Ik werk graag met de nieuwste tools en programmeer talen maar ik ken ook de ins en outs van de standaard tools en talen zoals: PHP, CSS, HTML5 en git. Ik heb met veel verschillende technieken zoals: NPM, WebSocket, Web Security, Testing, Git Flow en Sass gewerkt.

JobList

PHP
Material Design
Laravel
Landing Page
Bekijk op GitHub

TripSearch

ElasticSearch
GuzzleHttp
Composer
PHP
Bekijk op GitHub

Cars

PHP
Symfony
Material Design
UX
Bekijk op GitHub

CacheDrivers

PHPUnit
Travis CI
Package
Code Coverage
Bekijk op GitHub

Planner

ReactJS
SPA
Laravel
REST API
Bekijk op GitHub

devBlog

Laravel
Blog
CRUD
Bekijk op GitHub

Skills

# My Language Stack

## Back-end

## Front-end

# Server Management

## Server setup

  • Security
  • Software
    • Ubuntu 14.04.5 x64
    • Ubuntu 16.04.1 x64

## Management Tools

  • Webservers
    • Push to deploy script using Deploy keys (.ssh folder with deploy key for www-data user)
    • Nginx/1.10.0
    • Apache
      • ModSecurity 2.9 (Checks cookies, user agents, form requests)

# Security

## Server Security

  • Disable root login
  • Sudo User
  • SSH only login, password login disabled
  • Chroot jail for main (sudo) user
  • Mysql
    • New user for every website
    • Limited his own database(and information schema..)
    • Only permissions that are needed(INSERT, SELECT) and no (DROP / *.*)

## Web Security

  • XSS - <script>alert('hacked!');<script>
    • Markdown to prevent XSS and broken html tags
    • Replace dangerous html tokens with html entities
    • Escape by default {{ MyVariable }}(Laravel's template tag for htmlspecialchars)
  • SQL Injections
    • PDO prepared statements(no more mysql_query 😅)
    • Limited database user rights
    • Binding values to placeholders instead of concatenating the values into the query
  • CSRF
    • Per Session CSRF token
    • Encrypted CRSF token to prevent fiddling with the cookie
    • Validate all requests using CSRF tokens using form fields
  • ClickJacking
    • x-frame-options: DENY HTTP header to prevent IFraming
    • Strict Cookie settings(http only + secure flag)
  • Best Data Storage practices such as:

Accounts