個構築するDB仮想化テクノロジーとは?(Adam)
Database as code in Devops - DBを10分間で1000個構築するDB仮想化テクノロジーとは?(Adam)
Insight Technology, Inc.
 

More Related Content

What's hot

Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
NGINX, Inc.
 
Automating security test using Selenium and OWASP ZAP - Practical DevSecOps
Automating security test using Selenium and OWASP ZAP - Practical DevSecOpsAutomating security test using Selenium and OWASP ZAP - Practical DevSecOps
Automating security test using Selenium and OWASP ZAP - Practical DevSecOps
Mohammed A. Imran
 
Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101
Mario-Leander Reimer
 
Cover Your Apps While Still Using npm
Cover Your Apps While Still Using npmCover Your Apps While Still Using npm
Cover Your Apps While Still Using npm
Tierney Cyren
 
Tests your pipeline might be missing
Tests your pipeline might be missingTests your pipeline might be missing
Tests your pipeline might be missing
Gene Gotimer
 
Mitigate potential compliance risks
Mitigate potential compliance risksMitigate potential compliance risks
Mitigate potential compliance risks
Jürgen Brüder
 
Experiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD ProjectExperiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD Project
Gene Gotimer
 

What's hot (20)

Anatomy of a Cloud Hack
Anatomy of a Cloud HackAnatomy of a Cloud Hack
Anatomy of a Cloud Hack
 
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
Session: A Reference Architecture for Running Modern APIs with NGINX Unit and...
 
Optimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX PlusOptimizing ModSecurity on NGINX and NGINX Plus
Optimizing ModSecurity on NGINX and NGINX Plus
 
Using Puppet With A Secrets Server
Using Puppet With A Secrets ServerUsing Puppet With A Secrets Server
Using Puppet With A Secrets Server
 
Automating security test using Selenium and OWASP ZAP - Practical DevSecOps
Automating security test using Selenium and OWASP ZAP - Practical DevSecOpsAutomating security test using Selenium and OWASP ZAP - Practical DevSecOps
Automating security test using Selenium and OWASP ZAP - Practical DevSecOps
 
Secure Architecture and Programming 101
Secure Architecture and Programming 101Secure Architecture and Programming 101
Secure Architecture and Programming 101
 
Cybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection serverCybereason - behind the HackingTeam infection server
Cybereason - behind the HackingTeam infection server
 
Cover Your Apps While Still Using npm
Cover Your Apps While Still Using npmCover Your Apps While Still Using npm
Cover Your Apps While Still Using npm
 
Authenticating to HashiCorp Vault in a VMware vSphere Environment
Authenticating to HashiCorp Vault in a VMware vSphere EnvironmentAuthenticating to HashiCorp Vault in a VMware vSphere Environment
Authenticating to HashiCorp Vault in a VMware vSphere Environment
 
JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...
JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...
JavaOne 2014: Retrofitting OAuth 2.0 Security into Existing REST Services - C...
 
[201702]Qubit Security Pitch deck
[201702]Qubit Security Pitch deck[201702]Qubit Security Pitch deck
[201702]Qubit Security Pitch deck
 
Tests your pipeline might be missing
Tests your pipeline might be missingTests your pipeline might be missing
Tests your pipeline might be missing
 
Secure your Hadoop clusters with BlueTalon SecureAccess for WebHDFS
Secure your Hadoop clusters with BlueTalon SecureAccess for WebHDFSSecure your Hadoop clusters with BlueTalon SecureAccess for WebHDFS
Secure your Hadoop clusters with BlueTalon SecureAccess for WebHDFS
 
Mitigate potential compliance risks
Mitigate potential compliance risksMitigate potential compliance risks
Mitigate potential compliance risks
 
CodeFest 2014 - Pentesting client/server API
CodeFest 2014 - Pentesting client/server APICodeFest 2014 - Pentesting client/server API
CodeFest 2014 - Pentesting client/server API
 
2020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v032020 05-tech saturday-devsecops-#2-v03
2020 05-tech saturday-devsecops-#2-v03
 
Experiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD ProjectExperiences Bringing CD to a DoD Project
Experiences Bringing CD to a DoD Project
 
Recipe for good secrets management
Recipe for good secrets managementRecipe for good secrets management
Recipe for good secrets management
 
Are you ready to be hacked?
Are you ready to be hacked?Are you ready to be hacked?
Are you ready to be hacked?
 
Securing your EmberJS Application
Securing your EmberJS ApplicationSecuring your EmberJS Application
Securing your EmberJS Application
 

Similar to Speed and security for your PHP application

Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
Rogue Wave Software
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
Rogue Wave Software
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
Deborah Schalm
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
DevOps.com
 
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Denim Group
 
Will you survive the API avalanche?
Will you survive the API avalanche?Will you survive the API avalanche?
Will you survive the API avalanche?
Rogue Wave Software
 

Similar to Speed and security for your PHP application (20)

Ongoing management of your PHP 7 application
Ongoing management of your PHP 7 applicationOngoing management of your PHP 7 application
Ongoing management of your PHP 7 application
 
Database as code in Devops - DBを10分間で1000個構築するDB仮想化テクノロジーとは?(Adam)
Database as code in Devops - DBを10分間で1000個構築するDB仮想化テクノロジーとは?(Adam)Database as code in Devops - DBを10分間で1000個構築するDB仮想化テクノロジーとは?(Adam)
Database as code in Devops - DBを10分間で1000個構築するDB仮想化テクノロジーとは?(Adam)
 
Découvrez le Rugged DevOps
Découvrez le Rugged DevOpsDécouvrez le Rugged DevOps
Découvrez le Rugged DevOps
 
Continuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycleContinuous security: Bringing agility to the secure development lifecycle
Continuous security: Bringing agility to the secure development lifecycle
 
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile ApplicationsRed7 SSDLC Introduction: Building Secure Web and Mobile Applications
Red7 SSDLC Introduction: Building Secure Web and Mobile Applications
 
Getting the most from your API management platform: A case study
Getting the most from your API management platform: A case studyGetting the most from your API management platform: A case study
Getting the most from your API management platform: A case study
 
How APIs are transforming large enterprises
How APIs are transforming large enterprisesHow APIs are transforming large enterprises
How APIs are transforming large enterprises
 
Plan a successful enterprise Linux migration
Plan a successful enterprise Linux migrationPlan a successful enterprise Linux migration
Plan a successful enterprise Linux migration
 
How to Keep Developers Happy and Lawyers Calm
How to Keep Developers Happy and Lawyers CalmHow to Keep Developers Happy and Lawyers Calm
How to Keep Developers Happy and Lawyers Calm
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps ProgramTake Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program Take Control: Design a Complete DevSecOps Program
Take Control: Design a Complete DevSecOps Program
 
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
Monitoring Application Attack Surface to Integrate Security into DevOps Pipel...
 
Enterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOSEnterprise Linux: Justify your migration from Red Hat to CentOS
Enterprise Linux: Justify your migration from Red Hat to CentOS
 
Apache HttpD Web Server - Hardening and other Security Considerations
Apache HttpD Web Server - Hardening and other Security ConsiderationsApache HttpD Web Server - Hardening and other Security Considerations
Apache HttpD Web Server - Hardening and other Security Considerations
 
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
Synopsys Security Event Israel Presentation: Keynote: Securing Your Software,...
 
How to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less timeHow to achieve security, reliability, and productivity in less time
How to achieve security, reliability, and productivity in less time
 
Will you survive the API avalanche?
Will you survive the API avalanche?Will you survive the API avalanche?
Will you survive the API avalanche?
 
Hire Professional PHP Developer
Hire Professional PHP DeveloperHire Professional PHP Developer
Hire Professional PHP Developer
 
Don’t WannaCry? Here’s How to Stop Those Ransomware Blues
Don’t WannaCry? Here’s How to Stop Those Ransomware BluesDon’t WannaCry? Here’s How to Stop Those Ransomware Blues
Don’t WannaCry? Here’s How to Stop Those Ransomware Blues
 
Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?Are open source and embedded software development on a collision course?
Are open source and embedded software development on a collision course?
 

More from Zend by Rogue Wave Software

The Docker development template for PHP
The Docker development template for PHPThe Docker development template for PHP
The Docker development template for PHP
Zend by Rogue Wave Software
 

More from Zend by Rogue Wave Software (20)

Building and managing applications fast for IBM i
Building and managing applications fast for IBM iBuilding and managing applications fast for IBM i
Building and managing applications fast for IBM i
 
Building web APIs in PHP with Zend Expressive
Building web APIs in PHP with Zend ExpressiveBuilding web APIs in PHP with Zend Expressive
Building web APIs in PHP with Zend Expressive
 
To PHP 7 and beyond
To PHP 7 and beyondTo PHP 7 and beyond
To PHP 7 and beyond
 
Speed up web APIs with Expressive and Swoole (PHP Day 2018)
Speed up web APIs with Expressive and Swoole (PHP Day 2018) Speed up web APIs with Expressive and Swoole (PHP Day 2018)
Speed up web APIs with Expressive and Swoole (PHP Day 2018)
 
The Sodium crypto library of PHP 7.2 (PHP Day 2018)
The Sodium crypto library of PHP 7.2 (PHP Day 2018)The Sodium crypto library of PHP 7.2 (PHP Day 2018)
The Sodium crypto library of PHP 7.2 (PHP Day 2018)
 
Develop web APIs in PHP using middleware with Expressive (Code Europe)
Develop web APIs in PHP using middleware with Expressive (Code Europe)Develop web APIs in PHP using middleware with Expressive (Code Europe)
Develop web APIs in PHP using middleware with Expressive (Code Europe)
 
Middleware web APIs in PHP 7.x
Middleware web APIs in PHP 7.xMiddleware web APIs in PHP 7.x
Middleware web APIs in PHP 7.x
 
Developing web APIs using middleware in PHP 7
Developing web APIs using middleware in PHP 7Developing web APIs using middleware in PHP 7
Developing web APIs using middleware in PHP 7
 
The Docker development template for PHP
The Docker development template for PHPThe Docker development template for PHP
The Docker development template for PHP
 
The most exciting features of PHP 7.1
The most exciting features of PHP 7.1The most exciting features of PHP 7.1
The most exciting features of PHP 7.1
 
Unit testing for project managers
Unit testing for project managersUnit testing for project managers
Unit testing for project managers
 
The new features of PHP 7
The new features of PHP 7The new features of PHP 7
The new features of PHP 7
 
Deploying PHP apps on the cloud
Deploying PHP apps on the cloudDeploying PHP apps on the cloud
Deploying PHP apps on the cloud
 
Data is dead. Long live data!
Data is dead. Long live data! Data is dead. Long live data!
Data is dead. Long live data!
 
Optimizing performance
Optimizing performanceOptimizing performance
Optimizing performance
 
Resolving problems & high availability
Resolving problems & high availabilityResolving problems & high availability
Resolving problems & high availability
 
Developing apps faster
Developing apps fasterDeveloping apps faster
Developing apps faster
 
Keeping up with PHP
Keeping up with PHPKeeping up with PHP
Keeping up with PHP
 
Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i Fundamentals of performance tuning PHP on IBM i
Fundamentals of performance tuning PHP on IBM i
 
Getting started with PHP on IBM i
Getting started with PHP on IBM iGetting started with PHP on IBM i
Getting started with PHP on IBM i
 

Recently uploaded

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
masabamasaba
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
Juha-Pekka Tolvanen
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
masabamasaba
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
chiefasafspells
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
Presentation.STUDIO
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
masabamasaba
 

Recently uploaded (20)

%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
%+27788225528 love spells in Atlanta Psychic Readings, Attraction spells,Brin...
 
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open SourceWSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
WSO2CON 2024 - Freedom First—Unleashing Developer Potential with Open Source
 
What Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the SituationWhat Goes Wrong with Language Definitions and How to Improve the Situation
What Goes Wrong with Language Definitions and How to Improve the Situation
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
%+27788225528 love spells in Knoxville Psychic Readings, Attraction spells,Br...
 
%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto%in Soweto+277-882-255-28 abortion pills for sale in soweto
%in Soweto+277-882-255-28 abortion pills for sale in soweto
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
Love witchcraft +27768521739 Binding love spell in Sandy Springs, GA |psychic...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
WSO2CON 2024 - WSO2's Digital Transformation Journey with Choreo: A Platforml...
 
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
WSO2CON 2024 - Navigating API Complexity: REST, GraphQL, gRPC, Websocket, Web...
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
AI & Machine Learning Presentation Template
AI & Machine Learning Presentation TemplateAI & Machine Learning Presentation Template
AI & Machine Learning Presentation Template
 
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptxBUS PASS MANGEMENT SYSTEM USING PHP.pptx
BUS PASS MANGEMENT SYSTEM USING PHP.pptx
 
%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand%in Midrand+277-882-255-28 abortion pills for sale in midrand
%in Midrand+277-882-255-28 abortion pills for sale in midrand
 
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
%+27788225528 love spells in new york Psychic Readings, Attraction spells,Bri...
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
WSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaSWSO2CON 2024 Slides - Open Source to SaaS
WSO2CON 2024 Slides - Open Source to SaaS
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 

Speed and security for your PHP application

  • 1. 1© 2017 Rogue Wave Software, Inc. All Rights Reserved. 1 Speed and security for your PHP application
  • 2. 2© 2017 Rogue Wave Software, Inc. All Rights Reserved. 2 Slavey Karadzhov Senior solutions consultant Rogue Wave Software Presenters Dr. Johannes Dahse CEO & Co-Founder RIPS Technologies Kai Schmithuesen Account executive - Zend Rogue Wave Software
  • 3. 3© 2017 Rogue Wave Software, Inc. All Rights Reserved. 3 Agenda
  • 4. 4© 2017 Rogue Wave Software, Inc. All Rights Reserved. 4 Agenda • The importance of speed and security for your business • Boosting your PHP with Zend Server – Understand and analyze bottlenecks – Optimize Code / Tune Settings – Develop • Fast but is it secure – Analyze your source code with ease – Protect production servers from vulnerabilities • Competition • Q&A
  • 5. 5© 2017 Rogue Wave Software, Inc. All Rights Reserved. 5 Click to watch the full webinar
  • 6. 6© 2017 Rogue Wave Software, Inc. All Rights Reserved. 6 The importance of speed and security for your business
  • 7. 7© 2017 Rogue Wave Software, Inc. All Rights Reserved. 7 How performance impacts your business If an e-commerce site is making $100,000 per day, a 1 second page delay could potentially cost you $2.5 million in lost sales every year Mobile sites that loaded in 5 seconds earned almost double the revenue of sites that took 19 seconds to load 73% of mobile internet users have encountered a website that was too slow to load 51% of mobile internet users have encountered a website that crashed, froze, or received an error A 1 second delay in page response can result in a 7% reduction in conversions 47% of consumers expect a web page to load in 2 seconds or less
  • 8. 8© 2017 Rogue Wave Software, Inc. All Rights Reserved. 8 How security impacts your business ● Cyber criminals perform 1,000,000 web attacks per day ● General web attacks affect everyone ○ Website infection for malware/phishing campaigns ○ Web server compromise for botnets, DDoS attacks ● Targeted web attacks ○ Steal intellectual property ○ Steal sensitive data (credit cards, PII, passwords) ● $200,000 average data breach costs ● 50,000 websites are hacked daily
  • 9. 9© 2017 Rogue Wave Software, Inc. All Rights Reserved. 9 Get up to speed with Zend Server
  • 10. 10© 2017 Rogue Wave Software, Inc. All Rights Reserved. 10 Speed depends on ...
  • 11. 11© 2017 Rogue Wave Software, Inc. All Rights Reserved. 11 Speeding up an app is ... Continuous process that involves ● Understand and analyze bottlenecks ○ auto-scaling ○ caching ● Optimize Code / Tune Settings ○ with or without human intervention ● Develop
  • 12. 12© 2017 Rogue Wave Software, Inc. All Rights Reserved. 12 In PHP speed depends on ... •The Zend PHP Engine •Proven PHP modules •PHP components to allow OpCache, DataCache and PageCache •First class monitoring tools
  • 13. 13© 2017 Rogue Wave Software, Inc. All Rights Reserved. 13 Zend Server is speed •Perfected from the developers of the Zend PHP engine •With seamless optimizations built in the core •With multiple components that boost your PHP applications •And monitoring that helps you understand your PHP application.
  • 14. 14© 2017 Rogue Wave Software, Inc. All Rights Reserved. 14 Peace of mind with RIPS Technologies
  • 15. 17© 2017 Rogue Wave Software, Inc. All Rights Reserved. 17 Top security vulnerabilities used in web attacks websites have at least one medium-severe vulnerability 40% Cross-site scripting Inject malicious JavaScript code rendered by visitors 24% SQL injection Manipulate database query to retrieve sensitive data 7% Path traversal Manipulate file operation to steal sensitive files 4% File inclusion Induce a file for code execution 84%
  • 16. 18© 2017 Rogue Wave Software, Inc. All Rights Reserved. 18 Security challenges Challenge: Stay up-to-date with all attack techniques / pitfalls Security awareness Challenge: Growing code and team sizes Secure development Challenge: Time to market pressure Security testing Compliance requirements GDPR, PCI DSS, HIPAA, OWASP ASVS, OWASP Top 10
  • 17. 19© 2017 Rogue Wave Software, Inc. All Rights Reserved. 19 RIPS Code Analysis scans your application ● RIPS scans your source code and detects security bugs ● Technology leader for PHP Static Application Security Testing (SAST) ● Unique language-specific approach, built by security experts
  • 18. 20© 2017 Rogue Wave Software, Inc. All Rights Reserved. 20 RIPS Code Analysis detects unknown security issues ● Supports PHP 3-7, large code bases, and frameworks ● Scans your source code within minutes for ○ 100+ security vulnerability categories ○ 60+ code quality issue categories ○ 40+ misconfiguration categories ● Track record of unknown vulnerabilities reported in popular cores:
  • 19. 21© 2017 Rogue Wave Software, Inc. All Rights Reserved. 21 RIPS Code Analysis protects your application ● Seamless integration into every step of your SDLC setup ● Block vulnerable code before it is deployed on your production server sonarqube
  • 20. 22© 2017 Rogue Wave Software, Inc. All Rights Reserved. 22 Visit us at ZendCon → 15th – 17th October Las Vegas Sponsored by:
  • 21. 23© 2017 Rogue Wave Software, Inc. All Rights Reserved. 23 Visit us at PHP.Ruhr → 11th November Dortmund Sponsored by:
  • 22. 24© 2017 Rogue Wave Software, Inc. All Rights Reserved. 24 Interested to give it a test drive?
  • 23. 25© 2017 Rogue Wave Software, Inc. All Rights Reserved. 25 Competition What we will do: We will contact you to review your projects and pick the three most interesting in terms of scope and complexity. We will help you to install Zend Server including RIPS plugin on your infrastructure for your project and support you during a three month trial phase We are looking to give three projects the chance to test Zend Server and RIPS What you will do: Type “Interested” into the Q&A panel
  • 24. 26© 2017 Rogue Wave Software, Inc. All Rights Reserved. 26 Click to watch the full webinar
  • 25. 27© 2017 Rogue Wave Software, Inc. All Rights Reserved. 27 Q&A
  • 26. 28© 2017 Rogue Wave Software, Inc. All Rights Reserved. 28 Thank You
  • 27. 29© 2017 Rogue Wave Software, Inc. All Rights Reserved. 29 Speed and security for your PHP application Kai Schmithüsen Account Executive Zend EMEA Slavey Karadzhov Senior Consultant, Professional Services @ RogueWave Johannes Dahse CEO & Co-founder @ RIPS Technologies
  • 28. 30© 2017 Rogue Wave Software, Inc. All Rights Reserved. 30 References •https://developer.akamai.com/blog/2016/09/14/mobile-load-time-user- abandonment •https://pages.zend.com/rs/zendtechnologies/images/PHP7- Performance%20Infographic.pdf •https://www.zimuel.it/blog/strong-cryptography-in-php •https://www.infopoint-security.de/media/Trustwave_2018- GSR_20180329_Interactive.pdf
  • 29. 31© 2017 Rogue Wave Software, Inc. All Rights Reserved. 31 Click to watch the full webinar