After almost a decade and several significant releases, Spring has gone a long way from challenging the then-current Java standards to becoming the de facto enterprise standard itself. Although the Spring programming model continues to evolve, it still maintains backward compatibility with many of its earlier features and paradigms. Consequently, there's often more than one way to do anything in Spring. How do you know which way is the right way?
In this session, we'll explore several ways that Spring has changed over the years and look at the best approaches when working with the latest versions of Spring.
In this session, we'll look at OAuth, focusing on OAuth 2, from the perspective of an application that consumes an OAuth-secured API as well as see how to use OAuth to secure your own APIs.
Web security is nothing new. As users of the web, we're all accustomed to entering our usernames and fumbling to recall our passwords when trying to access private data on one of the many online services we use. But while traditionally web security could be described as a two-party process between a web application and a user, the modern web involves applications that seek to access other applications on behalf of their users. This presents some new challenges in keeping a user's sensitive data secure while still allowing a the third party application to access it.
OAuth is an open standard for authorization, supported by many online services, that allows one application to access a user's data in another application, all while giving the user control of what information is shared.
The word just came down from the VP - you need a mobile app and you need it yesterday. Wait, you've never built a mobile app…it's pretty much the same thing as you've built before just smaller right? Wrong. The mobile experience is different and far less forgiving. How do you design an application for touch? How does that differ from a mouse? Should you build a mobile app or a mobile web site? This talk will get you started on designing for a new, and exciting, platform. Whether that means iPhone, Android, Windows Phone or something else, you need a plan, this talk will help.
The word just came down from the VP - you need a mobile app and you need it yesterday. Wait, you've never built a mobile app…it's pretty much the same thing as you've built before just smaller right? Wrong. The mobile experience is different and far less forgiving. How do you design an application for touch? How does that differ from a mouse? Should you build a mobile app or a mobile web site? This talk will get you started on designing for a new, and exciting, platform. Whether that means iPhone, Android, Windows Phone or something else, you need a plan, this talk will help.
Mobile is the next big thing and your company needs to there. But what does there actually entail? Should you build a native app? On which platforms? Do you have the skills for that? What about the web? Can you deliver an awesome experience using nothing but a mobile web browser? This talk will help you navigate these treacherous waters. We'll discuss the pros and cons of the various approaches and give you a framework for choosing.
Mobile is the next big thing and your company needs to there. But what does there actually entail? Should you build a native app? On which platforms? Do you have the skills for that? What about the web? Can you deliver an awesome experience using nothing but a mobile web browser? This talk will help you navigate these treacherous waters. We'll discuss the pros and cons of the various approaches and give you a framework for choosing.
Technology changes, it's a fact of life. And while many developers are attracted to the challenge of change, many organizations do a particularly poor job of adapting. We've all worked on projects with, ahem, less than new technologies even though newer approaches would better serve the business. But how do we convince those holding the purse strings to pony up the cash when things are “working” today? At a personal, how do we keep up with the change in our industry?
This talk will explore ways to stay sharp as a software professional. We'll talk about how a technology radar can help you stay marketable (and enjoying your career) and how we can use the same technique to help our companies keep abreast of important changes in the technology landscape. Of course it isn't enough to just be aware, we have to drive change - but how? This talk will consider ways we can influence others and lead change in our organizations.
You've heard a bit about Git, Gradle, Jenkins, and Sonar, but are you putting them to use? Are you maximizing what they can offer in terms of standardized project models, faster incremental compiles, automated commit-triggered builds, and rapid source code analysis? In this intense presentation, live demonstrations will be given for all of the latest versions of the aforementioned tools and what they have to offer a highly proficient Java developer.
Don't struggle to get the build out, functioning, and analyzed. Develop, build, analyze and deploy smartly and efficiently with a Build Lifecycle Craftsmanship approach and tooling.
You're serious about improving the quality of your code base, but with 10,000 lines of code, where do you start and how do you ensure the greatest ROI for the re-work your team members will perform?
Sonar is an open source tool that brings together the best of breed static and dynamic analysis of Java projects. The result is a unified view of problematic areas of your code on a time-line basis, allowing the team to attack the problems with the best ROI, and maintain a more watchful eye for positive and risky trends in the codebase in the future.
This workshop will get you up and running with Sonar on your laptop and analyzing the source code of a project in under 90 minutes.
java -version
and javac -version
reporting back a 1.6.x series version number in both cases.JAVA_HOME
environment variable set to point to the JDK (not a JRE)git
is on your PATH
(in the environment variable list of paths)Git is a version control system you may have been hearing a bit about lately. But simply hearing more about it may not be enough to convince you of its value. Getting hands on experience is what really counts. In this workshop, you'll bring your Windows, Mac or Linux laptop and walk through downloading, installing, and using Git in a collaborative fashion.
The workshop style of this class will allow you to observe and discover the value of this new version control tool first hand. You'll be cloning, creating, commiting, and pushing repositories by the conclusion of this session.
git
is on your PATH
(in the environment variable list of paths)Gradle. Another build tool? Come on! But before you say that, take a look at the one you are already using.
Whether your current tool is Make, Rake, Ant, or Maven, Gradle has a lot to offer. It leverages a strong object model like Maven, but a mutable, not predetermined one. Gradle relies on a directed acyclic graph (DAG) lifecycle like Maven, but one that can be customized. Gradle offers imperative build scripting when you need it (like Ant), but declarative build approaches by default (like Maven). In short, Gradle believes that conventions are great – as long as they are headed in the same direction you need to go. When you need to customize something in your build, your build tool should facilitate that with a smile, not a slap in the face. And customizations should be in a low-ceremony language like Groovy. Is all this too much to ask?
Gradle has received the attention of major open source efforts and has chalked up significant conversions by the Spring Integration, Hibernate, and Grails projects. What do these technology leaders see in this bold new build tool? They see not only a better way to build Java applications, but an extensive ecosystem of connecting to existing Ant and Maven build files while expanding the horizon of test, CI, and deployment automation in an easy manner. Join us for 90 minutes and let us take you on this same walk of discovery of the most innovative build tool you've ever seen.
java -version
and javac -version
reporting back a 1.6.x series version number in both cases.JAVA_HOME
environment variable set to point to the JDK (not a JRE)The second in a series of talks that are part of an arc covering next-generation information-oriented, flexible, scalable architectures. The ideas presented apply to both external and internal-facing systems.
People already familiar with REST (or who have attended the first session) will be walked through the deeper topics of building Level 3 Hypermedia-based RESTful systems, security, content negotiation, etc.
The third in a series of talks that are part of an arc covering next-generation information-oriented, flexible, scalable architectures. The ideas presented apply to both external and internal-facing systems.
The move to a good REST API yields an explosive combination of options due to content-negotiation and arbitrary workflows. At the same time, the uniform interface you project (representations, how you respond to verbs, response codes, etc.) becomes your contract with your clients. The API itself becomes a completely transportable, reusable bit of organizational knowledge when done well. Testing it sufficiently will give you a safety net but may drive you crazy unless you do it right. We will walk through the use of Behavior-Driven Development (BDD) to test these kinds of APIs.
We will highlight the problems of sufficiently testing REST APIs while providing a rich and relatively straight-forward solution to the problem. We will use a Behavior-Driven Development (BDD) tool like Cucumber to establish reusable steps and comprehensive, but lightweight testing strategies for testing REST APIs.
This talk will not be an introduction to REST. If you have come to the REST I or REST II talk, or have a good understanding, it should be very accessible.
Getting software released to users is often a painful, risky, and time-consuming process. This workshop sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. This workshop focuses on the Deployment Pipeline concept from Continuous Delivery.
In this workshop I move from release back through testing to development practices, analyzing at each stage how to improve collaboration and increase feedback so as to make the delivery process as fast and efficient as possible. At the heart of the workshop is a pattern called the deployment pipeline, which involves the creation of a living system that models your organization's value stream for delivering software. I spend the first half of the workshop introducing this pattern, and discussing how to incrementally automate the build, test and deployment process, culminating in continuous deployment.
Getting software released to users is often a painful, risky, and time-consuming process. This workshop sets out the principles and technical practices that enable rapid, incremental delivery of high quality, valuable new functionality to users. This workshop focuses on the agile infrastructure required to implement a deployment pipeline and continuous delivery.
In this workshop, I introduce agile infrastructure, including the use of Puppet to automate the management of testing and production environments. We discuss automating data management, including migrations. Development practices that enable incremental development and delivery will be covered at length, including a discussion of why branching is inimical to continuous delivery, and how practices such as branch by abstraction and componentization provide superior alternatives that enable large and distributed teams to deliver incrementally.
For a long while, we've built applications pretty much the same way. Regardless of the frameworks (or even languages and platforms) employed, we've packaged up our web application, deployed it to a server somewhere, and asked our users to point their web browser at it.
But now we're seeing a shift in not only how applications are deployed, but also in how they're consumed. The cost and hassle of setting up dedicated servers is driving more applications into the cloud. Meanwhile, our users are on-the-go more than ever, consuming applications from their mobile devices more often than a traditional desktop browser. And even the desktop user is expecting a more interactive experience than is offered by simple page-based HTML sites.
With this shift comes new programming models and frameworks. It also involves a shift in how we think about our application design. Standing up a simple HTML-based application is no longer good enough.
In this session, we'll discuss what the next generation of applications looks like, exploring such things as the mobile web and cloud computing. We'll also dig into some of the technologies and practices such as REST, OAuth, and JavaScript microframeworks that enable us to move forward.
Alternative databases continue to establish their role in the technology stack of the future—and for many, the technology stack of the present. Making mature engineering decisions about when to adopt new products is not easy, and requires that we learn about them both from an abstract perspective and from a very concrete one as well. If you are going to recommend a NoSQL database for a new project, you're going to have to look at code.
In this talk, we'll examine three important contenders in the NoSQL space: Cassandra, MongoDB, and Neo4J. We'll review their data models, scaling paradigms, and query idioms. Most importantly, we'll work through the exercise of modeling a real-world problem with each database, and look at the code and queries we'd use to implement real product features. Come to this session for a thorough and thoroughly practical smackdown between three important NoSQL products.
Neo4j is an open-source, enterprise-class database with a conventional feature set and a very unconventional data model. Like the databases we're already used to, it offers support for Java, ACID transactions, and a feature-rich query language. But before you get too comfortable, you have to wrap your mind around its most important feature: Neo4j is a graph database, built precisely to store graphs efficiently and traverse them more performantly than relational, document, or key/value databases ever could.
Neo4j is an obvious fit to anyone who thinks they have a graph problem to solve, but this is not many people. It turns out that the most interesting property of Neo4j is its architectural agenda. It wants you to think of the entire world as a graph—as a set of connected information resources. Steeped in the thinking of resource oriented architecture, this NoSQL database wants to change the way you look at your world, and unlock new value in your data as a result.
When you want to measure fractions of a millimeter, you get a micrometer. When you want to measure centimeters, you get a ruler. When you want to measure kilometers, you might use a laser beam. The abstract task is the same in all cases, but the tools differ significantly based on the size of the measurement.
Likewise, there are some computations that can be done quickly on data structures that fit into memory. Some can't fit into memory, but will fit on the direct-attached disk of a single computer. But when you've got many terabytes or even petabytes of data, you need tooling adapted to the scale of the task. Enter Hadoop.
Hadoop is a widely-used open source framework for storing massive data sets in distributed clusters of computers and efficiently distributing computational tasks around the cluster. Come learn about the Hadoop File System (HDFS), the MapReduce pattern and its implementation, and the broad ecosystem of tools, products, and companies that have grown up around this ground-breaking project.
In this session, we'll start with an empty directory and use Spine.js to create an interactive client-side web application. Then we'll leverage what we learned to build a mobile web application with a native feel that can be deployed either through a phone's web browser or via native wrapper frameworks such as Apache Cordova (aka, PhoneGap).
Model View Controller (MVC) is often thought of in terms of server-side frameworks such as Spring MVC and Struts. But as web applications become more interactive, it becomes important to apply the same principles in the client. Roll-your-own MVC in JavaScript is possible, but as was the case with server-side MVC frameworks, it can get messy and is often better to seek out help from established frameworks.
Recently, several JavaScript-based microframeworks have emerged to address these concerns in the browser. Spine.js is one such framework that brings MVC to the client-side of web development. Based in CoffeeScript, Spine.js stands out due to its simplicity and a programming model resembling that of Rails and Grails. Also, unlike many other client-side MVC frameworks, Spine.js has a clear and well-paved path to mobile application development.
In this session, I'll show you how to secure your Spring application with Spring Security 3.2. You'll see how to declare both request-oriented and method-oriented security constraints. And you'll see how SpEL can make simple work of expressing complex security rules.
Although we may invite guests into our homes and give someone a ride in our car, we locks and alarms on our homes and our cars to keep uninvited and malicious visitors out. Similarly, we allow people to use the applications that we develop, but we probably want to control the access that they have.
Security is an important aspect of any application. And while we could program security rules into the web controllers and methods in our application, we'd find ourselves cluttering our business logic with repetitive security code. Security is a cross-cutting concern–begging to be handled with aspect-oriented techniques.
Spring Security is an authentication and access-control framework based on Spring that provides security aspects. With Spring Security, you can declare who is allowed to access your application and what they're allowed to see, keeping your application logic focused and uncluttered with security details.
The first in a series of talks that are part of an arc covering next-generation information-oriented, flexible, scalable architectures. The ideas presented apply to both external and internal-facing systems.
The REpresentational State Transfer (REST) architectural style has emerged as a winning strategy for building scalable, flexible, resilient systems that lead with an information focus. Far from being the simple “Web Services through URLs” idea many people have about them, REST-based systems require a new perspective, a fair amount of consideration and the discipline to look beyond simple point-to-point interactions.
The benefits are exciting and provide a gateway to a whole new world of information technology. This first talk will be an introductory session covering the basics of the REST architectural style.
This presentation seeks to provide a solid introduction to the fundamentals of DDD. Learn why modeling a complex business domain in software is so advantageous to your business and ways in which your team can go about delivering software models to give your business a competitive edge.
The philosophy of domain-driven design (DDD) – first described by Eric Evans in his book [of the same name – is about placing our attention at the heart of the application, focusing on the complexity that is intrinsic to the business domain itself. We also distinguish the core domain (unique to the business) from the supporting sub-domains (typically generic in nature, such as money or time), and place appropriately more of our design efforts on the core.
Domain-driven design consists of a set of patterns for building enterprise applications from the domain model out. In your software career you may well have encountered many of these ideas already, especially if you are a seasoned developer in an OO language. But applying them together will allow you to build systems that genuinely meet the needs of the business.
The premise of domain-driven design is two-fold:
Domain-driven design is not a technology or a methodology. It is a way of thinking and a set of priorities, aimed at accelerating software projects that have to deal with complicated domains.
Note: Laptops are not required - there is no hands-on coding for this workshop.
This workshop consists of lecture and participation exercises.
Note that there is no hands-on coding for this workshop so laptops will not be required. Bring materials for taking notes.
Not every part of a software system will be well-designed. How do you know where to put the time and effort to refine the design, or refactor existing code? Learn how strategic Domain-Driven Design (DDD) patterns can show you how to know which parts of your system matter most to your business and how to focus your team's design efforts most effectively.
Context mapping and Core Domain are key concepts in DDD, providing valuable techniques and insights into where to focus your design attention, yet most developers have never heard of them. This session will introduce the tools of strategic DDD and show you how they can shine a light on your design challenges.
Come on a guided tour of how applying Domain-Driven Design (DDD) building block patterns can make your code cleaner, more expressive, and more amenable to change. We cover examples of DDD patterns such as entities, value objects, closure of operations and side-effect-free functions. We will focus particularly on how implementing value objects can lead to more supple design.
When good design really matters, DDD building block patterns enable your design to model the business domain you are working with more richly. They allow you to collaborate with domain experts to build deep, useful models of the domain in your code that solve difficult business problems with elegance and simplicity.
This is a highly interactive modeling session which walks through diagrams and code samples to demonstrate how the application of these patterns to modeling can make writing and reading coding fun again, while improving the effectiveness of the code you write. Come prepared to think, ask and answer questions, and learn how to write the best code where it matters most.
Many of the problems encountered in scaling, parallelizing and distributing systems that tend to be addressed in ad-hoc ways are actually deeply connected with the manner in which the business domain has been modeled. Domain-Driven Design (DDD) has rich modeling resources for tackling concurrency, transactional and distribution boundary issues within the domain model itself, enabling teams to be more effective in dealing with business complexity and change.
Learn about how aggregates can enrich your domain models, improve system performance and loosely couple your systems. We will give examples of how aggregate design choices are manifested in NoSQL data schemas, focusing particularly on MongoDB, and the consequences of making these choices for domain modeling, performance, and scaling.
This presentation explores the nature of motivation and the place of metrics and measurement in software development, and how lean software development principles and practices shed light on motivation and metrics and how they can be used to support deep organizational improvement.
We will examine the nature of motivation in terms of the four intrinsic rewards that drive positive engagement, and also how certain approaches to measuring and managing performance lead to organizational dysfunction. We will also show how the application of lean principles such as building quality into the product, respect for people and optimizing the whole enable more effective approaches to motivation and metrics in software development.
Whether you are just getting started, or you’ve made an attempt and well… it could be better… a lot better, this session is for you. Ken has been working on Agile projects as a coach and mentor for a number of years. Come discover the common reasons teams fail to get it right. Bring your own challenges and lets discuss. This is set to be an engaging and illuminating discussion.
This can be a dynamic discussion where challenges facing attendees may have us to focus on some areas and tips of agile development. We will certainly talk about how team or management choices to deviate from core agile practices add risk to a project with suggestions on how to resolve many of these challenges.
Of all the non-functional requirements of software development, complexity receives the least attention and seems to be the most important from a long term standard point. This talk will look at some of forces that drive complexity at the code level and at a system level and their impact. We will discuss what causes us to over look complexity, how our perception of it changes over time and what we can do about it?
In this session we will break down the meaning of complexity and simplicity and measure the application of those means against the common software development dogma. Looking at common development trends and pressures, we'll discuss where simplify does and doesn't help. We will examine areas of development which at first glance seem to be simple (such as the creation of an equals method in Java), that end up being difficult or impossible based on normal constraints. We will example the drivers of complexity with some discussion on what you can do about it. This session will finish with a discussion around several challenges to high scale software architectures and how to keep it simple.
Most of the time when people talk about agile software development, they talk about project and planning practices and never mention actual development practices. This talk delves into best development practices for agile projects, covering all of its aspects.
Most of the time when people talk about agile software development, they talk about project and planning practices but never mention actual development, as if development where an afterthought when writing software. This talk bills into the real details of how to do agile development. I discuss best practices like continuous integration, pair programming, how developers should interact with story cards, how to handle enterprise concerns like integration with other software packages, and a slew of other topics related to agile software development.
A Technology Radar is a tool that forces you to organize and think about near term future technology decisions, both for you and your company. This talk discusses using the radar for personal breadth development, architectural guidance, and governance.
ThoughtWorks Technical Advisory Board creates a “technology radar” twice a year, a working document that helps the company make decisions about interesting technologies and where we spend our time. ThoughtWorks then started conducting radar-building exercises for our clients, which provides a great medium for technologists company-wide to express their opinions about the technologies they use every day. For companies, creating a radar helps you document your technology decisions in a standard format, evaluate technology decisions in an actionable way, and create cross-silo discussions about suitable technology choices. This session describes the radar visualization and how to conduct a radar building session for yourself. After a brief introduction, the bulk of the workshop consists of attendees building a radar for the group, following the same procedure you'll use when you do this exercise at your company. At the end, we'll have created a unique Radar for this event and practiced doing it for yourself.
Economics, psychology, game theory, and marketing; those fields of study imply a distinct lack of semicolons and curly braces. However, even the venerable Adam Smith, were he alive today, would recognize the applicability of those seemingly tangential components to the business we call software.
Many of us self-identify with the hard core branding of “geek” and “nerd,” or the softer choices, “programmer” and “developer.” However, we rarely hear mentioned “business person,” “saleswoman,” salesman,” “inventor,” “strategist,” or “economist,” yet they are equally, if not more accurate in the description of the talents of a software craftsperson. Though unstated, we, as developers, are expected to be skilled in each of those areas. Rarely in business are so many combined talents expected from an individual contributor.
Together, we'll harness the secrets that classical and 20th century research have uncovered from observing strategic interactive decision making through a large lens. Surprisingly, smart businesses and crafty developers are just now able to fully leverage these historical findings with the advent of commodity big-data processing, machine learning, evolutionary game theory, and a dash of intuition. All of these tactics can be neatly tied together via the occasionally-maligned threads of pop psychology and behavioral economics. Discover how to seat these newfound applications of knowledge in their well-deserved place at the table of computer science for better playing of the game that we call “programming.”
Learning the syntax of a new language is easy, but learning to think under a different paradigm is hard.
Learning the syntax of a new language is easy, but learning
to think under a different paradigm is hard. This session
helps you transition from a Java writing imperative programmer to a
functional programmer, using Java, Clojure and Scala for
examples. This session takes common
topics from imperative languages and looks at alternative ways of
solving those problems in functional languages. As a Java developer, you know how to achieve code-reuse
via mechanisms like inheritance and polymorphism. Code reuse is
possible in functional languages as well, using high-order
functions, composition, and multi-methods. I show examples from my book Functional Thinking of shifting your perspective on problems, ceding messy details to the language, working smarter, not harder, and how to deal with multiparadigm languages.
Interested in HTML5? Want a change to play around with the latest and greatest in web app development? This workshop is for you! We'll cover feature detection, web forms, the new HTML elements, take a spin around the canvas, and we'll finish up with offline/local storage and web sockets.
Detecting 101
Before you can take advantage of a new HTML5 feature, you have to make sure a given browser can support it. This section will cover the basics of detection as well as getting the most out of rocking cool libraries like Modernizer. We'll also look at just what to do when a browser doesn't support a feature you're trying to leverage.
New elements
Along with a new human type-able doctype, HTML5 introduces several new semantic elements. Recognizing that nearly every website in existence has a header, a footer and some navigation divs, HTML5 gives us a header, a footer and a nav element along with a few others. HTML5 seeks to pave cowpaths, not force the web to bend to its ways…
Canvas
One of the most exciting features of HTML5 is the canvas, a space you can use to draw anything from shapes to text to, well, anything! From basic drawing to graphs to full fledged games, canvas opens up a whole new world of possibility, a world sans browser plugins.
Local Storage
Web apps are, in many cases, indistinguishable from their thick client brethren, at least if you're not on an airplane. OK, so many planes have wifi, but there are parts of the world that don't have reliable Internet connections! Thanks to local storage and the offline API, all is not lost - you can create a web app that works offline.
Web sockets and web workers
Ajax is like so many things in the web world - a simple (but very powerful) hack that isn't defined by a spec. With the advent of the web socket API, we'll finally have a native way to have bi-directional communication with the server. As we create richer and richer clients, we're writing more and more JavaScript. While the JS engines are getting faster and faster, there are cases where it'd be very handy to run scripts in the background. Web workers give us just such an opportunity.
You're all over jQuery - you write plugins in your sleep - and before that, you were a Prototype ninja. Your team treats JavaScript like a first class citizen, you've even written more tests than Kent Beck. Is that all there is in the land of the JavaScript developer? Believe it or not, the JavaScript party hasn't stopped. What other libraries are out there? What do they offer? This talk will survey the field of modern JavaScript libraries getting you up to speed on what's new. We'll dive in just deep enough to whet your appetite on a wide variety of libraries such as Backbone, Underscore, Zepto and more.
You're all over jQuery - you write plugins in your sleep - and before that, you were a Prototype ninja. Your team treats JavaScript like a first class citizen, you've even written more tests than Kent Beck. Is that all there is in the land of the JavaScript developer? Believe it or not, the JavaScript party hasn't stopped. What other libraries are out there? What do they offer? This talk will survey the field of modern JavaScript libraries getting you up to speed on what's new. We'll dive in just deep enough to whet your appetite on a wide variety of libraries such as Backbone, Underscore, Zepto and more.
As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.
This training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.
The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.
Attendees will come away with the following skills / capabilities:
Don't be the weakest link on the web!
As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.
This training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.
The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.
Attendees will come away with the following skills / capabilities:
Don't be the weakest link on the web!
The Web is changing faster than you can imagine and it is going to continue to do so. Rather than starting over from scratch each time, it builds on what has succeeded already. Webs of Documents are giving way to machine-processable Webs of Information. We no longer care about data containers, we only care about data and how it connects to what we already know.
Roughly 25% of the Web is semantically marked up now and the search engines are indexing this information, enriching their knowledge graphs and rewarding you for providing them with this information.
In the past we had to try to convince developers to adopt new data models, storage engines, encoding schemes, etc. Now we no longer have to worry about that. Rich, reusable interface elements like Web Components can be built using Semantic Web technologies in ways that intermediate developers don’t have to understand but end users can still benefit from. Embedded JSON-LD now allows disparate organizations to communicate complex data sets of arbitrary information through documents without collaboration.
Perhaps the concepts of the Semantic Web initiative are new to you. Or perhaps you have been hearing for years how great technologies like RDF, SPARQL, SKOS and OWL are and have yet to see anything real come out of it.
Whether you are jazzed or jaded, this workshop will blow your mind and provide you with the understanding of a technological shift that is already upon us.
In this workshop, we will:
Explain the Web and Web architecture at a deeper level
Apply Web and Semantic Web technologies in the Enterprise and make them work together
Integrate structured and unstructured information
Create good, long-lived logical names (URIs) for information and services
Use the Resource Description Framework (RDF) to integrate documents, services and databases
Use popular RDF vocabularies such as Dublin Core, FOAF
Query RDF and non-RDF datastores with the SPARQL query language
Encode data in documents using RDFa and JSON-LD
Create self-describing, semantic Web Components
Model and use inferencing with the Web Ontology Language (OWL)
The Web is changing faster than you can imagine and it is going to continue to do so. Rather than starting over from scratch each time, it builds on what has succeeded already. Webs of Documents are giving way to machine-processable Webs of Information. We no longer care about data containers, we only care about data and how it connects to what we already know.
Roughly 25% of the Web is semantically marked up now and the search engines are indexing this information, enriching their knowledge graphs and rewarding you for providing them with this information.
In the past we had to try to convince developers to adopt new data models, storage engines, encoding schemes, etc. Now we no longer have to worry about that. Rich, reusable interface elements like Web Components can be built using Semantic Web technologies in ways that intermediate developers don’t have to understand but end users can still benefit from. Embedded JSON-LD now allows disparate organizations to communicate complex data sets of arbitrary information through documents without collaboration.
Perhaps the concepts of the Semantic Web initiative are new to you. Or perhaps you have been hearing for years how great technologies like RDF, SPARQL, SKOS and OWL are and have yet to see anything real come out of it.
Whether you are jazzed or jaded, this workshop will blow your mind and provide you with the understanding of a technological shift that is already upon us.
In this workshop, we will:
Explain the Web and Web architecture at a deeper level
Apply Web and Semantic Web technologies in the Enterprise and make them work together
Integrate structured and unstructured information
Create good, long-lived logical names (URIs) for information and services
Use the Resource Description Framework (RDF) to integrate documents, services and databases
Use popular RDF vocabularies such as Dublin Core, FOAF
Query RDF and non-RDF datastores with the SPARQL query language
Encode data in documents using RDFa and JSON-LD
Create self-describing, semantic Web Components
Model and use inferencing with the Web Ontology Language (OWL)
Want to use Groovy but don't have time to read all of Groovy in Action? This talk gives you a whirlwind introduction to its capabilities, from basic data types, Groovy strings, POGOs, collections, Groovy SQL, and the Groovy JDK.
Learn the basics of Groovy through code examples, including both scripts and classes. A complete set of test cases is included, as well as a gradle build script to download everything you need and run all the tests.
Want to use Groovy but don't have time to read all of Groovy in Action? Building on the Groovy 101 talk, this presentation reviews features of Groovy that aren't based on simplifying Java. Topics include building and parsing XML and JSON, using the metaclass to enhance existing classes, and Abstract Syntax Tree Transformations like @Delegate, @Immutable, @Canonical, and more.
Learn the basics of Groovy through code examples, including both scripts and classes. A complete set of test cases is included, as well as a gradle build script to download everything you need and run all the tests.
Google “MongoDB is Web Scale” and prepare to laugh your tail off. With such satire, it easy to pass off MongoDB as a passing joke… but that would be a mistake. The humor is in the fact there seems to be no end to those who parrot the MongoDB benefits without a clue. This session is about getting a clue.
Get past the hype and hyperbole associated with NoSQL. This session will introduce MongoDB through live working sessions demonstrating the pros and cons of MongoDB development. The session will then focus on a recent short project focused on large scale. We’ll discuss database design to support high scale read access. Throughout this case study we will discuss the consequences of the MongoDB choice. The session will finish with a review of the production topology to support growth in scale.
Spock is a groovy based testing framework that leverages all the “best practices” of the last several years taking advantage of many of the development experience of the industry. So combine Junit, BDD, RSpec, Groovy and Vulcans… and you get Spock!
This is a significant advancement in the world of testing.
This session assumes some understanding of testing and junit and builds on it. We will introduce and dig deep into Spock as a test specification and mocking tool.
Groovy and the Spring framework are old friends. Spring includes dynamic beans that can be modified while a system is still running, and of course the Grails framework is built on top of Spring MVC. Here we'll illustrate all the ways that Groovy works with Spring, and show how a developer can take advantage of those capabilities right away.
Examples will include using Groovy beans in Spring systems, refreshable beans, inline scripted beans, aspects in Groovy, and even the Grails Spring bean builder.
Build a Grails application from start to finish in this half-day workshop. We'll start with domain classes, apply constraints, add controllers and services, apply both unit and integration tests, and then add additional functionality through plugins.
This rapid introduction to Grails will take advantage of the newest features of Grails 2.0 using the interactive scripts and db console. In addition to building an application, existing samples will be reviewed as a source of good practices and plugins.
Some knowledge of Groovy is assumed but not required.
Software:
Unzip the Grails distribution, set a GRAILS_HOME variable to its location, and add the bin subdirectory to your path.
As an alternative installation mechanism, please consider GVM, located at http://gvmtool.net . That will allow you to switch Grails version with a single command. It works for Macs and Unix flavors, as well as Windows through Cygwin.
No IDE is required, but if you want to use one, consider Groovy and Grails Tool Suite. The current version is 3.3.0 and can be downloaded from http://grails.org/products/ggts. IntelliJ IDEA has Grails support in its Ultimate edition only. NetBeans also has Grails support.
Build a Grails application from start to finish in this half-day workshop. We'll start with domain classes, apply constraints, add controllers and services, apply both unit and integration tests, and then add additional functionality through plugins.
This rapid introduction to Grails will take advantage of the newest features of Grails 2.0 using the interactive scripts and db console. In addition to building an application, existing samples will be reviewed as a source of good practices and plugins.
Some knowledge of Groovy is assumed but not required.
Software:
Unzip the Grails distribution, set a GRAILS_HOME variable to its location, and add the bin subdirectory to your path.
As an alternative installation mechanism, please consider GVM, located at http://gvmtool.net . That will allow you to switch Grails version with a single command. It works for Macs and Unix flavors, as well as Windows through Cygwin.
No IDE is required, but if you want to use one, consider Groovy and Grails Tool Suite. The current version is 3.3.0 and can be downloaded from http://grails.org/products/ggts. IntelliJ IDEA has Grails support in its Ultimate edition only. NetBeans also has Grails support.
Why is Clojure the best new language on the JVM? Come to this session and see why this functional, dynamic Lisp is the best thing on the JVM since Java.
Clojure is the most interesting new language on the horizon, but many developers suffer from the Blub Paradox when they see the Lisp syntax. This talk introduces Clojure to developers who haven't been exposed to it yet, focusing on the things that truly set it apart from other languages. I discuss all of Clojure's syntax (in about 10 minutes), then delve into fascinating features like destructuring, building macros like thread-first
and thread-last
, the Atomic Succession Model of Concurrency, Clojure's use of Protocols
to organize code and solve The Expression Problem, and many more cool features. Come see why some of our most sophisticated projects are using Clojure.
Emergent design is a big topic in the agile architecture and design community. This session covers the theory behind emergent design and shows examples of how you can implement this important concept.
This session describes the current thinking about emergent design, discovering design in code. The hazard of Big Design Up Front in software is that you don't yet know what you don't know, and design decisions made too early are just speculations without facts. Emergent design techniques allow you to wait until the last responsible moment to make design decisions. This talk covers four areas: emergent design enablers, battling things that make emergent design hard, finding idiomatic patterns, and how to leverage the patterns you find. It includes both proactive (test-driven development) and reactive (refactoring, metrics, visualizations, tests) approaches to discovering design, and discusses the use of custom attributes, DSLs, and other techniques for utilizing them. The goal of this talk is to provide nomenclature, strategies, and techniques for allowing design to emerge from projects as they proceed, keeping you code in sync with the problem domain. This talk shows lots of examples of how to make this concept work in your environment.
Alistair Cockburn has described software development as a game in which we choose among three moves: invent, decide, and communicate. Most of our time at No Fluff is spent learning how to be better at inventing. Beyond that, we understand the importance of good communication, and take steps to improve in that capacity. Rarely, however, do we acknowledge the role of decision making in the life of software teams, what can cause it to go wrong, and how to improve it.
In this talk, we will explore decision making pathologies and their remedies in individual, team, and organizational dimensions. We'll consider how our own cognitive limitations can lead us to to make bad decisions as individuals, and what we might do to compensate for those personal weaknesses. We'll learn how a team can fall into decisionmaking dysfunction, and what techniques a leader might employ to healthy functioning to an afflicted group. We'll also look at how organizational structure and culture can discourage quality decision making, and what leaders to swim against the tide.
Software teams spend a great deal of time making decisions that place enormous amounts of capital on the line. Team members and leaders owe it to themselves to learn how to make them well.
Domain Specific Langauges seems like a cool idea, but where's the payoff? This talk provides an overview of how to build both internal and external DSLs (including the state of the art tools), stopping along the way to show how this is practical to your day job.
This talk defines of DSLs (Domain Specific Languages), distinguishes the types of DSLS (internal and external), and shows examples of building DSLs of several kinds. It shows how to utilize DSLs for externalizing configuration (which you're already doing, whether you realize it or not), how to make your code readable to humans, how DSLs make developer tools better (and how to use DSL techniques to build your own tools), and how DSLs can provide your users unprecedented flexibility and power, by building DSLs customized to their job. This talk provides a good foundation for the subject if you've never seen anything about it, but keeps the focus on practical goals.
When it comes to cross cutting software concerns, we expect to have or build a common framework or utility to solve this problem. This concept is represented well in the Java world with the loj4j framework, which abstracts the concern of logging, where it logs and the management of logging. The one cross cutting software concern which seems for most applications to be piecemeal is that of security. Security concerns include certification generation, SSL, protection from SQL Injection, protection from XSS, user authorization and authentication. Each of these separate concerns tend to have there own standards and libraries and leaves it as an exercise for the development team to cobble together a solution which includes multiple needs…. until now… Enterprise Security API library from OWASP.
This session will look at a number of security concerns and how the ESAPI library provides a unified solution for security. This includes authorization, authentication of services, encoding, encrypting, and validation. This session will discuss a number of issues which can be solved through standardizing on the open source Enterprise Security API.
This session will teach you best practices and patterns for doing Continuous Delivery / Continuous Deployment in Cloud environments. You will learn how to handle schema migrations, maintain dev/prod parity, manage configuration and scaling.
This session will use Heroku as an example platform but the patterns could be implemented anywhere.
For decades object-oriented programming has been sold (perhaps over sold) as the logical programming paradigm which provides “the way” to software reuse and reductions in the cost of software maintenance as if it comes for free with the simple selection of the an OO language. Even with the renewed interests in functional languages, the majority of development shops are predominately using object-oriented languages such as Java, C#, and Ruby. So most likely you are using an OO language… How is that reuse thing going? Is your organization realizing all the promises? Even as a former Rational Instructor of OOAD and a long time practitioner, I find great value in returning to the basics. This session is a return to object-oriented basics.
This session is intended to balance the often-touted theoretical object-oriented practices with lessons from the real world. The session will start with a review of some of the basics regarding abstractions and encapsulation. Although simple concepts, we will push the boundary of how these techniques are applied. We will discuss the difference between analysis and design and how that is reflected in our code. We will also look at the limitations of Java the language as outlined in Josh Block’s book “Effective Java”. The session will go past the basics of object-oriented principles and into what our true goals of development really are.