Tutorials

Chris Shiflett: Evolution of Web Security: Fundamentals, Emerging Trends, and Ideas for the Future

This is a multi-faceted tutorial that explores new concepts in web security. After a solid grounding in well-known exploits like cross-site scripting (XSS) and cross-site request forgeries (CSRF), I'll demonstrate how traditional exploits are being used together and with other technologies like Ajax to launch sophisticated attacks that penetrate firewalls, target users, and spread like worms. I'll then discuss some ideas for the future, such as evaluating trends to identify suspicious activity and understanding human tendencies and behavior to help provide a better, more secure user experience.

Derick Rethans: Debugging techniques with Xdebug

This session teaches you how to detect and debug PHP scripts with the free open source tool Xdebug, which is an extension to PHP. The first part will quickly show how to get started with Xdebug. The second part of the session will cover detecting problems in your scripts by showing how Xdebug provides debugging aides in the form of stack/function traces, dumps of variables, modified PHP functions. In the last part I will show the remote debugger capabilities of Xdebug with different IDEs, where you can: set breakpoints on functions, methods and file/line combinations and evaluating error messages. On top of this you will also see how you can use Xdebug's profiler to find bottlenecks in your applications.

Marcus Deglos: Building a social networking site with Drupal

Drupal is an open-source content management platform written in PHP. It's recent dramatic growth has seen Drupal find it's way into an astonishing variety of big-name websites: national government sites including whitehouse.org and over a dozen European government sites, IBM, Sun, Sony, MTV, the BBC and a host of other broadcasters.

Drupal is particularly popular for building websites with social networking features, such as blogs, forums, ratings and reviews, and integration with other social media platforms such as Flickr and Twitter.

This tutorial session focuses on how to build a social networking site with Drupal, covering the key tools of blogs, forums, user profiles, and member directories. We'll be building a Drupal site from scratch, using Drupal 6 and a number of community-contributed Drupal modules. You'll also learn how to build your own custom Drupal modules and themes.

Bring along a laptop with Apache, MySQL and PHP (e.g. MAMP/XAMPP), and the IDE of your choice. You'll need to be happy writing PHP code, and you don't need any experience with Drupal.

Matthew Weier O'Phinney and Rob Allen: Zend Framework Application Patterns

Zend Framework provides both the components with which to build applications as well as a full-blown MVC architecture for rapid development of web applications. Instead of a convention over configuration" approach, Zend Framework leaves the reins in developers' hands.

Over the years, a number of patterns of development have emerged amongst the Zend Framework community: best practices for domain modeling, how to accomplish rich view logic, techniques for interacting with client-side scripting, and more. While tutorials exist for many of these patterns, few show putting them together into a cohesive application. In this workshop, you will learn a number of these patterns, applying them to a real-world application and showing how to write a cohesive, testable Zend Framework project.

We will be concentrating on a set of Zend Framework components and development strategies that improve every aspect of application lifecycle. Starting with custom Zend_Application resources and bootstrapping techniques for better initialisation, we then look at routing web services using the Zend_Rest components. Whilst looking at domain models, we consider the proper usage of Zend_Form in relation to filtering data, as well as how Zend_Paginator can be used as a generalised data type for model data used in views. Placeholder view helpers, coupled with Zend_Layout and the ContextSwitch action helper, are looked at in detail to provide a rich view system. Finally, we will also be covering application-wide concepts such as caching and logging."

Melanie Rhianna Lewis: Writing a PHP extension in C

PHP, PECL and PEAR provides more functionality than you can shake a stick at. Sometimes though you need to add functionality that is not yet provided by the core language or any extension. For example using IO or a C library that is not yet supported, or carrying out some processor intensive computation. In these cases you need to resort to writing your own C extension.

This tutorial comprehensively covers writing PHP extensions in C. It starts with setting up a build environment. It then introduces the basics of C extension development and work through an full example. The example will explain the various PHP data types and how PHP function arguments are handled in C. The tutorial will then move on to more sophisticated areas of extension development such as writing a stream wrapper, implementing PHP classes and using external C libraries. The tutorial will also look at using C++ rather than C as the extension language. It will cover the requirement of thread safety in extensions and explain the macros provided by PHP to support this. Finally it will talk about documentation and the facilities provided by the PHP site for PECL writers such as PECL database and SVN server.

Sebastian Bergmann: Quality Assurance in PHP Projects

When things go wrong in software projects, the team has to work overtime and cancel vacations. More often than not, deadlines and quality goals are missed nevertheless. Because software usually lives longer than originally planned, the real problems crop up when changes and extensions become necessary later on.

In this tutorial, Sebastian Bergmann, a pioneer in the field of quality assurance in PHP projects and creator of PHPUnit, imparts comprehensive knowledge and experience about testing and quality assurance in Web projects.

Using examples from the PHP world, the tutorial elucidates the planning, execution, and automation of tests for the different layers and tiers of a Web software architecture, the measuring of software quality by means of software metrics, as well as establishing successful development processes and methods such as continuous integration.

Sebastian Schürmann: Scrum Workshop - Working projects the iterative way

Scrum is a lightweight way of organizing and pulling of projects, focussing on the value of features and the regular event of estimation.

A predefined set of events and methods guides you through a iterative project development effort and makes always sure you get stuff delivered. The fullday workshop shows the basics, exercises planning poker and other educational games for the attendees. It's not a fullscale training with a certificate but it is a good introduction that will help you judge if scrum is good for you or not.