Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.

Speed and security for your PHP application

168 Aufrufe

Veröffentlicht am

Two of the most important topics on everyone’s mind when developing PHP applications are performance and security.

Rogue Wave Software and RIPS Technologies are teaming up to show you how you can utilize our solutions to help make your PHP applications safe and fast. We will use a typical Magento implementation as an example to speak about finding and eliminating bottlenecks and debugging your code. We will also demonstrate how you can detect security vulnerabilities using cutting edge static code analysis.

Veröffentlicht in: Software
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

Speed and security for your PHP application

  1. 1. 1© 2017 Rogue Wave Software, Inc. All Rights Reserved. 1 Speed and security for your PHP application
  2. 2. 2© 2017 Rogue Wave Software, Inc. All Rights Reserved. 2 Slavey Karadzhov Senior solutions consultant Rogue Wave Software Presenters Dr. Johannes Dahse CEO & Co-Founder RIPS Technologies Kai Schmithuesen Account executive - Zend Rogue Wave Software
  3. 3. 3© 2017 Rogue Wave Software, Inc. All Rights Reserved. 3 Agenda
  4. 4. 4© 2017 Rogue Wave Software, Inc. All Rights Reserved. 4 Agenda • The importance of speed and security for your business • Boosting your PHP with Zend Server – Understand and analyze bottlenecks – Optimize Code / Tune Settings – Develop • Fast but is it secure – Analyze your source code with ease – Protect production servers from vulnerabilities • Competition • Q&A
  5. 5. 5© 2017 Rogue Wave Software, Inc. All Rights Reserved. 5 Click to watch the full webinar
  6. 6. 6© 2017 Rogue Wave Software, Inc. All Rights Reserved. 6 The importance of speed and security for your business
  7. 7. 7© 2017 Rogue Wave Software, Inc. All Rights Reserved. 7 How performance impacts your business If an e-commerce site is making $100,000 per day, a 1 second page delay could potentially cost you $2.5 million in lost sales every year Mobile sites that loaded in 5 seconds earned almost double the revenue of sites that took 19 seconds to load 73% of mobile internet users have encountered a website that was too slow to load 51% of mobile internet users have encountered a website that crashed, froze, or received an error A 1 second delay in page response can result in a 7% reduction in conversions 47% of consumers expect a web page to load in 2 seconds or less
  8. 8. 8© 2017 Rogue Wave Software, Inc. All Rights Reserved. 8 How security impacts your business ● Cyber criminals perform 1,000,000 web attacks per day ● General web attacks affect everyone ○ Website infection for malware/phishing campaigns ○ Web server compromise for botnets, DDoS attacks ● Targeted web attacks ○ Steal intellectual property ○ Steal sensitive data (credit cards, PII, passwords) ● $200,000 average data breach costs ● 50,000 websites are hacked daily
  9. 9. 9© 2017 Rogue Wave Software, Inc. All Rights Reserved. 9 Get up to speed with Zend Server
  10. 10. 10© 2017 Rogue Wave Software, Inc. All Rights Reserved. 10 Speed depends on ...
  11. 11. 11© 2017 Rogue Wave Software, Inc. All Rights Reserved. 11 Speeding up an app is ... Continuous process that involves ● Understand and analyze bottlenecks ○ auto-scaling ○ caching ● Optimize Code / Tune Settings ○ with or without human intervention ● Develop
  12. 12. 12© 2017 Rogue Wave Software, Inc. All Rights Reserved. 12 In PHP speed depends on ... •The Zend PHP Engine •Proven PHP modules •PHP components to allow OpCache, DataCache and PageCache •First class monitoring tools
  13. 13. 13© 2017 Rogue Wave Software, Inc. All Rights Reserved. 13 Zend Server is speed •Perfected from the developers of the Zend PHP engine •With seamless optimizations built in the core •With multiple components that boost your PHP applications •And monitoring that helps you understand your PHP application.
  14. 14. 14© 2017 Rogue Wave Software, Inc. All Rights Reserved. 14 Peace of mind with RIPS Technologies
  15. 15. 17© 2017 Rogue Wave Software, Inc. All Rights Reserved. 17 Top security vulnerabilities used in web attacks websites have at least one medium-severe vulnerability 40% Cross-site scripting Inject malicious JavaScript code rendered by visitors 24% SQL injection Manipulate database query to retrieve sensitive data 7% Path traversal Manipulate file operation to steal sensitive files 4% File inclusion Induce a file for code execution 84%
  16. 16. 18© 2017 Rogue Wave Software, Inc. All Rights Reserved. 18 Security challenges Challenge: Stay up-to-date with all attack techniques / pitfalls Security awareness Challenge: Growing code and team sizes Secure development Challenge: Time to market pressure Security testing Compliance requirements GDPR, PCI DSS, HIPAA, OWASP ASVS, OWASP Top 10
  17. 17. 19© 2017 Rogue Wave Software, Inc. All Rights Reserved. 19 RIPS Code Analysis scans your application ● RIPS scans your source code and detects security bugs ● Technology leader for PHP Static Application Security Testing (SAST) ● Unique language-specific approach, built by security experts
  18. 18. 20© 2017 Rogue Wave Software, Inc. All Rights Reserved. 20 RIPS Code Analysis detects unknown security issues ● Supports PHP 3-7, large code bases, and frameworks ● Scans your source code within minutes for ○ 100+ security vulnerability categories ○ 60+ code quality issue categories ○ 40+ misconfiguration categories ● Track record of unknown vulnerabilities reported in popular cores:
  19. 19. 21© 2017 Rogue Wave Software, Inc. All Rights Reserved. 21 RIPS Code Analysis protects your application ● Seamless integration into every step of your SDLC setup ● Block vulnerable code before it is deployed on your production server sonarqube
  20. 20. 22© 2017 Rogue Wave Software, Inc. All Rights Reserved. 22 Visit us at ZendCon → 15th – 17th October Las Vegas Sponsored by:
  21. 21. 23© 2017 Rogue Wave Software, Inc. All Rights Reserved. 23 Visit us at PHP.Ruhr → 11th November Dortmund Sponsored by:
  22. 22. 24© 2017 Rogue Wave Software, Inc. All Rights Reserved. 24 Interested to give it a test drive?
  23. 23. 25© 2017 Rogue Wave Software, Inc. All Rights Reserved. 25 Competition What we will do: We will contact you to review your projects and pick the three most interesting in terms of scope and complexity. We will help you to install Zend Server including RIPS plugin on your infrastructure for your project and support you during a three month trial phase We are looking to give three projects the chance to test Zend Server and RIPS What you will do: Type “Interested” into the Q&A panel
  24. 24. 26© 2017 Rogue Wave Software, Inc. All Rights Reserved. 26 Click to watch the full webinar
  25. 25. 27© 2017 Rogue Wave Software, Inc. All Rights Reserved. 27 Q&A
  26. 26. 28© 2017 Rogue Wave Software, Inc. All Rights Reserved. 28 Thank You
  27. 27. 29© 2017 Rogue Wave Software, Inc. All Rights Reserved. 29 Speed and security for your PHP application Kai Schmithüsen Account Executive Zend EMEA Slavey Karadzhov Senior Consultant, Professional Services @ RogueWave Johannes Dahse CEO & Co-founder @ RIPS Technologies
  28. 28. 30© 2017 Rogue Wave Software, Inc. All Rights Reserved. 30 References •https://developer.akamai.com/blog/2016/09/14/mobile-load-time-user- abandonment •https://pages.zend.com/rs/zendtechnologies/images/PHP7- Performance%20Infographic.pdf •https://www.zimuel.it/blog/strong-cryptography-in-php •https://www.infopoint-security.de/media/Trustwave_2018- GSR_20180329_Interactive.pdf
  29. 29. 31© 2017 Rogue Wave Software, Inc. All Rights Reserved. 31 Click to watch the full webinar

×