PHP User Group Munich Meeting

Join us for interesting talks, fun discussions, and be part of the Munich PHP community!

Schedule:

6:30pm - 7:00pm - socializing (with pizza, soft drinks and some beer)
7:00pm - 7:45pm - Let's Encrypt 101
7:45pm - 8:00pm - break
8:00pm - 8:45pm - The day I deleted the OWASP PHP security project

After the second talk there will be the possibility for further discussions.

## Let's Encrypt 101 (Carsten Mahr, TNG Technology Consulting)

It is now nearly three years that Let's Encrypt is publicly issuing TLS certificates to protect e.g. websites in a fully automated fashion and (even better) free of cost. Despite the fact that most established players initially remained rather skeptical of this novel kind of CA, the certificates signed by Let's Encrypt are nowadays trusted by all major operating systems and browsers out of the box. Time to take a closer look!

After demonstrating why you should care about transport layer security I will identify 3 key characteristics of a "secure connection" and show how both cryptography and certificate authorities can play together to constitute such a thing. Based thereupon I will explain how Let's Encrypt is able ensure domain ownership in an automated way, as well as how you can build your very own ACME client relying on Linux on-board means, only.

Carsten is fascinated by programming personal computers as long as he can think of, especially (since inheriting his father's old analog modem) in the context of web development. After taking a minor detour to get his PhD in physics he joined TNG Technology Consulting in 2018, and as of now is a consultant and software developer for an internationally operating telecommunications corporation.

## The day I deleted the OWASP PHP security project (Sven Rautenberg, Vodafone)

It's story time. I'll take you on a journey back to the year 2013 when I bumped into a seemingly innocent project attempt. Funded by Google's "summer of code", a few random individuals started to create "a secure PHP library". What did they want to achieve, and how? What were the good and bad things they tried to solve? How long did the project last and why went it downhill in the end?

You will get to know the human aspects of my two-year project participation, but I will also present some of the ideas and implementations, both bad and good, to allow you to recognize how security problems may look like.

Sven has over 18 years of experience in PHP, and for the last 8 years, he's developing HTTP-APIs at Vodafone Kabel Deutschland. He is automating things in the build toolchain, maintaining the deployment tool, has fun with dependency-injecting objects into objects and still loves the Slim 3 micro framework.