Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

IBM Security Intelligence:
The Webshell Game Continues
Jul 20, 2016 @ 11:50:15

On the IBM Security Intelligence site there's a new article posted talking about webshells. For those not familiar with webshells, they're scripts that can be used to control servers or work as a platform to access other systems put in place by attackers. In this article they introduce some of the basics around webshells and the rise they're seeing in their use.

The IBM X-Force Research team reported an increase in PHP C99 webshell attacks in April 2016. More recently, webshells dubbed b374k made their mark with attacks that the team has been tracking over the past few months.

Although this blog highlights some features of the b374k shell, the main objective is to call your attention to the fact that PHP applications are becoming an increasingly popular choice for attackers aiming to glean your data and deface your website without much hard work. This threat should be pushed to the top of your priority list — primarily because of the power of the tool used for this type of attack, but also because of the startling increase in this attack type this year.

They start off with some of the basics of webshells, more related to the PHP versions: what they are, what kind of functionality they commonly provide and an example of the UI of a shell. They then talk about some of the common delivery methods, potential entry points of these attacks and some of the "indicators of compromise" you can use to detect them. They also include mitigations you can perform to rid yourself of these webshells including adding additional plugins/software and locking down features of PHP itself.

tagged: webshell game introduction example features attack security

Link: https://securityintelligence.com/the-webshell-game-continues/

Liip Blog:
A quick look on the current state of Drupal 8 (ecosystem)
Jul 08, 2016 @ 10:26:31

In a new post to the Liip blog Lennart Jegge shares a "quick look" at the current state of the Drupal 8 project and some of the issues some people are having making the transition.

Eight months ago Drupal 8.0.0 was released. Exciting news for drupalists. Since then comparing D8’s features to its predecessor is a topic in daily business. "Can drupal 8 do what we can do now with 7 today?". After playing around with D8 i get the feeling some crucial features are missing.

He shares some of the features he sees as still missing (a Top 10 wishlist) and how it seems difficult to get a good overview of the Drupal 8 ecosystem. Some modules have yet to be updated and rewrites can be difficult given the major "under the covers" changes to Drupal itself.

In the end the importance of a variety of mature modules that play together nicely is crucial when it comes to efficiency, maintainability and stability of a project
tagged: drupal8 ecosystem overview opinion features upgrade issues

Link: https://blog.liip.ch/archive/2016/07/07/quick-look-current-state-drupal-8-ecosystem.html

Laravel News:
Laravel Turns Five
Jun 13, 2016 @ 11:55:54

On the Laravel News site there's a post announcing the official fifth birthday of Laravel, a framework that has definitely made its mark on the community in that short amount of time.

Five years ago today Taylor announced the first release of Laravel to the world. [...] Even though a lot has changed and improved since that first release the code still has that same feel. Like all newborns that first release was very minimal–no controllers, no Eloquent, no templating system. It had enough to get you started but lacked the niceties we now enjoy.

The post also lists some of the things that didn't start out in the framework but have been added since including: Blade, Collections, Eloquent, Queues and Middleware support.

Happy birthday Laravel and a big thank you to Taylor and the entire community.
tagged: laravel framework fifth birthday celebrate features announcement

Link: https://laravel-news.com/2016/06/laravel-turns-five/

Laravel News:
A look at what’s coming to Laravel 5.3
Jun 02, 2016 @ 11:48:55

On the Laravel News site there's a post detailing out some of the new things coming to Laravel 5.3 currently still in development but should be released in the near future.

Laravel 5.3 is currently in development and with all new Laravel releases, new features are being teased out as they are added. Here is a quick look at some of these new features.

The list of these new features includes:

  • Eloquent Collections are cleanly serialized and re-pulled by queued jobs
  • Queue console output changed to show the actual class names
  • First Or Create [now takes additional values]
  • Multiple Migration Paths

There's also a mention of the Laravel Echo functionality that makes in-app broadcasting simpler. For some of the topics there's links to other posts with more information too.

tagged: laravel v53 development features list

Link: https://laravel-news.com/2016/06/look-whats-coming-laravel-5-3/

Medium.com:
Upcoming changes in PHP 7.1
May 16, 2016 @ 11:45:32

In this article on Medium.com Amo Chohan covers some of the changes that are coming to the language in PHP 7.1.

Below are the key changes that will be introduced (or removed) in PHP 7.1. For a full list, and to see which changes are being discussed, check out the official PHP RFC.

Included in the list of updates/additions are things like:

  • Catching multiple exception types
  • Support class constant visibility
  • Void return types
  • Warn about invalid strings in arithmetic
  • Deprecate and remove mcrypt()

He then goes through some of the complete list and provides a brief overview of the change and some code samples where appropriate.

tagged: changes php71 features deprecation examples addition

Link: https://dotdev.co/upcoming-changes-in-php-7-1-76ebea53b820#.ynausa1pm

SitePoint PHP Blog:
An Overview of PHPUnit 5 – What’s New? What’s Coming?
May 10, 2016 @ 09:24:37

On the SitePoint PHP blog there's an article posted talking about the next major version of the PHPUnit unit testing tool - PHPUnit 5. It talks about what's new, what's changed and what has been added to help make your testing more effective.

It was January 2016 when the PHPUnit development team [announced](https://github.com/sebastianbergmann/phpunit/wiki/Release-Announcement-for-PHPUnit-5.0.0) the release of PHPUnit 5.0.

While several minor version have already been released since, PHPUnit’s major version 5 has introduced several new functionalities and deprecated a few others. In this article, we’ll take a look at the most notable changes.

Included in the list of changes the article mentions are things like:

  • the bump up the minimum PHP version requirements (5.6+)
  • new assertion methods
  • deep object cloning
  • passing mocks along with expectations

Several more are included and, with each some code examples or links to other resources for more information.

tagged: phpunit5 overview preview release features changes update

Link: http://www.sitepoint.com/an-overview-of-phpunit-5-whats-new-whats-coming/

SitePoint PHP Blog:
What Is Laravel Valet, and Why All the Fuss?
May 09, 2016 @ 13:29:09

The SitePoint PHP blog has posted an article adding to some of the others about the recently released Laravel Valet tool, providing an overview of the product and what it has to offer.

Valet is a tool which makes spinning up demo or discardable projects a breeze.

It’s a tool which combines some of the default software on OS X with some ideas about filepaths and serving of PHP apps, and some additional tools for skipping the need to modify the /etc/hosts file. Additionally, it allows for forwarding of access to the local application over the public internet when needed.

Unlike Vagrant or Docker It offers no isolation, making all apps use the same globally available software. Why this is important to note will be explained below.

The post then gets into some of "the particulars" the tool has to offer, essentially the "lock in" requirements:

  • OS X only
  • Shared system state (no VMs, only global)
  • Automatic virtual host
  • No dev / prod parity
  • Vendor-lock (with a caveat)
  • Live self-hosted preview

They point out that while Laravel Valet can be a handy tool if this is the tooling and setup you're looking for, it might not be for everyone.

tagged: laravel valet summary overview features requirements

Link: http://www.sitepoint.com/what-is-laravel-valet-and-why-all-the-fuss/

AppDynamics PHP Blog:
Predicting the Future of PHP Security – Part 3
Mar 24, 2016 @ 09:30:15

On the AppDynamics blog there's a post from Omed Habib where he looks at the current state of security in the PHP language and makes predictions about the future of it in PHP and where the language might be heading.

In some ways security is an infinite game of chess on a board the size of the world. For every move you make, the hackers have a countermove ready. They are highly motivated to take what you have, so the game never ends; it just switches players once in awhile. In this final blog in the series, we are going to review the game board, with a look at the most recent changes to security in PHP 7 and earlier supported versions. Then, we’ll try to look a few moves ahead with predictions for the future of PHP security.

In the article he talks about PHP's popularity and how it has somewhat worked against it and its reputation when it comes to secure development. He covers PHP 7 and some of the security-related updates that came with it including:

  • whitelisting classes on unserialize
  • the cryptographically secure random number generator
  • patches for buffer overflows and memory leaks

He ends the post looking at a possible future of the language based on comments made in this other article., suggesting that one possible place for the language to head is into the IoT (Internet of Things) space and interacting with the devices on the other end.

tagged: predictions security language php7 features patches iot direction

Link: https://blog.appdynamics.com/php/predicting-the-future-of-php-security/

Toptal Blog:
Introduction To PHP 7: What's New And What's Gone
Mar 14, 2016 @ 12:04:12

The Toptal blog has a new post talking about PHP 7 including some of the new things it includes (and what's gone from previous versions of the language).

One of the most exciting events in 2015 in the PHP world was the release of PHP 7, 10 years on from the release of the last major version, PHP 5. With a major step forward, PHP 7 introduces plenty of new features and performance upgrades. [...] This guide should serve as a quick tour on what to expect if you plan on moving your existing applications, or building new ones, on top of PHP 7.

He starts with a topic quite a few people wondered about - "where did PHP 6 go?". Following this he gets into some of the performance boosts that PHP 7 brings with it and updates to the "syntactic sugar" it offers developers to make their lives easier. He then gets in to the new features in this version like:

  • Scalar Parameter Types & Return Type Hints
  • Engine Exceptions
  • Anonymous Classes
  • CSPRNG Functions
  • Unicode Codepoint Escape Syntax

He finishes off the article looking at the migration from PHP 5 to PHP 7 and highlights some of the potential compatibility issues that could pop up during the migration.

tagged: php7 introduction features compatibility overview language php5

Link: https://www.toptal.com/php/php-7-performance-features

Freek Van der Herten:
A modern backup solution for Laravel apps
Mar 09, 2016 @ 11:15:54

As Freek Van der Herten mentions in this post to his site the latest release of the Laravel backup package has been released - version 3 - with some major improvements over previous releases.

Today our team released a new major version of laravel-backup. It can backup the files and databases of your application to one or more external filesystems. It uses Laravel’s native cloud filesystem to do this. The package can also notify you via Slack and/or email when something goes wrong with your backups. We’ve also created a dedicated site with full documentation. In this blogpost we want to give you some background of why and how the package was created.

They start out with a bit of history about the package, talking about how they created it to fill their own needs and how its risen in popularity since its release. Following this the post talks about new features in version 3 including:

  • Taking backups
  • Cleaning up old backups
  • Monitoring the health of all backups
  • Sending notifications

There's also some brief mentions of other new features around event hooks and adding additional information to the backup file. There's a bit of code shared to show the quality/readbility of the code and links over to various resources on the documentation site as well. Finally they mention some information about the use of the package in PHP 5 (it has become PHP 7 focused with this release) and some of the alternatives that are out there.

tagged: backup laravel package php7 release improvement features history php5

Link: https://murze.be/2016/03/a-modern-backup-solution-for-laravel-apps/