Ken Sipe

By Ken Sipe

As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.

This training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.

The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.

Attendees will come away with the following skills / capabilities: - threat modeling - security audit plan - introduction to Pen testing - key / certificate management - fixing web application security issues

Don't be the weakest link on the web!

By Ken Sipe

"To say of what is that it is not, or of what is not that it is, is false, while to say of what is that it is, and of what is not that it is not, is true" -- Aristotle

This talk is a fun look at what is true, or what we think is true... how we know what we know or think we know and what it depends on. Through the evening we will learn about every day dichotomies that can lead to black and white thinking. We will use a dichotomous key to learn such things as; is a tomato a vegetable or a fruit? Is a carrot a vegetable or a fruit? As we reveal the truth, we will see how the perceived norms of the world are broken and in what way they are broken. With this new found knowledge we will discuss how to detect it and correct it. These are the foundational skills of the master craftsman... and that's the truth!

By Ken Sipe

Spock is a groovy based testing framework that leverages all the "best practices" of the last several years taking advantage of many of the development experience of the industry. So combine Junit, BDD, RSpec, Groovy and Vulcans... and you get Spock!

This is a significant advancement in the world of testing.

This session assumes some understanding of testing and junit and builds on it. We will introduce and dig deep into Spock as a test specification and mocking tool.

Prerequisite: junit

By Ken Sipe

How does your team handle release weekend? Is it the whole weekend? Is everyone on call? Is there a way to reverse the decision mid-stream?... How long would it take your company or team to push a single line code fix from dev into production? Way too many organizations handle the production release through manual and tedious labor following a lengthy to-do check list. Way too many organizations have no way to reproduce their production environment... because they have manually changed or updated configurations without version control... or they have OS or application server paths that are not under proper management.

What if you could "test" your production release before production? One of the answers to the last mile of continuous delivery is GLU. GLU is an open source project for deployment automation. It was created by one of the co-founders of LinkedIn (Yan Pujante) for automation of LinkedIn's deployment automation.

This session is a basic tutorial, walking through the configuration of a deployment out to multiple services. We will work through serial and parallel deployments, ensuring consistency and detecting problems. This session should be a sufficient introduction to walking through: 1) installation, 2) configuration, 3) multi-server deployments 4) manual updates and 5) automated updates

By Ken Sipe

Of all the non-functional requirements of software development, complexity receives the least attention and seems to be the most important from a long term standard point. This talk will look at some of forces that drive complexity at the code level and at a system level and their impact. We will discuss what causes us to over look complexity, how our perception of it changes over time and what we can do about it?

In this session we will break down the meaning of complexity and simplicity and measure the application of those means against the common software development dogma. Looking at common development trends and pressures, we'll discuss where simplify does and doesn't help. We will examine areas of development which at first glance seem to be simple (such as the creation of an equals method in Java), that end up being difficult or impossible based on normal constraints. We will example the drivers of complexity with some discussion on what you can do about it. This session will finish with a discussion around several challenges to high scale software architectures and how to keep it simple.

By Ken Sipe

The net has cracks and crackers are among us. With all the news of security failures, it can be a challenge to know what is FUD and what is really at risk and to what extent. This session isn’t about hacking an application together nor is it about coding a solution. It is about looking at the network and network infrastructure and understanding some of its weaknesses. This workshop is a 50% mix of lecture / discussion and hands on attacking in order to best understand the challenges.

The labs will require the use of: - a virtual machine with BackTrack 5 - a wifi adaptor - and a laptop.

We will have ISO installations of BackTrack 5 for you to install on your VM. It is best if you have this pre-installed, it can be downloaded at http://www.backtrack-linux.org/ . In order to run backtrack, you will want to install this to a virtual machine, if this is new to you, pick up virtualbox or vmware.

The wifi adaptor needed is an Alfa AWUS036H or Alfa AWUS036NHA. You will need 1 of these external adaptors. There are ~ $30 at amazon.

Through the labs we will: - Disassociate wireless traffic - Crack a WEP key - Learn to break through a WPA device - Scan for open ports

By Ken Sipe

Google “MongoDB is Web Scale” and prepare to laugh your tail off. With such satire, it easy to pass off MongoDB as a passing joke… but that would be a mistake. The humor is in the fact there seems to be no end to those who parrot the MongoDB benefits without a clue. This session is about getting a clue.

Get past the hype and hyperbole associated with NoSQL. This session will introduce MongoDB through live working sessions demonstrating the pros and cons of MongoDB development. The session will then focus on a recent short project focused on large scale. We’ll discuss database design to support high scale read access. Throughout this case study we will discuss the consequences of the MongoDB choice. The session will finish with a review of the production topology to support growth in scale.