APIs are the foundation of our applications today and need to be secure. From broken authorisation and authentication to injection attacks, the OWASP API Security Top 10 identifies the most critical security issues facing APIs today. In this talk, we'll walk through the items on the list and explore these security flaws and look at how to prevent them. By the end of this session, you'll have a clear understanding of the most critical API security risks and be equipped with the knowledge to build more secure APIs.
APIs are the foundation of our applications today and need to be secure. From broken authorisation and authentication to injection attacks, the OWASP API Security Top 10 identifies the most critical security issues facing APIs today. In this talk, we'll walk through the items on the list and explore these security flaws and look at how to prevent them. By the end of this session, you'll have a clear understanding of the most critical API security risks and be equipped with the knowledge to build more secure APIs.
Strategic DDDPresented at SymfonyCon, November 2025
Domain Driven Design focuses on modelling the domain logic and helps us to map the business requirements to our software. We'll discuss the terminology and take a look at what Domain Driven Design is and see how you use it to make software that meets the needs of its users. Most people seem to concentrate on the tactical patterns in DDD, but the strategic side is where the most benefit can be found. I will concentrate on the on these strategic considerations, particularly the importance of communication at all levels of the project so that by the end of this session you will be better positioned to create excellent, maintainable applications.
OAuth 2 is the gold standard for authentication in APIs and is currently being updated to version 2.1. In this talk we’ll dive into how it works and what’s different from OAuth 2.0. OAuth 2.1 consolidates and simplifies OAuth 2.0 along with bringing the best practices that have evolved since 2.0’s release into the main standard. I’ll discuss how the Authorization grant type has evolved with PKCE to make it the best for nearly all clients, and also cover the best practices to use today in order to secure your API. By the end of this session, you’ll be well prepared for the future of API security.
Should your API be RESTful? What about GraphQL? or RPC? In this session, we'll look at the strengths and weaknesses of these API architectures to help you choose which one makes the most sense for your project.
When you've been tasked with creating an HTTP API, the fundamental decision you need to make is which architecture to choose. Should your API be RESTful? What about GraphQL? or RPC? In this session, I'll explain the choices and how each works. We'll then look at their strengths and weaknesses in order to help guide your decision. By the end of this talk, you'll be well-placed to choose the right API architecture for your project.
OAuth 2 is the gold standard for authentication in APIs and is currently being updated to version 2.1. In this talk we'll dive into how it works and what's different from OAuth 2.0. OAuth 2.1 consolidates and simplifies OAuth 2.0 along with bringing the best practices that have evolved since 2.0's release into the main standard. I'll discuss how the Authorization grant type has evolved with PKCE to make it the best for nearly all clients, and also cover the best practices to use today in order to secure your API. By the end of this session, you'll be well prepared for the future of API security.
OAuth 2 is the gold standard for authentication in APIs and is currently being updated to version 2.1. In this talk we'll dive into how it works and what's different from OAuth 2.0. OAuth 2.1 consolidates and simplifies OAuth 2.0 along with bringing the best practices that have evolved since 2.0's release into the main standard. I'll discuss how the Authorization grant type has evolved with PKCE to make it the best for nearly all clients, and also cover the best practices to use today in order to secure your API. By the end of this session, you'll be well prepared for the future of API security.
Should your API be RESTful? What about GraphQL? or RPC? In this session, we'll look at the strengths and weaknesses of these API architectures to help you choose which one makes the most sense for your project.
When you've been tasked with creating an HTTP API, the fundamental decision you need to make is which architecture to choose. Should your API be RESTful? What about GraphQL? or RPC? In this session, I'll explain the choices and how each works. We'll then look at their strengths and weaknesses in order to help guide your decision. By the end of this talk, you'll be well-placed to choose the right API architecture for your project.
When you've been tasked with creating an HTTP API, the fundamental decision you need to make is which architecture to choose. Should your API be RESTful? What about GraphQL? or RPC? In this session, I'll explain the choices and how each works. We'll then look at their strengths and weaknesses in order to help guide your decision. By the end of this talk, you'll be well-placed to choose the right API architecture for your project.
Domain Driven Design focusses on modelling the domain logic and helps us to map the business requirements to our software. We'll discuss the terminology and take a look at what Domain Driven Design is and see how you use it to build and architect software that meets the needs of its users. This talk will concentrate on the on the strategic considerations in DDD, particularly the importance of communication at all levels of the project and then turn to the tactical patterns, so that by the end of this session you will be better positioned to create excellent, maintainable applications that are fit for purpose.
