No matter where you slice software engineering:

• architecture
• technology selection
• process
• etc.

The root cause of many, if not most problems, is the common absence of critical thinking in how we approach decision making. Instead of thinking critically about our engineering decisions, we often follow a Cargo Cult mentality or blindly follow the pronouncements of the Blowhard Jamboree. The end results all too often include suboptimal productivity, excessive spending, poor quality and cancelled projects.

When we think instead critically about a component of software engineering, we take it apart. We discard our presuppositions. We challenge tradition. We gather our own evidence. We question everything.

This talk will examine the pathologies associated with not thinking critically, including a tour of the antipatterns that can emerge from such a practice. We'll then walk through the concentric circles of the critical thinking process, including evidence evaluation, argument evaluation, and argument construction. You'll leave this session with a critical thinking framework which can be applied to software engineering as well as beyond.

Now that you've completed the “Critical Thinking in Software Engineering” lecture, it's time to put your new skills to work. In this session, we'll break up into teams. Each team will be presented with either an argument to evaluate or a problem situation for which you must construct an argument advocating a particular course of action.

Teams will then be responsible for presenting their evaluations and arguments to the group, and the group as a whole will evaluate the presentations.

Topics to include:

• Pair Programming Doesn't Work
• Craftsmanship: Friend or Foe?
• The Code IS the Design
• Rap Genius v. Heroku
• Containers and the Cloud
• Good Morning ORM!
• TDD: Guide or Guard Rail?
• Build Tool Battle Royale
• Our DB is Web Scale!
• To Estimate or Not To Estimate?

In this session we will look to see how we can refactor our learning - what tools, and methodologies can we use to help us learn quicker and better - how we can create a store that gives us quick access to information when we really need it.

We all work in an industry in which not only do the tools that we use change ever few years, but one in which we have to shift the very paradigms these tools are built on! Even the most trivial of projects entails tens of different toolkits, frameworks, and languages coming together, and somehow we need to know how to leverage each one. How does one keep up? Despite all our years in schools, and our in-born nature to learn, we often are never taught how to learn. How can we learn faster, and retain even more?

In this session we will take a look at various tools and techniques available to us and see how we can make our learning effective.

Find yourself overwhelmed with hundreds of to-dos? Is your hard-drive littered with dozens of killer ideas that you started with enthusiasm and then just fizzled away? Do you feel like you are moving as fast as can but only getting to the wrong place quicker? Well perhaps this session will help.

There are various techniques and strategies available to us today that aim to help with exactly this conundrum - from Getting Things Done ™ to Personal Kanban. Unfortunately it is often easy to be extremely productive using these systems, but not very effective. After all, it's not about getting things done, but getting the RIGHT things done. In this talk we will discuss not only how to get things done, but also attempt to figure out what it is you actually need to be doing.

In this session, I will attempt to show you how you can leverage various strategies to be more effective, knock to-dos out and have fun while doing it. If time permits we will close with an overview of the tools that are available to you, and how you can use these to become a to-do list ninja :)

So you've gotten a handle on Git and know how to use it for everyday development tasks like committing code and pushing and pulling changes with the rest of the team. But do you really know how it works under the covers? In this brief demonstration, we'll commit a file to a brand new repository without ever touching the git add or git commit commands, and in the process learn some critical Git internals that every power user should know.

We'll also take a look at some advanced history and undo commands like reflog and reset, and how to rewrite past mistakes with interactive rebase. Bring your questions and Git challenges for 90 minutes of advanced Git fun!

Most developers think of Git and GitHub as two sides of the same coin, but all too often our attention is focused on the Git side alone, and not on the capabilities of Planet Earth's most-used Git hosting service. More than two million developers have already joined the site that offers amazing features like pull requests, wikis, project pages, integrated web site hosting, issue tracking, metric visualizations, permission controls, and easy integration with third-party services.

Come to this talk to learn how to make better use of GitHub through the site's commonplace and advanced features alike.

A little old lady once challenged a well-known scientist’s explanation on the structure of the universe, countering that the world is really a flat plate supported on the back of a giant tortoise. The scientist rebutted the little old lady’s challenge with one of his own by asking what the tortoise was standing on. The little old lady’s sly reply was that it’s, “turtles all the way down.” So too is software architecture “turtles all the way down”.

In this session, we cover a broad range of topics that include challenging traditional practices of software architecture, examining what it takes to bring down the ivory tower, probing the paradoxical aspects of architecture’s goal, and investigating the inextricable link between temporal decisions and structural flexibility. From the highest level applications and services to the code that exists in the bowels of the system, and everything in between, we explore how an effective software architecture must be turtles all the way down. In the end, we will all have gained deep insight to the value of agile architecture.

Modularity is coming to the Java platform! Java 8 will introduce the Jigsaw module system. OSGi is here today. Don’t wait to start designing modular software. Contrary to popular belief, you don't need a framework or a new runtime to start building modular software applications. You can start today. Learn how!

In this session, we'll examine what it means to develop modular software on the Java platform. We'll examine the goals and benefits of modular software, and explore the patterns of modular architecture that help us develop modular software systems. With just a few easy steps, we'll see how to transform our software from a huge monolith to an extensible system of collaborating software modules. By examining an existing software system, we'll see first hand how we can increase software modularity with minimal disruption. You'll walk away not just with a much deeper understanding of the benefits of modular software, but also a migration roadmap for refactoring existing applications to increase their modularity. In other words, you'll see how to get ready today for the application platform of tomorrow.

OSGi was once heralded as a contender for most important technology of the decade. Today, most developers have heard of OSGi, but few are using it to develop their enterprise software applications.Is OSGi failing? Who is using it? And what exactly are its benefits?

In this session, we'll explain the benefits of OSGi, and show that it's not just for the middleware vendor. We'll learn how you can use OSGi without making significant changes to how you write your software applications. We'll explore the OSGi ecosystem, including platforms that support OSGi. Through code examination, we'll see how the Spring framework allows us to leverage OSGi in a non-invasive way. We'll discover how OSGi encourages Polyglot programming on the Java platform. And we'll take a brief glimpse into the future of modularity on the Java platform. You'll walk away with a much better understanding of OSGi, its strengths and benefits, how to use it effectively, as well as the myths surrounding its use.

The modularity patterns provide us with proven design techniques to develop a modular software architecture that is extensible, reusable, maintainable, and adaptable. In this session, we’ll explore 9 of the 18 modularity patterns.

This session introduces and examines the following patterns:

• Manage Relationships
• Module Reuse
• Cohesive Modules
• Acyclic Relationships
• Levelize Modules
• Physical Layers
• Container Independence
• Independent Deployment
• Levelize Build

The modularity patterns provide us with proven design techniques to develop a modular software architecture that is extensible, reusable, maintainable, and adaptable. In this session, we’ll explore the remaining 9 modularity patterns.

This session introduces and examines the following patterns:

• Published Interface
• External Configuration
• Default Implementation
• Module Facade
• Abstract Modules
• Implementation Factory
• Separate Abstractions
• Colocate Exceptions
• Test Module

Robert Martin assembled the SOLID family of principles to provide a useful guide to help us create object-oriented software designs that were resilient in the face of change. In recent years, the need to write highly-concurrent software in order to leverage increasingly ubiquitous multicore architectures, as well as general interest in more effectively controlling complexity in large software designs, has driven a renewed interest in the functional programming paradigm. Given the apparent similarity in their goals, “What is the intersection of SOLID with functional programming?” is a natural question to ask.

In this talk, we'll explore this intersection. We'll begin with a tour of the evolutionary patterns associated with enterprise software and programming paradigms, as well as take a look at the ongoing quest for best practices, the goal being to elucidate the motivation for examining this intersection of SOLID and functional programming. We'll then walk through each of the SOLID principles, examining them in their original object-oriented context, and looking at example problems and solutions using the Java language. Then for each principle, we'll examine its possible intersection with the functional programming paradigm, and explore the same problems and solutions using the Clojure language. We'll close by examining the transcendent qualities of the SOLID principles and how they can make any design simpler, regardless of the programming paradigm employed.

For much of the last two years I've delivered a two-part series at NFJS shows entitled “Effective Java Reloaded.” For all pracical purposes, it is an ala carte style rehash of the book Effective Java, written by Josh Bloch. One of my favorite parts of the discussion is of Item #15, which tells us to “Minimize Mutability.” If we turn this inside out, we're actually saying that we want to MAXIMIZE IMMUTABILITY. When we do this, we reap many benefits, such as code that is easier to reason about and that is inherently thread-safe. This can carry us a long way in the direction of program correctness and decreased complexity. However, when we start to program with immutability, several major questions arise.

First, the necessity of using a separate object for each distinct value, never reusing, or “mutating” an object, can quickly cause performance concerns. These concerns are amplified when we're talking about large collections such as lists and maps. These problems are largely solved by what we call “persistent data structures.” Persistent data structures are collections from which we create new values, not by copying the entire data structure and apply changes, but by creating a new structure which contains our changes but points at the previous structure for those elements which have not changed. This allows us to work with data structures in a very performant way with respect to time and resource consumption. We'll examine persistent data structures, their associated algorithms, and implementations on the JVM such as those found in the TotallyLazy library.

Second, because all of an immutable object's state must be provided at the time of construction, the construction of large objects can become very tedious and error prone. We'll examine how the Builder pattern can be applied to ease the construction of large objects, and we'll examine Builder implementations in Java and Groovy.

Third, we run into problems when we start to use frameworks that expect us to program in a mutable style. A prime example is Hibernate, which expects our persistent classes to follow the well-worn JavaBean convention, including a no argument constructor and getters and setters for each property. Such a class can never be mutable! So how do we program with frameworks such as Hibernate and yet still minimize mutability? The key is found in not letting frameworks dictate the way that you design your code. Just because the framework require something, don't let it force you to make the wrong decision. Use the framework as a tool to write your code, don't let your code be a tool of the framework. We'll examine strategies for doing exactly that.

You should come away from this talk better equipped to program in a way that minimizes mutability and maximizes immutability.

There is a good amount of excitement about the new version of Java. The big
evolution of course is the lambda expressions. In this presentation we will dive into the language features in Java 8, take a look at some of their nuances, and look at ways to put them to good use.

Java 8 language capabilities and application.

Programming concurrency has turned into a herculean task. I call the traditional approach as the synchronized and suffer model. Fortunately, there are other approaches to concurrency and you can reach out to those directly from your Java code.

In this presentation we will discuss the actor based concurrency and also the software transaction memory. We will then develop examples using AKKA and compare the power of these approaches in contrast to the traditional approach.

Invoke dynamic is a Java 7 feature that had the most impact at the bytecode level and also in terms of performance. First perceived as a feature to help dynamically typed languages on the JVM, it turned into a powerful feature that has been exploited quite a bit in the implementation of features in the Java
language itself.

In this presentation we will understand what problem this features really solves and how it has influenced other features in the Java language and on the Java platform.

Relational databases have ruled the world since the dawn of time (or so it appears). They power our enterprises and for many in the corporate world, it may be hard to imagine life without them. Each decade a novel idea would challenge the status quo and make a case to deviate for the tradition. A flock of enthusiastic programmers, like your humble speaker back in the early 90s, would throw their support around it, only to be crushed eventually by the large vendors and enterprise standards. But, the excitement around NoSQL has shown that enterprise data is not the only thing that's persistent.

In this presentation we'll learn how NoSQL deviates from those deep rooted traditional approaches, and how this may be useful. We will also discuss the situations where these types of databases may be more appropriate.

Poorly designed web applications fail to serve both the business and the users, leading to a unnecessary costs, and frustrated customers. By keeping the user in mind, and following a few simple guidelines, you can make huge leaps in the way your users interact with your applications.

In this session, we will focus on the enterprise - where the user-base is known and fairly consistent, but typically where user interface and interaction are not the top most priorities. We will discuss some rules for good design, look at a few simple design elements that can make your web apps shine, and your users rejoice.

In this session we will look at some JavaScript patterns, and how you can use them within your code.

No longer can you think of JavaScript as a kiddie-scripting language. JavaScript has now been promoted to a first-class citizen within your application - and with this, comes the need to think of better abstractions, code re-use - even thinking of establishing a common vocabulary to discuss approaches to writing better, cleaner and ultimately more maintainable JavaScript code.

After almost a decade and several significant releases, Spring has gone a long way from challenging the then-current Java standards to becoming the de facto enterprise standard itself. Although the Spring programming model continues to evolve, it still maintains backward compatibility with many of its earlier features and paradigms. Consequently, there's often more than one way to do anything in Spring. How do you know which way is the right way?

In this session, we'll explore several ways that Spring has changed over the years and look at the best approaches when working with the latest versions of Spring.

In this presentation, we'll see how to use Spring to create, secure, streamline, hyperlink, and consume REST APIs.

In modern applications, there are a diverse array of clients consuming content from the web. Each of these clients has unique capabilities and limitations, therefore demanding presentation of the application to be tailored to each device. As a result, presentation logic is often pushed into the client itself, leaving the application to serve a common data-oriented lightweight API to be consumed by each client.

In modern applications, Javascript is increasingly prevalent both on the client-side and to some degree on the server-side. As we continue to crank out more Javascript code, we're finding that many of the same hard-lessons we learned in writing decoupled Java code are equally desirable in Javascript code. Without the benefit of dependency injection and AOP, both Java and Javascript code can quickly become an unnavigable and untestable mess.

Where frameworks like Spring have helped us gain control over our Java code, Cujo.js similarly aims to give our Javascript code more structure and testability.

In this session, we'll look at Cujo.js, an “unframework” that provides dependency injection that takes Javascript's unique needs into consideration to create loosely-coupled code. We'll also see how, although Cujo.js isn't strictly a UI framework, elements of Cujo.js can be brought together to elegantly build client-side UIs.

Languages offer a lot more than syntax and compilers. They often have supporting libraries and special facilities that set them apart from other languages. Some languages offer special compiler support for a particular construct, like tail call optimization, for example. Others provide interesting library support or capabilities.

In this presentation we will dive into 12 cool things we can do with different languages on the JVM, things that are either impossible or hard to do in Java, but are quite easy and useful to realize in other popular languages on the JVM. If mixing these languages is an option on your projects, you'll have dozen more reasons after this presentation.

In recent years, the cloud has gone from Larry Ellison's “Maybe I'm an idiot, but I have no idea what anyone is talking about,” to Microsoft's “TO THE CLOUD!” to a central part of many companies IT strategy. At the same time, the way that we consume the cloud has continued to evolve. Many of today's cloud efforts revolve around utilization of various “infrastructure as code” products (e.g. Puppet and Chef) and homegrown automation to create deployment pipelines. When we start at this level, we often end up reinventing many of the same wheels as we climb the abstraction ladder.

Platform as a Service (PaaS) offerings are positioned to allow developers (and operators) to start climbing the abstraction ladder from a higher rung, shifting the model from machine-centric deployment to application-centric deployment. This session will focus on life as an application developer using Cloud Foundry as a PaaS, with demos using Pivotal's Hosted CF at http://run.pivotal.io.

We'll cover the following topics:

• Hello World: Pushing Java, Ruby, and Node.js apps
• Service Binding: Talking to DB's and other services
• Buildpacks: Flexible application runtime stacks
• “Places to Put Your Stuff”: organizations and spaces
• Promotion Pipelines: Dev to Test to Prod
• Scaling: From 1 instance to 100 instances in 30 seconds or less!
• Health Manager: No more 2 AM support calls…
• Blue-Green Deployments: Zero downtime for your users
• Deploying Cloud Foundry in YOUR data center
• It's Open Source and YOU can contribute!

Workshop Requirements

All parts will require:

• Git (“brew install git”)
• Your favorite Java editor (Eclipse, IntelliJ IDEA, Netbeans)
• The Cloud Foundry CLI - download the latest!

Needless to say you'll need a laptop! For best experience, a Mac or Linux environment is ideal (it's technically possible to get most of this working on Windows, but it's VERY DIFFICULT). Also, you'll need at least 8 GB of RAM to support running Cloud Foundry locally without too much of a performance hit.

Part one of the workshop will require a free account on Pivotal Web Services. You can create a 60-day trial with no credit card at https://run.pivotal.io.

Parts two and four will require the use of BOSH Lite. More instructions will be provided at the conference. But, to ease setup, please install the following dependencies (in addition to those for part one!):

• Virtualbox
• Vagrant
• Ruby 1.9.3 (rbenv or RVM are great options!)
• The BOSH CLI Ruby Gem (after installing Ruby via one of the version managers, “gem install bosh_cli” will do the trick)
• Spiff

An alternative to setting up BOSH Lite if you have trouble with the environment (or you are stuck on Windows!) is to use TryCF. This only requires an AWS account (obviously a credit card required) and an email address, and eliminates the need for this entire dependency list. The estimated cost is 28 cents per hour, so you won't run up a huge bill!

Part Three will require the use of a FREE Cloudbees account. Create one at https://grandcentral.cloudbees.com. Once you're set up, click on “Get Started with Builds” to provision your Jenkins instance. We'll complete the remainder of the setup during the lab, but it's important to get the Jenkins instance provisioned in advance so that you don't lose 10 minutes of workshop time!

It will also require the use of a FREE TRIAL account of Artifactory Online from JFrog. You can obtain an account at https://www.jfrog.com/registration/registration.html. This one is a bit quicker, but you still should try to create it before the workshop.

Have you ever wished that your local development sandbox could look exactly like production, but you've got a mismatch between your local OS and your production OS? And what about the age old “it works on my machine” excuse that quite often stems from differences between developer sandboxes? Many have turned to virtualization, creating a machine image that can be passed around the team. But who manages the template? How do you keep things in sync?

In this session, we'll explore Vagrant (http://www.vagrantup.com), an open source tool that allows you to easily create and manage virtual development environments that can be provisioned on demand and “thrown away” when no longer needed.

Vagrant is most powerful when we think of it as a tool to enable various workflows that are useful to software development teams. In this talk, we'll walk through the following workflows and examine Vagrant's contributions:

• Software development/spike sandbox management
• New team member onboarding/development workstation management
• Managing production-like environments on developer workstations
• Managing disposable integration testing environments
• Managing production environments

Getting software released to users is often a painful, risky, and time-consuming process. This workshop sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. Through automation of the build, deployment, and testing process, and improved collaboration between developers, testers and operations, delivery teams can get changes released in a matter of hours–sometimes even minutes–no matter what the size of a project or the complexity of its code base.

In this workshop we take the unique approach of moving from release back through testing to development practices, analyzing at each stage how to improve collaboration and increase feedback so as to make the delivery process as fast and efficient as possible. At the heart of the workshop is a pattern called the deployment pipeline, which involves the creation of a living system that models your organization's value stream for delivering software. We spend the first half of the workshop introducing this pattern, and discussing how to incrementally automate the build, test and deployment process, culminating in continuous deployment.

Getting software released to users is often a painful, risky, and time-consuming process. This workshop sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. Through automation of the build, deployment, and testing process, and improved collaboration between developers, testers and operations, delivery teams can get changes released in a matter of hours–sometimes even minutes–no matter what the size of a project or the complexity of its code base.

In this workshop we take the unique approach of moving from release back through testing to development practices, analyzing at each stage how to improve collaboration and increase feedback so as to make the delivery process as fast and efficient as possible. At the heart of the workshop is a pattern called the deployment pipeline, which involves the creation of a living system that models your organization's value stream for delivering software. We spend the first half of the workshop introducing this pattern, and discussing how to incrementally automate the build, test and deployment process, culminating in continuous deployment.

Getting software released to users is often a painful, risky, and time-consuming process. This workshop sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. Through automation of the build, deployment, and testing process, and improved collaboration between developers, testers and operations, delivery teams can get changes released in a matter of hours–sometimes even minutes–no matter what the size of a project or the complexity of its code base.

In the second half of the workshop, we introduce agile infrastructure, including the use of Puppet to automate the management of testing and production environments. We'll discuss automating data management, including migrations. Development practices that enable incremental development and delivery will be covered at length, including a discussion of why branching is inimical to continuous delivery, and how practices such as branch by abstraction and componentization provide superior alternatives that enable large and distributed teams to deliver incrementally.

Getting software released to users is often a painful, risky, and time-consuming process. This workshop sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. Through automation of the build, deployment, and testing process, and improved collaboration between developers, testers and operations, delivery teams can get changes released in a matter of hours–sometimes even minutes–no matter what the size of a project or the complexity of its code base.

In the second half of the workshop, we introduce agile infrastructure, including the use of Puppet to automate the management of testing and production environments. We'll discuss automating data management, including migrations. Development practices that enable incremental development and delivery will be covered at length, including a discussion of why branching is inimical to continuous delivery, and how practices such as branch by abstraction and componentization provide superior alternatives that enable large and distributed teams to deliver incrementally.

A Technology Radar is a tool that forces you to organize and think about near term future technology decisions, both for you and your company. This talk discusses using the radar for personal breadth development, architectural guidance, and governance.

ThoughtWorks Technical Advisory Board creates a “technology radar” twice a year, a working document that helps the company make decisions about interesting technologies and where we spend our time. ThoughtWorks then started conducting radar-building exercises for our clients, which provides a great medium for technologists company-wide to express their opinions about the technologies they use every day. For companies, creating a radar helps you document your technology decisions in a standard format, evaluate technology decisions in an actionable way, and create cross-silo discussions about suitable technology choices. This session describes the radar visualization and how to conduct a radar building session for yourself. After a brief introduction, the bulk of the workshop consists of attendees building a radar for the group, following the same procedure you'll use when you do this exercise at your company. At the end, we'll have created a unique Radar for this event and practiced doing it for yourself.

The word just came down from the VP - you need a mobile app and you need it yesterday. Wait, you've never built a mobile app…it's pretty much the same thing as you've built before just smaller right? Wrong. The mobile experience is different and far less forgiving. How do you design an application for touch? How does that differ from a mouse? Should you build a mobile app or a mobile web site? This workshop will get you started on designing for a new, and exciting, platform. Whether that means iPhone, Android, Windows Phone or something else, you need a plan, this talk will help.

We'll look at some popular web sites discussing what we would do differently in a mobile context and then take a look at the actual mobile experience to see what other designers actually did. Using paper, we'll work though a design or two of our own. We'll wrap up discussing various methods of creating a mobile app - should we use the web or build something native? What about shell apps? While we might not have all the answers, at the end of this workshop you'll know what questions to ask when thinking through your own situation.

Workshop Requirements

This workshop is more analog than digital - a laptop is not required. A pen or pencil though, is!

The word just came down from the VP - you need a mobile app and you need it yesterday. Wait, you've never built a mobile app…it's pretty much the same thing as you've built before just smaller right? Wrong. The mobile experience is different and far less forgiving. How do you design an application for touch? How does that differ from a mouse? Should you build a mobile app or a mobile web site? This workshop will get you started on designing for a new, and exciting, platform. Whether that means iPhone, Android, Windows Phone or something else, you need a plan, this talk will help.

We'll look at some popular web sites discussing what we would do differently in a mobile context and then take a look at the actual mobile experience to see what other designers actually did. Using paper, we'll work though a design or two of our own. We'll wrap up discussing various methods of creating a mobile app - should we use the web or build something native? What about shell apps? While we might not have all the answers, at the end of this workshop you'll know what questions to ask when thinking through your own situation.

Workshop Requirements

This workshop is more analog than digital - a laptop is not required. A pen or pencil though, is!

There is nothing better than looking at real-world examples to understand project failures and project successes. This session is intended to be an open conversation, based closely to a birds of a feature (BOF) session, however it will have a series of “that happened to me” topics throughout discussed from the perspective of technology.

Discussed will be a clients dating back from 2005. The actually client and there name will not be revealed, but the industry, the contraints and some of the outcomes will.

As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.

This training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.

The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.

Attendees will come away with the following skills / capabilities:

• threat modeling
• security audit plan
• introduction to Pen testing
• key / certificate management
• fixing web application security issues

Don't be the weakest link on the web!

As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.

This training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.

The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.

Attendees will come away with the following skills / capabilities:

• threat modeling
• security audit plan
• introduction to Pen testing
• key / certificate management
• fixing web application security issues

Don't be the weakest link on the web!

“To say of what is that it is not, or of what is not that it is, is false, while to say of what is that it is, and of what is not that it is not, is true” – Aristotle

This talk is a fun look at what is true, or what we think is true… how we know what we know or think we know and what it depends on. Through the evening we will learn about every day dichotomies that can lead to black and white thinking. We will use a dichotomous key to learn such things as; is a tomato a vegetable or a fruit? Is a carrot a vegetable or a fruit? As we reveal the truth, we will see how the perceived norms of the world are broken and in what way they are broken. With this new found knowledge we will discuss how to detect it and correct it. These are the foundational skills of the master craftsman… and that's the truth!

This is the first in a new series on resource-oriented systems. The goal of the series is to provide practical guidance on the design and implementation of next generation systems that are flexible, extensible, high-performance and future-friendly. The talks are designed to work as arc, building upon each other, but they should also stand alone. The first topic is a guided walk through of building quality REST APIs.

We will focus on the architecture of the Web and how it can help us model and manipulate our important business concepts. We will discuss the role of stable identifiers, intentional representation design, hypermedia affordances and architectural consistency. The goal is not to be “RESTful”, the goal is to build systems that display the properties we require.

This talk will be accessible for people new to REST, but also different enough that those who have attended previous REST talks will learn new things.

This is the second in a new series on resource-oriented systems. The goal of the series is to provide practical guidance on the design and implementation of next generation systems that are flexible, extensible, high-performance and future-friendly. The talks are designed to work as arc, building upon each other, but they should also stand alone. This second talk is an introduction to the use of Semantic Web technologies to enable collaboration without coordination.

REST is a means to an end, but it is not a satisfactory end state. It usually pushes complexity to the client in ways that make data integration difficult across multiple sources. The W3C Semantic Web initiative introduces us to new technologies for linking resources and querying across them in powerful new ways. We will learn about the RDF model, what it brings to the table and how we can use it connect information regardless of where and how it is stored. We will use the SPARQL protocol and query language to ask powerful questions of arbitrary resources. We will also see how we can create new information just by asking for it.

The surge of interest in the REpresentational State Transfer (REST) architectural style, the Semantic Web, and Linked Data has resulted in the development of innovative, flexible, and powerful systems that embrace one or more of these compatible technologies. However, most developers, architects, Information Technology managers, and platform owners have only been exposed to the basics of resource-oriented architectures.

This talk, based upon Brian Sletten's book of the same name, is an attempt to catalog and elucidate several reusable solutions that have been seen in the wild in the now increasingly familiar “patterns” style. These are not turn key implementations, but rather, useful strategies for solving certain problems in the development of modern, resource-oriented systems, both on the public Web and within an organization's firewalls.

In our industry, we have a problem. It's called the Software Problem. It is an embarrassing indictment of our capacity to deliver quality software on time and under budget. Beyond that, when we do deliver running code, it is often fragile and hard to extend. There are many reasons for this and many solutions. But one that does not get enough attention is how we approach information.

This is a theoretical discussion. You may not learn something you can use right away, but you may learn new ways of thinking about designing and building systems with an information-centric focus. We will discuss the roles of databases, services, software models, REST, the Web and the roles they all play together.

The basics of developing for the Android platform will be explored, from setting up the SDK to using the Android Studio IDE and the generated Gradle build files. No previous experience is required, other than a basic knowledge of Java.

After discussing how Android fits into the marketplace, we'll look at creating applications, how to use activities, and working with layouts.

Building on the the previous talk, we'll add intents, customized layouts for alternative configurations, talk about the activity lifecycle, use logging, and more.

We'll deploy to both emulators and connected devices, and change input styles.

Groovy isn't designed to replace Java – it just makes Java cleaner and easier to develop. This presentation will look at various tasks Java developers need to do and demonstrate ways Groovy can help.

Topics will include building and testing applications, accessing both relational and NoSQL databases, working with web services, and more.

This is a revised and updated version of the previous talk, with current thinking from practice and the literature. The talk presents why conflicts with your manager are inevitable based on differences in priorities and perspectives, and how to plan for them. The goal is to show you how to build the loyalty relationship that allows you to get what you need when you need it.

Topics covered will include diagnosing communication styles, lessons from game theory, working within the organizational hierarchy, and lessons on how to build a relationship with your manager that still allows you the freedom to express yourself and what you really want.

In this session, we're going to combine the magic of Spring Boot and the magic of Spring Data to yield something even more powerful. You'll see how to quickly build an application's persistence layer, whether it stores data in a RDBMS, Mongo, Neo4j, or several other popular data stores. You'll also see how to create a functioning REST API with nothing more than an interface and a domain type.

Spring Boot dramatically simplifies application development with Spring. But before Spring Boot came along, Spring Data was already making developers' lives easy when it comes to working with data. When combined, Spring Data and Spring Boot can make data persistence the easiest part of your application.

Developers are flocking to client side frameworks and, as a result, there are more and more JavaScript libraries attempting to solve the rich internet application problem. In a space where new libraries seem to spring up weekly, what framework should you choose for your next project? While there is consensus around basic ideas like Model View Whatever, there are some strong philosophical differences amongst the various libraries. In this talk, we'll look at the similarities and the differences of some emerging JavaScript libraries discussing why you need to be aware of this rapidly evolving aspect of software development.

Developers are flocking to client side frameworks and, as a result, there are more and more JavaScript libraries attempting to solve the rich internet application problem. In a space where new libraries seem to spring up weekly, what framework should you choose for your next project? While there is consensus around basic ideas like Model View Whatever, there are some strong philosophical differences amongst the various libraries. In this talk, we'll look at the similarities and the differences of some emerging JavaScript libraries discussing why you need to be aware of this rapidly evolving aspect of software development.

Spock is a groovy based testing framework that leverages all the “best practices” of the last several years taking advantage of many of the development experience of the industry. So combine Junit, BDD, RSpec, Groovy and Vulcans… and you get Spock!

This is a significant advancement in the world of testing.

This session assumes some understanding of testing and junit and builds on it. We will introduce and dig deep into Spock as a test specification and mocking tool.

Groovy has a very easy learning curve for Java developers, so many people become Groovy users without realizing all it can do. This presentation will examine features of Groovy that can make your life easier once you're past the initial adoption stage.

Examples will include closure coercion, mixins, simple runtime metaprogramming, operator overloading, drop and take, a tour through some of the overlooked methods in the Groovy JDK, and more.

Gradle is a compelling new build tool that incorporates the lessons learned from a decade of Ant and Maven. More than just a compromise between declarative and imperative build formats, or between convention and configuration, Gradle is a sophisticated software development platform that simple builds easy and complex, highly automated continuous software delivery pipelines possible to build. Using its extensible APIs and expressive DSL, you're equipped to build your next build.

Bring your laptop to this session for the following:

• Build a Java project
• Resolve transitive dependencies
• Run unit tests
• Build a Groovy project
• Create multi-project, polyglot builds
• Wrap your build with a repeatable version of Gradle
• Extend Gradle with custom tasks
• See the plugin architecture

In the words of John Gage, “The network is the computer”. At the heart of everything we do is a complex system of infrastructure from which we are often abstracted. For general application development this abstraction provides the convenience of simplifying our efforts. With a growing number of mobil applications with intermittent connectivity and higher latency, and with increased hostility on the network from a security standpoint, there is great value in pulling back the curtain and understanding the details of this computer.

This session will start with the underlying understanding of networking at a low level. At this level we will discuss, IP, MAC, ARP, DNS and DHCP. As we walk up an abstraction level, we discuss sockets, NAT, gateways and firewalls along with the use of TCP and UDP. Spending some time at this layer can make network developers more productive, as we look at tools which help us answer the question, “who owns this port?“, “where is this packet going?” and “What is my latency and why?“.

The session will end with a little fun looking at wifi, where will we sniff, snort, crack:) From a security stand point we will look at the challenges of wifi and how it has become the weakest component on the net.

This session is extremely fast-pace. The attendees will come away with a more enhanced understanding of the this thing we call the internet. It will include through discussion or demonstration tools such as tcproute, tcpdump, nemesis, nmap, tcpmon and wireshark.

In this session, we will take a look at Angular - a new MVC framework by Google. We will discuss some of the terminology that Angular offers, and see how we can use that to develop highly interactive, dynamic web applications. See “Detail” for a list of topics I cover and the Github repo URL

This is an intro-level talk we will take a look at Angular and developing rich web applications. Angular embraces HTML and CSS, allowing you to extend HTML towards your application, and uses plain JavaScript which makes your code easy to reuse, and test.

Note: This is an intro level talk. It is targeted towards developers who are curious about Angular and want to learn about the fundamental features and concepts in Angular.

Topics Covered -

• Bootstrapping an AngularJS application using ng-app
• ng-init and the evaluation {{ }} directive
• A brief look at $rootScope
• ng-model
• Controllers, Dependency Injection, and the View-Model ($scope)
• Looping using ng-repeat
• Forms using ng-form, form validation and submission in AngularJS
• Angular provided filters
• Making AJAX requests using $http

GitHub URL - https://github.com/looselytyped/angudone-backend/tree/solutions