I regularly share what I know about software development, security, and software craftmanship. Here is a collection of recent articles.

Why Web Application Firewalls fail to protect web applications

tagged with: Security, DevOps, Firewall, Web Application Firewall, Sqreen

You’ve likely heard of a firewall, but do you know what a Web Application Firewall (WAF) is? This article steps you through what it is, how it works, why they’re beneficial, but also how they’re not always the best way to secure you software applications. Read the article.

What is SecDevOps and why should you care?

tagged with: DevOps, Sqreen, SecDevOps, Security

If you’ve been actively involved in software development in recent years, then you should be aware of the term “DevOps.” But do you know about SecDevOps? If not, this post will step you through where it came from, what is it, and what you need to know about it. Read the article.

Securing Legacy Applications

tagged with: Legacy Applications, Sqreen, Software Development

Legacy applications. If there’s one thing that developers agree on, it’s that they don’t want to work on them. If not that, it’s that they’re often, by default, assumed to be insecure. These beliefs aren’t without some justification. So in this post, I’m going to walk you through a series of approaches and techniques which you can use to help ensure that your legacy applications are either as secure as they can be or are becoming ever more secure. Read the article.

OWASP Top 10 Cheat Sheet for Startup CTOs

tagged with: Sqreen, Software Development, Security

This post step through the anatomy of an application vulnerability, then steps through several ways in which you can reduce your application’s vulnerability. In doing so, we’ll also reduce your application’s level of vulnerability. Read the article.

How To Choose Your CI Tool

tagged with: Continuous Integration, Continuous Deployment, Sqreen

Software creation is a complicated process at the best of times; wouldn’t you agree? Given that, any process, or tool which reduces said complication is a valuable thing. It’s for this reason that Continuous Integration (CI) has become increasingly accepted among professional software developers over several decades. This post discusses eleven ways to choose your CI tool. Read the article.

Getting Developers to Care More About Security

tagged with: Sqreen, Software Development, Sqreen

Security, it’s a topic that’s become near and dear to my heart as a software developer. But that doesn’t mean that every developer shares my perspective. What’s more, we’re a funny breed. Despite being surrounded by so much of the most modern technology, we can often drag our feet on things that we know, somewhere deep down inside, we should be better skilled at. This post discusses how to get software engineers to take security more seriously. Read the article.

10 Best Practices to Build Secure Applications

tagged with: Software Development, Sqreen, Security

In this post, I consider ten best practices which will help you and your team secure the web applications which you develop and maintain. I’d like to think that these won’t be the usual top 10, but rather something a little different. Read the article.

Logfmt: A Log Format That’s Easy To Read and Write

tagged with: Codeship, Logging

You don’t need to be a logging expert to know that when it comes to logging in applications, there’s a wide variety of options to choose from. There’s the Common Log Format, the Combined Log Format, and Nginx’s log format; and on and on the list goes. But are any of these really the right? Read the article.

Where Is the Deployment Space Heading?

tagged with: Continuous Integration, Continuous Deployment, Codeship, Deployment

With all the time I’ve spent of late assessing different deployment options, it seemed pertinent to stop for a moment and see where the deployment space is heading over the next couple of years. Read the article.

The Pros and Cons of Hosted Versus On-Premise CI

tagged with: Continuous Integration, Codeship, Deployment

Should you opt for an on-premise CI solution or a hosted CI solution? It’s one of those never-ending questions, a lot like "should I use tabs or spaces?" I don’t know that I nor anyone else is ever going to end this debate about continuous integration decisively. But what I can do, what I’m going to do in this post, is to compare and contrast some of the pros and cons of hosted versus on-premise CI solutions. Read the article.

Why Continuous Integration Is Important

tagged with: Continuous Integration, Codeship

There are many reasons often cited for why continuous integration is necessary, but none are so important, so essential, as trust. This post shows why continuous integration is not only important, it’s essential. Read the article.

Software Automation On a Budget

tagged with: Continuous Integration, Continuous Deployment, Codeship, Deployment, Software Automation

While it is important to maintain a more short-term focus during the bootstrapping stage, businesses must think about handling long-term costs. Given that, a well-thought-out software automation solution should be considered almost right from the outset. In this post, I show you how to do that, by stepping through creating software automation solutions for almost any budget. Read the article.

Reduce Production Bugs with Continuous Integration

tagged with: Continuous Integration, Codeship, Deployment

Continuous integration is so often preached from the pulpit of careful software craftsmanship that you might think it’s nothing more than KoolAid. However, continuous integration is neither transitory nor hollow; it’s a valuable and scientifically verifiable means of reducing production bugs. Today, let’s step through how CI does that. Read the article.

Getting Started With Laravel On Codeship

tagged with: Continuous Integration, Continuous Deployment, Codeship, Deployment, Laravel

In this post, I begin a series that shows you how to use Codeship as part of your CI workflow so that you can deploy your applications with a minimum of fuss and effort. Read the article.

Five Ways Docker Can Reduce Startup Time for New Hires

tagged with: Codeship, Docker, Software Developers

Regardless of an organization’s size, onboarding new developers and getting them up to speed as quickly as possible remains a distinct challenge. The longer the time between being hired and being productive, the more expensive the investment — especially when talking about more experienced developers. This article discusses five ways Docker can reduce that time. Read the article.

5 Reasons Automated Testing Is Worth the Investment

tagged with: Automated Testing, Software Development, Codeship, Software Testing

In many engineering disciplines, testing is an accepted practice. It’s not something considered an afterthought or a separate process. It’s seen as a core part of the profession. Something you do without exception. But in software development, testing doesn’t seem to be quite so absolute — yet. Let’s explore five reasons why it should be. Read the article.

Testing PHP Code with Atoum - an Alternative to PHPUnit

tagged with: Software Testing, Unit Tests, PHPUnit, Atoum, SitePoint, PHP

If you’ve been around PHP for more than a little while, you’ve no doubt tested your code with PHPUnit the de facto standard in the PHP community. But it’s not the only choice. Other choices abound, one of which I’m going to take you through in this tutorial; it’s called Atoum Read the article.

Writing PHP Git Hooks with Static Review

tagged with: Version Control, Git, SitePoint, PHP, Git Hooks

Thanks to Static Review, by Samuel Parkinson, you can now write Git hooks with native PHP, optionally building on the existing core classes. In this post, I’m going to give you a tour of what’s on offer, finishing up by writing a custom class to check for any lingering calls to var_dump(). Read the article.

How I Set Up My Mac Development Machine

tagged with: Software Development, macOS, SitePoint

Two recent articles on SitePoint talked about how people set up their development environments. Zack Wallace talked about setting up a Windows development environment, and Shaumik Daityari talked about his experience working with Ubuntu Linux. In this article, I want to talk about how I set up a development environment on Mac OS X. Read the article.

Email Debugging with MailCatcher

tagged with: PHP, MailCatcher, Email, SitePoint, Testing

I wrote this article for SitePoint to show developers how to test their application's email functionality, as close to production as possible, using MailCatcher. Read the article.

Unit Testing with GuzzlePHP

tagged with: Mocks, PHP, Stubs, Unit Testing

A follow up to the GuzzlePHP intro by Miguel Romero; the article shows the user how to use Guzzle to test network client software. Read the article.

Founded Master Zend Framework

tagged with: Master Zend Framework, PHP, Zend Framework

I founded, and write weekly for, Master Zend Framework, which teaches developers all there is to know about the Zend Framework, from basics to advanced.

Monthly Column in PHP Architect Magazine

tagged with: PHP Architect, PHP

For two years, I've written the Education Station column in PHP Architect magazine; introducing PHP developers to new technologies, services and concepts.

Politics Often Hold the Community Back

tagged with: Bruno Škvorc, Gary Hockin, Mailchimp, PHP

This is the final part of the interview series, discussing PHP as a professional language. Here, I interviewed Sitepoint's PHP channel editor, Bruno Škvorc, and Gary Hockin from Roave. Read the article.

Getting Started with Go

tagged with: Golang, Google, Imports, Structs

This is an introductory article to the Go language from Google. I walked the user through setting up their environment and creating an application, using imports, structs and functions. Read the article.

Composer Cheatsheet

tagged with: Composer, PHP

This post takes the user through the Composer cheat sheet. It covers the two sections covering the command line and composer.json file and an intro screencast. Read the article.

Who Needs MySQL When There Is IndexedDB?

tagged with: HTML5, IndexedDb, New Relic, WebSQL

Written for the New Relic blog, this post explores the possibility of using HTML5's IndexedDB, instead of MySQL, as a data source for web-based applications and why it's better than WebSQL. Read the article.

Introduction to Git – Round 2 (Advanced)

tagged with: Git, Interactive Rebasing, Version Control

Picking up from Sean Hudgston's Introduction to Git, this post looks at some of the advanced features of Git, such as rebasing, exporting a repository, basic rebasing, commit reordering, commit splitting and commit merging. Read the article.

Better Responsive Website Testing in Google Chrome

tagged with: Responsive Design, SitePoint, Testing, Google Chrome

Is your site mobile-aware? Is it truly responsive? If it’s not, according to eMarketer, there are expected to be more than 1.75 billion smartphone users this year. By 2017 global mobile phone penetration will rise to 69.4% of the population. Whether you like it or not, if you don’t get on the bandwagon, that site you’ve invested so heavily in may soon have a very limited audience. Read the article.

Are FTP Programs Secure?

tagged with: Security, FTP, SitePoint

Do you deploy or transfer files using FTP? Given the age of the protocol and its wildly popular nature amongst a wide number of hosting companies, it’s fair to say you might. But are you aware of the security issues this may open up for you and your business? Let’s consider the situation in-depth. Read the article.

Essentials of LDAP with PHP

tagged with: Software Development, PHP, SitePoint, LDAP

Ever wanted a simple way to store address book style information and network information actually next to any kind of ordered information? If so, then there’s a technology which has been around since 1993, one which despite not having the cool factor of such technologies as Node.js and Go, allows you to do exactly this. It’s called LDAP! Read the article.

How Do You Work With Other People's Code?

tagged with: Programming, Legacy Code, PHP, SitePoint

Dealing with code created by other people is a fundamental skill for a developer. Give it a year and other people’s code could even be your own. Today I’m going to look at some of the best approaches for how to deal with other people’s code, read legacy code, effectively. Read the article.

6 Real-World Networking Tips for Developers

tagged with: Networking, Developers, SitePoint

It’s often said that developers and computer types don’t have many social graces or inter-personal skills; but I’m sure we all know that’s more caricature than fact. However, even if we’re more on the extroverted than introverted end of the scale, we can find it difficult, even intimidating to get out there and meet people to press the flesh, if you will. In this article, I show you 6 ways you can start using today. Read the article.

Arrays, Slices and Basic OOP in Go

tagged with: Golang, SitePoint

Recently I wrote an introduction to using Go, looking at what it is, how to install it, and how to get your environment ready. In this article, we’ll build on that foundation, by looking at a few new concepts; specifically: Arrays & Slices, Maps, & Methods Read the article.

Go: Building Web Applications With Beego

tagged with: Golang, SitePoint, PHP

Are you a web application developer coming to Go from a dynamic language as PHP, Python or Ruby, and wondering how to develop web-based applications using it? Are you wondering how to develop in a manner analogous to your existing frameworks, where you can leverage your existing knowledge? Then this is the series for you. Read the article.

Go: Building Web Applications With Beego - Part 2

tagged with: SitePoint, Golang

In this, the second part of the Beego series, we’ll be getting into more of the fun aspects of building a web application by integrating a database, specifically with SQLite3, as well as looking at models, forms and validation. I hope you are ready to go, as this is going to be a good ride through to the end. Read the article.

Have You Thought About Cloud Security?

tagged with: Continuous Deployment, SitePoint, Deployment

The cloud, everyone’s racing to be there, the blogs and forums are a buzz – and have been for some time now. Personally though I feel that cloud computing isn’t necessarily new. It’s a new enough take on how we design, deploy and manage application and computing services and is worth the excitement. With so much excitement around, cloud security tend to be given a lesser importance than it deserves. Read the article.

Inattention Blindness - Missing the Obvious

tagged with: SitePoint, PHP, Psychology

Your code isn’t working! You don’t know why and you’ve been staring at it for what seems like hours. You’re grumpy. You’re falling behind schedule. You’re getting increasingly irritated. Why doesn’t it work? Why can’t you see the bug? It can’t be so hard to find, can it? Read the article.

PHPFog is Coming to an End - But Don't Panic!

tagged with: Continuous Integration, Continuous Deployment, Deployment, PHPFog, SitePoint, PHP

Have you heard PHPFog is coming to an end? No, well – it is. That’s right, in a recent announcement on their mailing list, the company has said that PHPFog will be no more by the end of January, 2013. But if you’re on their platform, don’t panic! The new, combined platform may be even better than what you’re accustomed to with them now. Read the article.

tagged with:

tagged with: