Coming up in less than two weeks, FRPUG will be hosting Kevin Schroeder of Zend Technologies. He'll be speaking on the new Flash Builder 4.5 for PHP. We'll be meeting at the Remy offices at 1660 17th on the 4th floor in Denver, CO. The meeting will start at 6:30. We'll be providing food and drink so please RSVP by This e-mail address is being protected from spambots, you need JavaScript enabled to view it to let me know you'll be attending.

Review: Pro PHP Security Written by David Stockton Author: Chris Snyder, Michael Southwell Published: December 2010 Publisher: Apress Reviewer: Scott Hancock This was a pretty solid book on PHP web application security, and should be a part of any PHP developer's library. The author gives detailed descriptions of the most common ways in which your application can be attacked, and gives well thought out examples of how to guard against them. Here are some of the topics that you'll learn about in the book: SQL injection: This book gives a great overview of what SQL injection is, how to identify vulnerabilities, how to fix them, and how to test your application

Cross-site scripting: This was a good one for me. Much of the documentation on XSS is pretty vague. The authors did a good job of providing several detailed examples of cross-site scripting attacks, and how to defend against them.

Validating and Sanitizing input: The authors really stress the importance of validating and sanitizing any input that comes into your application. They give examples of how to create validation libraries. However, one of my main disappointments with the book was that they failed to discuss PHP's filter_var functionality.

Captchas: What they are and how to implement them.

Securing RESTful services: Restricting access, authenticating and authorizing requests, and enforcing quotas and rate limits.

How to secure UNIX

How to secure your database

Encryption: The authors discuss keeping your passwords safe by hashing, and how to protect other sensitive data by symmetrical or asymmetrical encryption

SSL and SSH: Securing network connections via SSL and SSH. How to generate certificates and keys.

Securing shared hosting

Keeping production and development environments separate

Keeping software up to date These are just some of the focus areas of this book. It provides even more interesting and valuable information. While this book won't make you a security expert, it will put you well on the path of proper security-minded PHP coding. Read more... Taming your build with Hudson, PHPUnit and SSH Written by David Stockton At our last meeting on January 20, 2011, Wil Moore III presented on "Tame your build with Hudson, PHPUnit and SSH". The presentation was very informative and we've now got the slides from Wil's presentation. Thank you for your presentation, Wil! Tame your build and deployment process with hudson, phpunit, and ssh View more presentations from David Stockton PHP Objects, Patterns, and Practice Written by Trevor Henke Author: Matt Zandstra Published: June 2010 Publisher: Apress Reviewer's Rating: 4/5 PHP Objects, Patterns, and Practice is the book I’ve been looking for. As a novice PHP developer it answered a lot of the questions I’ve had about the next steps to becoming an effective developer. Through the PHP object model, design patterns, and then putting it all together this is a must have book for any one wanting to take the next steps in their PHP knowledge. The PHP object section is worth the cost of admission alone with this title. Not only covering the updates to PHP 5.3 but showing how to use them. From the coverage of the php “magic functions” to those of you struggling to put together a solid object model this is one of the most clearly written descriptions I’ve read. The examples of how to use abstract classes and inheritance effectively are especially helpful and setup a great transition to working with design patterns. Design Patterns make up the meat of this book, and rightly so. I finally get the purpose of design patterns and how to use them with my work. Although, I’m by far not an expert on the topic, from a learning perspective, it is a spot on effective at teaching the principles of this sometimes complicated area.br The Practice portion of this book is the only area I could see some better coverage on. While the topics and tools are covered expertly, it feels dated. From my experience with the PHP/Open source community, the tools covered are being eclipsed by distributed version control, and tighter IDE support. While I know folks are still using SVN, it would have been nice to see an updated chapter on using git or Mercurial. PHP Objects, Patterns, and Practice is an excellent book. If you are wanting to learn more about the very important topics covered, then this is probably the best starting point out there. View more information about PHP Objects, Patterns, and Practice at the publisher's site Presentation: Neal Gamache - Escape from the Black Box Written by David Stockton I've finally gotten around to posting this (sorry), but here it is: Neal Gamache's presentation from our October 13, 2010 - Escape from the Black Box. In case you weren't there, Neal spoke about his experience in testing games as well as his current experiences with more "enterprise-y" software. He discussed different strategies that companies try in order to increase quality and how they usually turn out. He talks about defects, how they get into software and how it's inevitable that the software you release will have defects. Please check out his slide deck. It's on Google Docs this time, so if you click the full-screen button, you'll actually get to see some of the progressions and transitions. Enjoy!

David Stockton

President, Front Range PHP User Group