"Senior Full Stack Engineer (PHP/Laravel • Node.js/NestJS • Next.js/Electron)"
About
Work Experience
Articles
-
Bypassing WAF via Charset Confusion: The Story of CVE-2026-21876 | DevSense
securityDiscover how CVE-2026-21876 allows attackers to bypass the OWASP ModSecurity Core Rule Set (CRS) using multipart charset confusion and variable overwriting in rule 922110.
-
File Upload Vulnerabilities: Bypassing Filters to Remote Code Execution (RCE) | DevSense
securityMaster the mechanics of secure file uploads. Learn how attackers bypass client-side checks, exploit extension blacklists, override web server configurations, and how to write secure Laravel code.
-
Advanced File Upload Attacks: Bypass Techniques and Secure Defenses
securityA comprehensive developer guide on advanced file upload vulnerabilities, including MIME bypass, polyglot images, Zip Slip, SVG XSS, PDF SSRF, and secure Laravel implementations.
-
Effective XSS Vulnerability Hunting: From alert() to RCE | DevSense
securityMaster the art of finding and exploiting Cross-Site Scripting (XSS) vulnerabilities. Learn how to build universal payloads, bypass filters, and escalate XSS to RCE with real-world Bug Bounty cases.
-
Redis Deep Dive: Single-Threaded Architecture, Memory Structures, Persistence, and Eviction Policies | DevSense
architectureMaster Redis internals. Learn why single-threaded execution is fast, explore in-memory data structures, compare AOF vs RDB persistence, and configure memory eviction policies.
-
SSRF & Secure File Uploads: Preventing Server-Side Request Forgery and Remote Code Execution | DevSense
securitySecure your backend infrastructure. Learn how to prevent Server-Side Request Forgery (SSRF) and malicious file uploads leading to Remote Code Execution (RCE).
-
Web Application Vulnerabilities & Mitigations: SQLi, Command Injection, XSS, CSRF & IDOR | DevSense
securityProtect your PHP applications from common web vulnerabilities. Learn how to prevent SQL Injection, Command Injection, XSS, CSRF, and IDOR with secure code examples.
-
Server & Infrastructure Hardening: Security Headers, TLS, Rate Limiting, and Secret Management | DevSense
securityHardening your web server and application infrastructure. Learn how to configure HTTP security headers, TLS ciphers, rate limiters, secure secrets, and database isolation.
-
Software Design Antipatterns: Spaghetti, God Object, Golden Hammer & Cargo Cult | DevSense
architectureMaster software design by identifying and avoiding common antipatterns in PHP. Learn how to refactor Spaghetti Code, God Objects, Golden Hammer, Premature Optimization, and Cargo Culting.
-
Microservice Antipatterns: Distributed Monolith, Shared Database & Chatty Services | DevSense
microservicesAvoid critical mistakes in distributed architectures. Learn how to identify and refactor microservices antipatterns: Shared Database, Distributed Monolith, and Chatty Services.
-
Microservice Architectural Patterns: Saga, CQRS, Event Sourcing & Circuit Breaker | DevSense
microservicesMaster distributed systems architecture. Deep dive into Database-per-service, Saga pattern, CQRS, Event Sourcing, Circuit Breakers, and Service Discovery in PHP.
-
GoF Behavioral Design Patterns: Chain of Responsibility, Observer, Strategy & Command | DevSense
architectureAn in-depth guide to GoF behavioral design patterns in PHP: Strategy, Observer, Chain of Responsibility, Command, Iterator, Mediator, Memento, State, Template Method, Visitor, and Interpreter with clean PHP code examples.
-
GoF Structural Design Patterns: Adapter, Decorator, Facade & Proxy | DevSense
architectureAn in-depth guide to GoF structural design patterns in PHP: Adapter, Bridge, Composite, Decorator, Facade, Flyweight, and Proxy with clean PHP code examples.
-
GoF Creational Design Patterns: Singleton, Factory, Builder & Prototype | DevSense
architectureA deep dive into GoF creational design patterns in PHP: Singleton, Factory Method, Abstract Factory, Builder, and Prototype with strict types and real-world examples.
-
Git Hygiene and Monorepos: Atomic Commits, Rebasing, and Microservices CI/CD
architectureA comprehensive developer's guide to Git hygiene, atomic commits, conventional commits, merging vs. rebasing, interactive rebase, monorepos vs. polyrepos, and optimizing CI/CD workflows.
-
Database and Distributed Transactions: Isolation, Locks, and Consensus Patterns
architectureA comprehensive deep dive into database transactions, race conditions, optimistic vs pessimistic locking, Redis-based distributed locks, 2PC, Saga orchestration/choreography, and the Transactional Outbox pattern with message brokers.
-
Monolith to Microservices: Request Lifecycle, Data Aggregation, and Fault Tolerance | DevSense
architectureA comprehensive guide to transitioning to microservices architecture: data aggregation, gRPC vs RabbitMQ, fault tolerance, and service scaling.
-
PHP Basics & Global Variables: Scope & Superglobals | DevSense
phpA comprehensive guide to PHP variable scopes (local, global, static) and all superglobals. Learn best practices, security traps, and PHP 8.1+ restrictions.
-
Functional PHP: Closures, Callables, and Modern Array APIs | DevSense
phpMaster functional programming in PHP. Learn closures, arrow functions (7.4+), first-class callable syntax (8.1+), modern array methods (8.4+), and pure functions.
-
PHP OOP Fundamentals: From Core Concepts to Asymmetric Visibility | DevSense
phpMaster modern Object-Oriented Programming in PHP. Learn encapsulation, inheritance, interfaces, abstract classes, traits, anonymous classes (7.0+), readonly properties (8.1+), readonly classes (8.2+), and asymmetric visibility (8.4+).
-
PHP Magic Methods: Under the Hood of Dynamic OOP | DevSense
phpA comprehensive developer's guide to PHP magic methods. Explore constructor property promotion, dynamic property/method overloading, serialization evolution, and the performance and static analysis trade-offs of magic methods.
-
PHP 8.3: Typed Constants, #[Override], json_validate & Upgrade Notes | DevSense
phpPHP 8.3 from 8.2: #[Override], typed class constants, readonly clone tweaks, json_validate, str_increment/str_decrement, safer range() and proc_get_status(), assert INI deprecation, and migration pitfalls.
-
PHP 8.4: Property Hooks, Lazy Objects, New DOM & Migration Guide | DevSense
phpPHP 8.4 upgrade notes (from 8.3): Property Hooks, asymmetric visibility, Lazy Objects, #[Deprecated], request_parse_body(), new Dom\* API, new array_* helpers, and the most important BC breaks & deprecations.
-
PHP 8.5: Pipe Operator, NoDiscard, URI Extension & Migration | DevSense
phpPHP 8.5 from 8.4: |> pipe operator, #[NoDiscard] and (void), closures in constant expressions, ext/uri, FILTER_THROW_ON_FAILURE, Opcache in binary, PDO fetch constant changes, and deprecations to plan for.
-
PHP on the server: FPM, Swoole, workers & event-loop runtimes | DevSense
phpMaster modern PHP execution environments: Compare PHP-FPM, long-lived application servers (Swoole, RoadRunner, FrankenPHP), and ReactPHP/AMPHP async event loops, while avoiding memory leaks.
-
Laravel Sail: databases, Redis, Postgres, MongoDB, RabbitMQ in Docker Compose | DevSense
toolsCompose-first recipes for Laravel Sail: add Redis, switch to PostgreSQL, run MongoDB with the PHP extension, RabbitMQ sidecar, Mailpit and Meilisearch wiring, healthchecks and named volumes.
-
Database Indexes: Under the Hood and Deep Dive
architectureA comprehensive developer's guide to B+Trees in InnoDB, Heap structures in Postgres, index node pointers, composite index rules, advanced index types, and write amplification.
-
Laravel Sail: queue workers, Horizon, Redis, RabbitMQ & failed jobs | DevSense
toolsRun Laravel queues inside Sail: sync vs redis vs database, queue:work and Horizon locally, RabbitMQ with community drivers, failed_jobs, queue:restart, and how production differs.
-
Laravel Sail: troubleshooting WSL2, permissions, ports, rebuilds, OPcache & Vite | DevSense
toolsFix common Laravel Sail pain points: WSL2 file sync, UID/GID and storage permissions, FORWARD_* port clashes, stale Docker layers, OPcache and Xdebug in dev, npm/Vite split host vs container, and safe volume resets.
-
Laravel Sail: Docker local stack, PHP versions, Redis, Postgres, queues & deploy notes | DevSense
toolsPractical Laravel Sail guide: change PHP version, add Redis or RabbitMQ, switch MySQL to PostgreSQL, MongoDB notes, queue workers in containers, env separation, and how Sail differs from dev/staging/production servers.
-
Senior PHP Developer (Laravel)
jobsJoin the DevSense team as a Senior PHP Developer to work on high-traffic documentation platforms, APIs, and microservices ecosystems.
-
Laravel Sail: .env layout, port forwards, CI, and local vs production | DevSense
toolsSplit Laravel Sail and host configuration: .env.example, FORWARD_* ports, APP_URL in Docker, optional env_file, GitHub Actions with docker compose, and checklists when Sail is not your server.
-
Databases under load: queries, indexes, MySQL vs Postgres, scaling | DevSense
architectureHow to optimize SQL and schema, choose index types, when database-side logic becomes a liability, how MySQL and PostgreSQL differ in production, and what vertical scale, replicas, decomposition, and sharding really cost.
-
Database Query Optimization: Master Class
architectureLearn how to read EXPLAIN and EXPLAIN ANALYZE, optimize JOINs and CTEs, implement keyset pagination, and understand database engine MVCC load behaviors.
-
Designing high-load event ingestion systems | DevSense
architectureHow to handle thousands of incoming HTTP events per second: edge validation, buffering layers, batch writing to storage, and avoiding database connection starvation under spike load.
-
Message queues compared: Redis, RabbitMQ, Kafka | DevSense
architectureHow to choose a broker for async work: comparing memory queues (Redis), AMQP brokers (RabbitMQ), and commit logs (Kafka) based on ordering, scale, durability, and operational cost.
-
Observability: logs, metrics, and health for Laravel and microservices | DevSense
architectureHow to monitor application state across environments and load: structured logging, metrics, traces, correlation IDs across services, and a practical spectrum of tools from classic syslog to Prometheus, Loki, OpenTelemetry, and SaaS APM.
-
PHP apps and the database connection pool bottleneck | DevSense
architectureWhy PHP-FPM and workers multiply database sessions, how middle-tier poolers and proxies share real server connections, and what Laravel teams should know about PgBouncer modes, ProxySQL, and prepared statements.
-
Web attacks & defenses: XSS, CSRF, SQLi, SSRF, IDOR, and file uploads | DevSense
architectureThe web attacks you’ll meet most often: injections (SQL/command), XSS, CSRF, IDOR/access-control bugs, SSRF, unsafe file uploads, clickjacking, and configuration pitfalls. Practical mitigations, headers, and checklists.
-
API Gateway Architecture: PHP, Node, Go, Rust, gRPC & RabbitMQ | DevSense
microservicesHow to design an API gateway at the edge of your microservice mesh: comparing PHP, Node, Go, and Rust, managing internal gRPC and RabbitMQ traffic, and avoiding common routing pitfalls.
-
PHP 5.3: Namespaces, Closures, Late Static Binding & Migration | DevSense
phpUpgrade guide for PHP 5.3: Master namespaces, late static binding, closures, NOWDOC, Phar, and cycles garbage collection while navigating fatal BC breaks like deprecated ereg and call-time pass-by-reference removal.
-
PHP 5.4: Traits, Short Arrays [], Built-in Server & Migration | DevSense
phpPHP 5.4 upgrade guide: Learn traits, short array syntax, callable type hints, automatic $this in closures, and how to migrate legacy code after the removal of magic quotes and register_globals.
-
PHP 5.5: Generators, finally, password_* API & Migration | DevSense
phpPHP 5.5 upgrade guide: Learn memory-efficient generators (yield), try-catch finally blocks, the native password hashing API, ClassName::class syntax, and how to migrate away from deprecated mysql and preg_replace /e.
-
PHP 5.6: Variadics, Argument Unpacking, ** & Migration | DevSense
phpPHP 5.6 upgrade guide: Learn variadic parameters, argument unpacking with ..., the exponentiation operator **, use function/const namespace imports, constant expressions, hash_equals, and strict SSL/TLS defaults.
-
PHP 7.0 from 5.6: Zend Engine 3, Scalar Types, ??, <=> & Migration | DevSense
phpPHP 7.0 upgrade guide: scalar type declarations, return types, null coalescing (??), spaceship operator (<=>), anonymous classes, Throwable, CSPRNG, and major BC breaks.
-
PHP 7.1 from 7.0: Nullables, void, Symmetric Destructuring & Migration | DevSense
phpPHP 7.1 upgrade guide: nullable types, void returns, class constant visibility, symmetric array destructuring, iterable pseudo-type, multi-catch, negative string offsets, and BC breaks.
-
PHP 7.2 from 7.1: object Type, Widening, Libsodium & Migration | DevSense
phpPHP 7.2 upgrade guide: object type hint, parameter type widening, PDO debug dumps, LDAP EXOP, addrinfo sockets API, libsodium—plus BC (count, get_class, object/array casts) and mcrypt removed to PECL.
-
PHP 7.3 from 7.2: Flexible Heredoc, JSON Exceptions, PCRE2 & Migration | DevSense
phpPHP 7.3 upgrade guide: flexible heredoc/nowdoc, trailing commas in calls, reference destructuring, is_countable, array_key_first/last, JsonException, Argon2id, PCRE2—and BC breaks that affect real code.
-
PHP 7.4 from 7.3: Typed Properties, Arrow Functions, FFI & Migration | DevSense
phpPHP 7.4 upgrade guide: typed properties, arrow functions, variance, ??=, spread in arrays, WeakReference, __serialize/__unserialize, OPcache preloading, FFI—and the BC breaks that hit real apps.
-
PHP 8.0 from PHP 7.4: JIT, Union Types, Match & Nullsafe — Upgrade Guide | DevSense
phpExplore PHP 8.0 after 7.4: named arguments, match, nullsafe, attributes, JIT, union types—what breaks, what to rewrite, and runnable examples.
-
PHP 8.1: Enums, Fibers, Readonly & Intersection Types — PHP Upgrade Guide | DevSense
phpPHP 8.1 after 8.0: enums, readonly properties, fibers, intersection/never types, first-class callables—plus $GLOBALS rules, MySQLi exceptions, and a deprecation watchlist.
-
PHP 8.2: What’s New — Types, Readonly Classes, Security & Migration | DevSense
phpPHP 8.2 guide: readonly classes, standalone null/false/true types, DNF types, #[SensitiveParameter], Random extension, dynamic property deprecations, and BC breaks from 8.1.