Speed and security for your PHP application
Download as PPTX, PDF0 likes332 views
The document discusses the importance of speed and security for PHP applications, emphasizing that slow sites can lead to significant revenue losses and highlighting the high frequency of cyber attacks. It introduces Zend Server as a solution for optimizing PHP performance while ensuring security through effective code analysis. The document also covers common vulnerabilities and encourages engagement with a trial opportunity for potential users.
Speed and security for your PHP application
- 1. 1© 2017 Rogue Wave Software, Inc. All Rights Reserved. 1 Speed and security for your PHP application
- 2. 2© 2017 Rogue Wave Software, Inc. All Rights Reserved. 2 Slavey Karadzhov Senior solutions consultant Rogue Wave Software Presenters Dr. Johannes Dahse CEO & Co-Founder RIPS Technologies Kai Schmithuesen Account executive - Zend Rogue Wave Software
- 3. 3© 2017 Rogue Wave Software, Inc. All Rights Reserved. 3 Agenda
- 4. 4© 2017 Rogue Wave Software, Inc. All Rights Reserved. 4 Agenda • The importance of speed and security for your business • Boosting your PHP with Zend Server – Understand and analyze bottlenecks – Optimize Code / Tune Settings – Develop • Fast but is it secure – Analyze your source code with ease – Protect production servers from vulnerabilities • Competition • Q&A
- 5. 5© 2017 Rogue Wave Software, Inc. All Rights Reserved. 5 Click to watch the full webinar
- 6. 6© 2017 Rogue Wave Software, Inc. All Rights Reserved. 6 The importance of speed and security for your business
- 7. 7© 2017 Rogue Wave Software, Inc. All Rights Reserved. 7 How performance impacts your business If an e-commerce site is making $100,000 per day, a 1 second page delay could potentially cost you $2.5 million in lost sales every year Mobile sites that loaded in 5 seconds earned almost double the revenue of sites that took 19 seconds to load 73% of mobile internet users have encountered a website that was too slow to load 51% of mobile internet users have encountered a website that crashed, froze, or received an error A 1 second delay in page response can result in a 7% reduction in conversions 47% of consumers expect a web page to load in 2 seconds or less
- 8. 8© 2017 Rogue Wave Software, Inc. All Rights Reserved. 8 How security impacts your business ● Cyber criminals perform 1,000,000 web attacks per day ● General web attacks affect everyone ○ Website infection for malware/phishing campaigns ○ Web server compromise for botnets, DDoS attacks ● Targeted web attacks ○ Steal intellectual property ○ Steal sensitive data (credit cards, PII, passwords) ● $200,000 average data breach costs ● 50,000 websites are hacked daily
- 9. 9© 2017 Rogue Wave Software, Inc. All Rights Reserved. 9 Get up to speed with Zend Server
- 10. 10© 2017 Rogue Wave Software, Inc. All Rights Reserved. 10 Speed depends on ...
- 11. 11© 2017 Rogue Wave Software, Inc. All Rights Reserved. 11 Speeding up an app is ... Continuous process that involves ● Understand and analyze bottlenecks ○ auto-scaling ○ caching ● Optimize Code / Tune Settings ○ with or without human intervention ● Develop
- 12. 12© 2017 Rogue Wave Software, Inc. All Rights Reserved. 12 In PHP speed depends on ... •The Zend PHP Engine •Proven PHP modules •PHP components to allow OpCache, DataCache and PageCache •First class monitoring tools
- 13. 13© 2017 Rogue Wave Software, Inc. All Rights Reserved. 13 Zend Server is speed •Perfected from the developers of the Zend PHP engine •With seamless optimizations built in the core •With multiple components that boost your PHP applications •And monitoring that helps you understand your PHP application.
- 14. 14© 2017 Rogue Wave Software, Inc. All Rights Reserved. 14 Peace of mind with RIPS Technologies
- 15. 17© 2017 Rogue Wave Software, Inc. All Rights Reserved. 17 Top security vulnerabilities used in web attacks websites have at least one medium-severe vulnerability 40% Cross-site scripting Inject malicious JavaScript code rendered by visitors 24% SQL injection Manipulate database query to retrieve sensitive data 7% Path traversal Manipulate file operation to steal sensitive files 4% File inclusion Induce a file for code execution 84%
- 16. 18© 2017 Rogue Wave Software, Inc. All Rights Reserved. 18 Security challenges Challenge: Stay up-to-date with all attack techniques / pitfalls Security awareness Challenge: Growing code and team sizes Secure development Challenge: Time to market pressure Security testing Compliance requirements GDPR, PCI DSS, HIPAA, OWASP ASVS, OWASP Top 10
- 17. 19© 2017 Rogue Wave Software, Inc. All Rights Reserved. 19 RIPS Code Analysis scans your application ● RIPS scans your source code and detects security bugs ● Technology leader for PHP Static Application Security Testing (SAST) ● Unique language-specific approach, built by security experts
- 18. 20© 2017 Rogue Wave Software, Inc. All Rights Reserved. 20 RIPS Code Analysis detects unknown security issues ● Supports PHP 3-7, large code bases, and frameworks ● Scans your source code within minutes for ○ 100+ security vulnerability categories ○ 60+ code quality issue categories ○ 40+ misconfiguration categories ● Track record of unknown vulnerabilities reported in popular cores:
- 19. 21© 2017 Rogue Wave Software, Inc. All Rights Reserved. 21 RIPS Code Analysis protects your application ● Seamless integration into every step of your SDLC setup ● Block vulnerable code before it is deployed on your production server sonarqube
- 20. 22© 2017 Rogue Wave Software, Inc. All Rights Reserved. 22 Visit us at ZendCon → 15th – 17th October Las Vegas Sponsored by:
- 21. 23© 2017 Rogue Wave Software, Inc. All Rights Reserved. 23 Visit us at PHP.Ruhr → 11th November Dortmund Sponsored by:
- 22. 24© 2017 Rogue Wave Software, Inc. All Rights Reserved. 24 Interested to give it a test drive?
- 23. 25© 2017 Rogue Wave Software, Inc. All Rights Reserved. 25 Competition What we will do: We will contact you to review your projects and pick the three most interesting in terms of scope and complexity. We will help you to install Zend Server including RIPS plugin on your infrastructure for your project and support you during a three month trial phase We are looking to give three projects the chance to test Zend Server and RIPS What you will do: Type “Interested” into the Q&A panel
- 24. 26© 2017 Rogue Wave Software, Inc. All Rights Reserved. 26 Click to watch the full webinar
- 25. 27© 2017 Rogue Wave Software, Inc. All Rights Reserved. 27 Q&A
- 26. 28© 2017 Rogue Wave Software, Inc. All Rights Reserved. 28 Thank You
- 27. 29© 2017 Rogue Wave Software, Inc. All Rights Reserved. 29 Speed and security for your PHP application Kai Schmithüsen Account Executive Zend EMEA Slavey Karadzhov Senior Consultant, Professional Services @ RogueWave Johannes Dahse CEO & Co-founder @ RIPS Technologies
- 28. 30© 2017 Rogue Wave Software, Inc. All Rights Reserved. 30 References •https://developer.akamai.com/blog/2016/09/14/mobile-load-time-user- abandonment •https://pages.zend.com/rs/zendtechnologies/images/PHP7- Performance%20Infographic.pdf •https://www.zimuel.it/blog/strong-cryptography-in-php •https://www.infopoint-security.de/media/Trustwave_2018- GSR_20180329_Interactive.pdf
- 29. 31© 2017 Rogue Wave Software, Inc. All Rights Reserved. 31 Click to watch the full webinar