New England Software Symposium
March 9 - 11, 2012 - Boston, MA
View the event details here ».
Ken Sipe
Architect, Web Security Expert
Ken has been a practitioner and instructor of RUP since the late 1990s, and an extreme programmer and coach since the middle 2000s. Ken has worked with Fortune 500 companies to small startups in the roles of developer, designer, application architect and enterprise architect. Ken's current focus is on enterprise system automation and continuous delivery systems.
Ken is an international speaker on the subject of software engineering speaking at conferences such as JavaOne, JavaZone, Jax-India, and The Strange Loop. He is a regular speaker with NFJS where he is best known for his architecture and security hacking talks. In 2009, Ken was honored by being awarded the JavaOne Rockstar Award at JavaOne in SF, California and the JavaZone Rockstar Award at JavaZone in Oslo, Norway as the top ranked speaker.
Presentations
Enterprise Security API library from OWASP
When it comes to cross cutting software concerns, we expect to have or build a common framework or utility to solve this problem. This concept is represented well in the Java world with the loj4j framework, which abstracts the concern of logging, where it logs and the management of logging. The one cross cutting software concern which seems for most applications to be piecemeal is that of security. Security concerns include certification generation, SSL, protection from SQL Injection, protection from XSS, user authorization and authentication. Each of these separate concerns tend to have there own standards and libraries and leaves it as an exercise for the development team to cobble together a solution which includes multiple needs.... until now... Enterprise Security API library from OWASP.
This session will look at a number of security concerns and how the ESAPI library provides a unified solution for security. This includes authorization, authentication of services, encoding, encrypting, and validation. This session will discuss a number of issues which can be solved through standardizing on the open source Enterprise Security API.
OOP Principles
For decades object-oriented programming has been sold (perhaps over sold) as the logical programming paradigm which provides “the way" to software reuse and reductions in the cost of software maintenance as if it comes for free with the simple selection of the an OO language. Even with the renewed interests in functional languages, the majority of development shops are predominately using object-oriented languages such as Java, C#, and Ruby. So most likely you are using an OO language… How is that reuse thing going? Is your organization realizing all the promises? Even as a former Rational Instructor of OOAD and a long time practitioner, I find great value in returning to the basics. This session is a return to object-oriented basics.
This session is intended to balance the often-touted theoretical object-oriented practices with lessons from the real world. The session will start with a review of some of the basics regarding abstractions and encapsulation. Although simple concepts, we will push the boundary of how these techniques are applied. We will discuss the difference between analysis and design and how that is reflected in our code. We will also look at the limitations of Java the language as outlined in Josh Block’s book “Effective Java”. The session will go past the basics of object-oriented principles and into what our true goals of development really are.
Getting Agile Right!
Whether you are just getting started, or you’ve made an attempt and well… it could be better… a lot better, this session is for you. Ken has been working on Agile projects as a coach and mentor for a number of years. Come discover the common reasons teams fail to get it right. Bring your own challenges and lets discuss. This is set to be an engaging and illuminating discussion.
This can be a dynamic discussion where challenges facing attendees may have us to focus on some areas and tips of agile development. We will certainly talk about how team or management choices to deviate from core agile practices add risk to a project with suggestions on how to resolve many of these challenges.
Spock - Unit Test and Prosper
Spock is a groovy based testing framework that leverages all the "best practices" of the last several years taking advantage of many of the development experience of the industry. So combine Junit, BDD, RSpec, Groovy and Vulcans... and you get Spock!
This is a significant advancement in the world of testing.
This session assumes some understanding of testing and junit and builds on it. We will introduce and dig deep into Spock as a test specification and mocking tool.
MongoDB: Scaling Web Applications
Google “MongoDB is Web Scale” and prepare to laugh your tail off. With such satire, it easy to pass off MongoDB as a passing joke… but that would be a mistake. The humor is in the fact there seems to be no end to those who parrot the MongoDB benefits without a clue. This session is about getting a clue.
Get past the hype and hyperbole associated with NoSQL. This session will introduce MongoDB through live working sessions demonstrating the pros and cons of MongoDB development. The session will then focus on a recent short project focused on large scale. We’ll discuss database design to support high scale read access. Throughout this case study we will discuss the consequences of the MongoDB choice. The session will finish with a review of the production topology to support growth in scale.
Web Security Workshop
As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.
This training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.
The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.
Attendees will come away with the following skills / capabilities: - threat modeling - security audit plan - introduction to Pen testing - key / certificate management - fixing web application security issues
Don't be the weakest link on the web!
Web Security Workshop
As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.
This training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.
The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.
Attendees will come away with the following skills / capabilities: - threat modeling - security audit plan - introduction to Pen testing - key / certificate management - fixing web application security issues
Don't be the weakest link on the web!
Books
by Gary Mak, Daniel Rubio, and Josh Long
List Price: $49.99
Price: $31.85
You Save: $18.14 (36%)
-
With over 3 million users/developers, Spring Framework is the leading “out of the box” Java framework. Spring addresses and offers simple solutions for most aspects of your Java/Java EE application development, and guides you to use industry best practices to design and implement your applications.
The release of Spring Framework 3 has ushered in many improvements and new features. Spring Recipes: A Problem-Solution Approach, Second Edition continues upon the bestselling success of the previous edition but focuses on the latest Spring 3 features for building enterprise Java applications. This book provides elementary to advanced code recipes to account for the following, found in the new Spring 3:
- Spring fundamentals: Spring IoC container, Spring AOP/ AspectJ, and more
- Spring enterprise: Spring Java EE integration, Spring Integration, Spring Batch, jBPM with Spring, Spring Remoting, messaging, transactions, scaling using Terracotta and GridGrain, and more.
- Spring web: Spring MVC, Spring Web Flow 2, Spring Roo, other dynamic scripting, integration with popular Grails Framework (and Groovy), REST/web services, and more.
This book guides you step by step through topics using complete and real-world code examples. Instead of abstract descriptions on complex concepts, you will find live examples in this book. When you start a new project, you can consider copying the code and configuration files from this book, and then modifying them for your needs. This can save you a great deal of work over creating a project from scratch!
What you’ll learn
- How to use the IoC container and the Spring application context to best effect.
- Spring’s AOP support, both classic and new Spring AOP, integrating Spring with AspectJ, and load-time weaving.
- Simplifying data access with Spring (JDBC, Hibernate, and JPA) and managing transactions both programmatically and declaratively.
- Spring’s support for remoting technologies (RMI, Hessian, Burlap, and HTTP Invoker), EJB, JMS, JMX, email, batch, scheduling, and scripting languages.
- Integrating legacy systems with Spring, building highly concurrent, grid-ready applications using Gridgain and Terracotta Web Apps, and even creating cloud systems.
- Building modular services using OSGi with Spring DM and Spring Dynamic Modules and SpringSource dm Server.
- Delivering web applications with Spring Web Flow, Spring MVC, Spring Portals, Struts, JSF, DWR, the Grails framework, and more.
- Developing web services using Spring WS and REST; contract-last with XFire, and contract–first through Spring Web Services.
- Spring’s unit and integration testing support (on JUnit 3.8, JUnit 4, and TestNG).
- How to secure applications using Spring Security.
Who this book is for
This book is for Java developers who would like to rapidly gain hands-on experience with Java/Java EE development using the Spring framework. If you are already a developer using Spring in your projects, you can also use this book as a reference—you’ll find the code examples very useful.
Table of Contents
- Introduction to Spring
- Advanced Spring IoC Container
- Spring AOP and AspectJ Support
- Scripting in Spring
- Spring Security
- Integrating Spring with Other Web Frameworks
- Spring Web Flow
- Spring @MVC
- Spring RESTSpring and Flex
- Grails
- Spring Roo
- Spring Testing
- Spring Portlet MVC Framework
- Data Access
- Transaction Management in Spring
- EJB, Spring Remoting, and Web Services
- Spring in the Enterprise
- Messaging
- Spring Integration
- Spring Batch
- Spring on the Grid
- jBPM and Spring
- OSGi and Spring
Price: $31.85
You Save: $18.14 (36%)
-
With over 3 million users/developers, Spring Framework is the leading “out of the box” Java framework. Spring addresses and offers simple solutions for most aspects of your Java/Java EE application development, and guides you to use industry best practices to design and implement your applications.
The release of Spring Framework 3 has ushered in many improvements and new features. Spring Recipes: A Problem-Solution Approach, Second Edition continues upon the bestselling success of the previous edition but focuses on the latest Spring 3 features for building enterprise Java applications. This book provides elementary to advanced code recipes to account for the following, found in the new Spring 3:
- Spring fundamentals: Spring IoC container, Spring AOP/ AspectJ, and more
- Spring enterprise: Spring Java EE integration, Spring Integration, Spring Batch, jBPM with Spring, Spring Remoting, messaging, transactions, scaling using Terracotta and GridGrain, and more.
- Spring web: Spring MVC, Spring Web Flow 2, Spring Roo, other dynamic scripting, integration with popular Grails Framework (and Groovy), REST/web services, and more.
This book guides you step by step through topics using complete and real-world code examples. Instead of abstract descriptions on complex concepts, you will find live examples in this book. When you start a new project, you can consider copying the code and configuration files from this book, and then modifying them for your needs. This can save you a great deal of work over creating a project from scratch!
What you’ll learn
- How to use the IoC container and the Spring application context to best effect.
- Spring’s AOP support, both classic and new Spring AOP, integrating Spring with AspectJ, and load-time weaving.
- Simplifying data access with Spring (JDBC, Hibernate, and JPA) and managing transactions both programmatically and declaratively.
- Spring’s support for remoting technologies (RMI, Hessian, Burlap, and HTTP Invoker), EJB, JMS, JMX, email, batch, scheduling, and scripting languages.
- Integrating legacy systems with Spring, building highly concurrent, grid-ready applications using Gridgain and Terracotta Web Apps, and even creating cloud systems.
- Building modular services using OSGi with Spring DM and Spring Dynamic Modules and SpringSource dm Server.
- Delivering web applications with Spring Web Flow, Spring MVC, Spring Portals, Struts, JSF, DWR, the Grails framework, and more.
- Developing web services using Spring WS and REST; contract-last with XFire, and contract–first through Spring Web Services.
- Spring’s unit and integration testing support (on JUnit 3.8, JUnit 4, and TestNG).
- How to secure applications using Spring Security.
Who this book is for
This book is for Java developers who would like to rapidly gain hands-on experience with Java/Java EE development using the Spring framework. If you are already a developer using Spring in your projects, you can also use this book as a reference—you’ll find the code examples very useful.
Table of Contents
- Introduction to Spring
- Advanced Spring IoC Container
- Spring AOP and AspectJ Support
- Scripting in Spring
- Spring Security
- Integrating Spring with Other Web Frameworks
- Spring Web Flow
- Spring @MVC
- Spring RESTSpring and Flex
- Grails
- Spring Roo
- Spring Testing
- Spring Portlet MVC Framework
- Data Access
- Transaction Management in Spring
- EJB, Spring Remoting, and Web Services
- Spring in the Enterprise
- Messaging
- Spring Integration
- Spring Batch
- Spring on the Grid
- jBPM and Spring
- OSGi and Spring
