You’ve likely heard of a firewall, but do you know what a Web Application Firewall (WAF) is? This article steps you through what it is, how it works, why they’re beneficial, but also how they’re not always the best way to secure you software applications. Read the article.
If you’ve been actively involved in software development in recent years, then you should be aware of the term “DevOps.” But do you know about SecDevOps? If not, this post will step you through where it came from, what is it, and what you need to know about it. Read the article.
Legacy applications. If there’s one thing that developers agree on, it’s that they don’t want to work on them. If not that, it’s that they’re often, by default, assumed to be insecure. These beliefs aren’t without some justification. So in this post, I’m going to walk you through a series of approaches and techniques which you can use to help ensure that your legacy applications are either as secure as they can be or are becoming ever more secure. Read the article.
This post step through the anatomy of an application vulnerability, then steps through several ways in which you can reduce your application’s vulnerability. In doing so, we’ll also reduce your application’s level of vulnerability. Read the article.
Software creation is a complicated process at the best of times; wouldn’t you agree? Given that, any process, or tool which reduces said complication is a valuable thing. It’s for this reason that Continuous Integration (CI) has become increasingly accepted among professional software developers over several decades. This post discusses eleven ways to choose your CI tool. Read the article.
Security, it’s a topic that’s become near and dear to my heart as a software developer. But that doesn’t mean that every developer shares my perspective. What’s more, we’re a funny breed. Despite being surrounded by so much of the most modern technology, we can often drag our feet on things that we know, somewhere deep down inside, we should be better skilled at. This post discusses how to get software engineers to take security more seriously. Read the article.
In this post, I consider ten best practices which will help you and your team secure the web applications which you develop and maintain. I’d like to think that these won’t be the usual top 10, but rather something a little different. Read the article.
In this post I cover four steps which you can take to protect your software applications. These include code audits and tools, continuous education, and existing frameworks. Read the article.
This is an in-depth, thought-leadership, piece for Codeship in how to identify the major blockers in a Continuous Integration & Continuous Deployment pipeline. Read the article.
You don’t need to be a logging expert to know that when it comes to logging in applications, there’s a wide variety of options to choose from. There’s the Common Log Format, the Combined Log Format, and Nginx’s log format; and on and on the list goes. But are any of these really the right? Read the article.
With all the time I’ve spent of late assessing different deployment options, it seemed pertinent to stop for a moment and see where the deployment space is heading over the next couple of years. Read the article.
This post discusses five solid reasons for why developers should try out new technologies. Read the article.
Should you opt for an on-premise CI solution or a hosted CI solution? It’s one of those never-ending questions, a lot like "should I use tabs or spaces?" I don’t know that I nor anyone else is ever going to end this debate about continuous integration decisively. But what I can do, what I’m going to do in this post, is to compare and contrast some of the pros and cons of hosted versus on-premise CI solutions. Read the article.
There are many reasons often cited for why continuous integration is necessary, but none are so important, so essential, as trust. This post shows why continuous integration is not only important, it’s essential. Read the article.
While it is important to maintain a more short-term focus during the bootstrapping stage, businesses must think about handling long-term costs. Given that, a well-thought-out software automation solution should be considered almost right from the outset. In this post, I show you how to do that, by stepping through creating software automation solutions for almost any budget. Read the article.
Continuous integration is so often preached from the pulpit of careful software craftsmanship that you might think it’s nothing more than KoolAid. However, continuous integration is neither transitory nor hollow; it’s a valuable and scientifically verifiable means of reducing production bugs. Today, let’s step through how CI does that. Read the article.
In this post, I complete a series that shows you how to use Codeship as part of your CI workflow so that you can deploy your applications with a minimum of fuss and effort. Read the article.
In this post, I begin a series that shows you how to use Codeship as part of your CI workflow so that you can deploy your applications with a minimum of fuss and effort. Read the article.
Regardless of an organization’s size, onboarding new developers and getting them up to speed as quickly as possible remains a distinct challenge. The longer the time between being hired and being productive, the more expensive the investment — especially when talking about more experienced developers. This article discusses five ways Docker can reduce that time. Read the article.
In many engineering disciplines, testing is an accepted practice. It’s not something considered an afterthought or a separate process. It’s seen as a core part of the profession. Something you do without exception. But in software development, testing doesn’t seem to be quite so absolute — yet. Let’s explore five reasons why it should be. Read the article.
If you’ve been around PHP for more than a little while, you’ve no doubt tested your code with PHPUnit the de facto standard in the PHP community. But it’s not the only choice. Other choices abound, one of which I’m going to take you through in this tutorial; it’s called Atoum Read the article.
This article, for the SemaphoreCI blog, shows how to get started with Godog — a Behavior-driven development framework for building and testing Go applications. Read the article.
Thanks to Static Review, by Samuel Parkinson, you can now write Git hooks with native PHP, optionally building on the existing core classes. In this post, I’m going to give you a tour of what’s on offer, finishing up by writing a custom class to check for any lingering calls to var_dump(). Read the article.
Two recent articles on SitePoint talked about how people set up their development environments. Zack Wallace talked about setting up a Windows development environment, and Shaumik Daityari talked about his experience working with Ubuntu Linux. In this article, I want to talk about how I set up a development environment on Mac OS X. Read the article.
This is part one of a 4-part series for the Loggly blog. It discusses four key considerations for professional logging. Read the article.
This is part two of a 4-part series for the Loggly blog. It looks at some of the key pros and cons of using the built-in logging options available in three of the most popular development languages: PHP, Python, and Ruby. Read the article.
This post looks at three questions which impact on privacy and security. It walks through key logging decisions including protocols, message encryption, and how these choices impact performance. Read the article.
This shows one final approach to logging; specifically, how to separate the logging responsibilities from an application by using a queueing server. Read the article.
This post, for the Usersnap blog, introduces the user to Kanban and shows the user how to integrate the Usersnap Feedback widget with Kanbanize. Read the article.
This post, for the Usersnap blog, steps the user through integrating the Usersnap Feedback widget with Asana dashboard. Read the article.
This post, for the Conetix blog, step through creating and maintaining a series of regular tasks in Plesk 12. Read the article.
In this tutorial, for the Conetix blog, I show the user how to set up and deploy a basic Zend Framework 2 application, based on the ZF2 Skeleton Application, on Plesk 12. Read the article.
In this tutorial, for the Conetix blog, I step the user through setting up and deploying a basic Node.js application on Plesk 12. Read the article.
This tutorial, for the Conetix blog, takes the user through how to set up and deploy a KeystoneJS application on Plesk 12. Read the article.
In this tutorial, for the Conetix blog, the user is stepped through the process of setting up and deploying a basic FuelPHP 4 application on Plesk 12. Read the article.
This tutorial, for the Conetix blog, takes the user through the process of setting up and deploying a basic Ruby on Rails 4 application on Plesk 12. Read the article.
This tutorial, for the Conetix blog, takes the user through how to set up and deploy a basic Laravel 4 application on Plesk 12. Read the article.
I wrote this article for SitePoint to show developers how to test their application's email functionality, as close to production as possible, using MailCatcher. Read the article.
A follow up to the GuzzlePHP intro by Miguel Romero; the article shows the user how to use Guzzle to test network client software. Read the article.
This post for New Relic, discussed the top 3 challenges in mobile development. These are: Vendor / Platform and Device Fragmentation and Development Approach. Read the article.
This two part series reviewed Web Storage in HTML5. It covered the history of both Web Storage and cookies, the pros, cons, strengths and limitations. Read the article.
Founded Master Zend Frameworktagged with: Master Zend Framework, PHP, Zend Framework
I founded, and write weekly for, Master Zend Framework, which teaches developers all there is to know about the Zend Framework, from basics to advanced.
Monthly Column in PHP Architect Magazinetagged with: PHP Architect, PHP
For two years, I've written the Education Station column in PHP Architect magazine; introducing PHP developers to new technologies, services and concepts.
This post showed the user how to create a custom Zend Framework filter protecting them against virus in uploads, using the ClamAV virus scanner. Read the article.
Wondering why your site users don't see or use the very obvious button you put there for them to click on? Maybe they're not actually seeing it. Here I show you why. Read the article.
This is the final part of the interview series, discussing PHP as a professional language. Here, I interviewed Sitepoint's PHP channel editor, Bruno Škvorc, and Gary Hockin from Roave. Read the article.
This is an introductory article to the Go language from Google. I walked the user through setting up their environment and creating an application, using imports, structs and functions. Read the article.
This is the second part of the interview series, getting opinions from Tom Oram, who works for a development firm in Wales and Rob Allen from Nineteen Feet. Read the article.
This is the first in a series, discussing whether great apps can be written in PHP. PHP's been decried as a horrible language. I disagreed, so discuss it with the community. Read the article.
This post takes the user through the Composer cheat sheet. It covers the two sections covering the command line and composer.json file and an intro screencast. Read the article.
This is the second of a two part series introducing developers to PuPHPet. In this part I covered the two core files used: common.yaml, and Vagrantfile. Read the article.
Written for the New Relic blog, this post explores the possibility of using HTML5's IndexedDB, instead of MySQL, as a data source for web-based applications and why it's better than WebSQL. Read the article.
Part 3 of the series looking at five alternative databases PHP developers can use. The series looks at five alternative databases available for PHP apps you, developers might not have heard of. Read the article.
This post discusses the 8 Fallacies of Distributed Computing, specifically for PHP developers; as, it’s important to understand these common misconceptions. Read the article.
Picking up from Sean Hudgston's Introduction to Git, this post looks at some of the advanced features of Git, such as rebasing, exporting a repository, basic rebasing, commit reordering, commit splitting and commit merging. Read the article.
This is an in-depth post, showing users how to use git hooks to set up automatic deployment for their PHP applications. Read the article.
This was the first of a two part series for Sitepoint, introducing developers to the virtual machine generation tool - PuPHPet Read the article.
Is your site mobile-aware? Is it truly responsive? If it’s not, according to eMarketer, there are expected to be more than 1.75 billion smartphone users this year. By 2017 global mobile phone penetration will rise to 69.4% of the population. Whether you like it or not, if you don’t get on the bandwagon, that site you’ve invested so heavily in may soon have a very limited audience. Read the article.
Do you deploy or transfer files using FTP? Given the age of the protocol and its wildly popular nature amongst a wide number of hosting companies, it’s fair to say you might. But are you aware of the security issues this may open up for you and your business? Let’s consider the situation in-depth. Read the article.
Ever wanted a simple way to store address book style information and network information actually next to any kind of ordered information? If so, then there’s a technology which has been around since 1993, one which despite not having the cool factor of such technologies as Node.js and Go, allows you to do exactly this. It’s called LDAP! Read the article.
Dealing with code created by other people is a fundamental skill for a developer. Give it a year and other people’s code could even be your own. Today I’m going to look at some of the best approaches for how to deal with other people’s code, read legacy code, effectively. Read the article.
It’s often said that developers and computer types don’t have many social graces or inter-personal skills; but I’m sure we all know that’s more caricature than fact. However, even if we’re more on the extroverted than introverted end of the scale, we can find it difficult, even intimidating to get out there and meet people to press the flesh, if you will. In this article, I show you 6 ways you can start using today. Read the article.
Recently I wrote an introduction to using Go, looking at what it is, how to install it, and how to get your environment ready. In this article, we’ll build on that foundation, by looking at a few new concepts; specifically: Arrays & Slices, Maps, & Methods Read the article.
In this video, produced by SitePoint’s sister company Learnable, you’ll learn how to create a basic, modular, application in Phalcon using the Phalcon command-line tools. Read the article.
Are you a web application developer coming to Go from a dynamic language as PHP, Python or Ruby, and wondering how to develop web-based applications using it? Are you wondering how to develop in a manner analogous to your existing frameworks, where you can leverage your existing knowledge? Then this is the series for you. Read the article.
In this, the second part of the Beego series, we’ll be getting into more of the fun aspects of building a web application by integrating a database, specifically with SQLite3, as well as looking at models, forms and validation. I hope you are ready to go, as this is going to be a good ride through to the end. Read the article.
Can great applications be written in PHP? Many people would argue that they can’t, yet so much has. This is the first part of an interview series for SitePoint, where I explore this topic in-depth. Read the article.
The cloud, everyone’s racing to be there, the blogs and forums are a buzz – and have been for some time now. Personally though I feel that cloud computing isn’t necessarily new. It’s a new enough take on how we design, deploy and manage application and computing services and is worth the excitement. With so much excitement around, cloud security tend to be given a lesser importance than it deserves. Read the article.
Your code isn’t working! You don’t know why and you’ve been staring at it for what seems like hours. You’re grumpy. You’re falling behind schedule. You’re getting increasingly irritated. Why doesn’t it work? Why can’t you see the bug? It can’t be so hard to find, can it? Read the article.
Have you heard PHPFog is coming to an end? No, well – it is. That’s right, in a recent announcement on their mailing list, the company has said that PHPFog will be no more by the end of January, 2013. But if you’re on their platform, don’t panic! The new, combined platform may be even better than what you’re accustomed to with them now. Read the article.