Vincent Amstoutz

Hunting Vulnerabilities in Symfony with LLMs

Mon, 15 Jun 2026 00:00:00 -0400

Talk given at the SymfonyOnline June 2026 - Online Hackers are already using Large Language Models to map your attack surface, it’s time you used them to defend it. While we’ve spent years trying to write the perfect regex or rule-set to catch bugs, LLMs have unlocked a terrifyingly effective ability to understand the intent and context of our Symfony and PHP code. This session dives into the practical reality of using AI as an autonomous security researcher to uncover deep-seated vulnerabilities in Symfony applications that traditional tools simply cannot see. We will explore how to architect a high-speed security pipeline that feeds your codebase to an LLM to detect broken access control, complex injection paths, and logic flaws in real-time. You’ll walk away with a battle-tested strategy to weaponize AI against your own technical debt, turning the most unpredictable technology of our time into your most meticulous security auditor.

Migrations : C'est une question d'hygiène !

Fri, 22 May 2026 00:00:00 -0400

Talk given at the AFUP Day 2026 - Bordeaux Les migrations de nos outils de développement et d’infrastructure sont la hantise de nos business et de nos backlogs. Elles sont synonymes de tunnels de développement à rallonge, de risques incontrôlés et de "feature freeze" qui frustrent le business. On les repousse, on les redoute, jusqu'au jour où elles deviennent une urgence absolue... Et si l'erreur n'était pas la migration elle-même, mais la façon dont nous l'abordons ? Dans ce talk, nous verrons comment transformer ces montagnes en une série de toutes petites collines. L'idée ? Ne pas attendre la date butoir et la pression de nos managers. Dans ce talk, nous explorerons comment instaurer une "hygiène de vie" technique continue : des actions ciblées appliquées au quotidien, qui prépare le terrain sans paralyser la vélocité et les nouvelles features. Après tout, c’est comme pour le ménage, un peu tous les jours, c’est beaucoup plus agréable et simple à entretenir !

Rethinking API Platform Filters

Sun, 22 Mar 2026 00:00:00 -0400

Talk given at the Dutch PHP Conference 2026 - Amsterdam API Platform 4.1 and 4.2 unveils a revamped filter system featuring a brand-new syntax, inspired by the advancements introduced with Laravel support in version 4.0. These enhancements not only make filters more intuitive, flexible, and powerful for developers but also significantly evolve the codebase. In this talk, we’ll walk through my contribution to this transformation — from identifying the limitations of the previous approach to designing and implementing a simplified, consistent solution. Using practical examples, we’ll explore how these updates can streamline your API projects and reduce development complexity. To wrap up, we’ll discuss the next steps and potential enhancements planned for the filter system. Whether you’re new to API Platform or an experienced user, this session will provide valuable insights, helping you leverage these improvements for faster and cleaner API development.

API Platform: From Rest & GraphQL APIs to state-of-the-art standards in seconds

Sun, 22 Feb 2026 00:00:00 -0500

Talk given at the PHP UK 2026 - London API Platform is a totally open-source, out-of-the-box framework for making APIs that follow all the Web's best practices (standards, RFCs...) since its release, in 2015. In this talk, we'll see how in a matter of seconds, thanks to the contributions of around 1,000 developers since the framework was created, we can easily have a robust API with auto-generated documentation, via the Swagger UI, whether for a REST or GraphQL API. Through concrete examples and feedback, we'll explore how to contribute to API Platform and use it in your projects, whatever the complexity of your APIs. We'll look at extending automatic documentation, adding custom filters, and integrating your own custom data sources.

Detect hidden defects: Check your PHP tests

Fri, 13 Jun 2025 00:00:00 -0400

Slides for Symfony Online June 2025 Replay here Let's dive into the world of mutation testing and discover how it exposes invisible flaws in our code. Using the PHPInfection mutation testing tool with PHPUnit and the Pest testing framework, we'll see how we can strengthen our unit tests to resist the most subtle errors. Together, we'll take up the challenge of detecting hidden bugs and improving the robustness of our PHP projects.