Ibuildings - Blog - ibuildings.com

Industry news, case studies and analysis of PHP-related topics from business perspective.

php blog, php development blog, php businesss blog, enterprise php

Blog

Friday, June 26. 2009

DPC 2009 Day 0 - Stefan Esser's Security Crash Course

From the list of tutorials on Day One of DPC 2009, I chose to sit-in on Stefan Esser's Security Crash Course with the idea that it would be a good opportunity for a review. When he displayed one of his introductory slides about the topics he would be covering, there seemed to be no surprises: input filtering, XSS, CSRF, SQL injection, session management and PHP code inclusion and evaluation -- it was a fairly expected list of all those things in an application that can threaten at one time or another to come back and bite a developer on the back-end (or front-end too for that matter). Even though some of the topics on the list already suggested to me certain known risky situations and how to diffuse them, it didn't matter. I was here, after all, for a review, a reality-check, hoping that certain topics such as PHP code inclusion and evaluation would be made even clearer.

It worked like a charm, although, not immediately, not necessarily in that room on that day.


Continue reading "DPC 2009 Day 0 - Stefan Esser's Security Crash Course"

Posted by Cal Smith in planetphp at 15:52 | Comment (1) | Trackback (1)
Defined tags for this entry: , , , , , ,

Tuesday, June 23. 2009

Best Practices in Estimating

Part of the mandate for the PHP Center for Expertise inside of Ibuildings is an ongoing series of Business Process Re-Engineering projects. The first of these projects, "Estimating Best Practices", was recently completed and released. It contains the collected best practices from estimators inside Ibuildings, as well as input from external experts and published works.

Our estimating team spent two months thinking and discussing how software companies create estimates; we discussed what works and what doesn't. While the final document itself, along with the accompanying workbook, are available internally only, some of what was learned about the meta process of estimating may be interesting to others. Here are four Best Practices that came out of the process that we want to share with everyone.



Continue reading "Best Practices in Estimating"

Posted by Cal Evans at 12:44 | Comments (5) | Trackback (1)
Defined tags for this entry: , , , ,

Tuesday, June 16. 2009

Sessions at php|tek 2009

This year's php|tek conference was hosted by php|architect just outside Chicago in the US in mid-May. I attended this year as a speaker delivering a number of sessions, and was also able to attend the some of the other sessions on offer at the event. There were some particular highlights of the week.

The first session of the main conference was the opening keynote, "The Future of PHP 6" by Andrei Zmievski. The talk was great but will be forever remembered for Andrei's t-shirt which read "I ? Unicode". With the conference in full swing, we moved on to some of the more technical sessions.


Continue reading "Sessions at php|tek 2009"

Posted by Lorna Jane Mitchell in planetphp at 14:42 | Comment (1) | Trackbacks (0)
Defined tags for this entry: , , , ,
(Page 1 of 1, totaling 3 entries)

United Kingdom (change)