thoughtworks technology radar roadshow - perth
TRANSCRIPT
8
ADOPT 1. Consumer-driven contract testing NEW
2. Focus on mean time to recovery 3. Generated infrastructure diagrams NEW 4. Structured logging
TRIAL 5. Canary builds 6. Datensparsamkeit 7. Local storage sync 8. NoPSD 9. Offline-first web applications NEW 10. Products over projects NEW 11. Threat Modelling NEW
ASSESS 12. Append-only data store 13. Blockchain beyond Bitcoin 14. Enterprise Data Lake 15. Flux NEW 16. “git-based CMS” NEW 17. Phoenix environments NEW 18. Reactive architectures NEW
HOLD 19. Long lived branches with Gitflow 20. Microservice envy 21. Programming in your CI/CD tool 22. SAFe™ 23. Security sandwich 24. Separate DevOps team
TECHNIQUES
CONSUMER DRIVEN CONTRACTS - STAGES
14
Backend — API
Frontend — Consumer
Unit Integration Staging DeploymentContract
Unit Integration Staging DeploymentContract
CONSUMER DRIVEN CONTRACTS - STAGES
15
Backend — API
Frontend — Consumer
Unit Integration Staging
Deployment
Contract
Contract
Unit Integration Staging DeploymentContract
CONSUMER DRIVEN CONTRACTS - STAGES
16
Backend — API
Frontend — Consumer
Unit Integration Staging
Deployment
Contract
Contract
Unit Integration Staging DeploymentContract
17
ADOPT 1. Consumer-driven contract testing NEW
2. Focus on mean time to recovery 3. Generated infrastructure diagrams NEW 4. Structured logging
TRIAL 5. Canary builds 6. Datensparsamkeit 7. Local storage sync 8. NoPSD 9. Offline-first web applications NEW 10. Products over projects NEW 11. Threat Modelling NEW
ASSESS 12. Append-only data store 13. Blockchain beyond Bitcoin 14. Enterprise Data Lake 15. Flux NEW 16. “git-based CMS” NEW 17. Phoenix environments NEW 18. Reactive architectures NEW
HOLD 19. Long lived branches with Gitflow 20. Microservice envy 21. Programming in your CI/CD tool 22. SAFe™ 23. Security sandwich 24. Separate DevOps team
TECHNIQUES
19
TOOLSADOPT 48. Composer 49. Go CD 50. Mountebank 51. Postman
TRIAL 52. Boot2docker 53. Brighter NEW 54. Consul
55. Cursive 56. Gitlab 57. HAMMS NEW
58. IndexedDB 59. POLLY NEW 60. Rest-assured NEW 61. Swagger 62. Xamarin 63. ZAP NEW
ASSESS 64. Apache Kafka NEW 65. Blackbox 66. Bokeh/Vega NEW 67. Gor NEW 68. NaCL NEW 69. Origami NEW 70. Packet beat 71. pdfmake NEW 72. PlantUML NEW 73. Prometheus NEW 74. Quick NEW 75. Security Monkey NEW
HOLD 76. Citrix for development
SECURITY AWARENESS AMONG SENIOR DEVELOPERS*
21*Source: http://jemurai.com/developer-survey-1-results-part-2.html
37% think security isa small concern
8% think it is a top concern
67%
haver never heard of OWASP, OWASP top 10, or
CWE top 25
25%
of projects reported had security training, pen test or security embedded in
development
Overwhelmingly, the only security practices in place are manual code and design reviews.
OWASP ZED ATTACK PROXY
22
The Main Features
All the essentials for web application testing
■ Intercepting Proxy
■ Active and Passive Scanners
■ Traditional and Ajax Spiders
■ WebSockets support
■ Forced Browsing (using OWASP DirBuster code)
■ Fuzzing (using fuzzdb & OWASP JBroFuzz)
■ Online Add-ons Marketplace
Browser configured to use proxy
Browser
Primary OS
Web Proxy
Your Computer
VM
Web Server
Browser Web Proxy
Web Server
http://www.slideshare.net/dgsweigert/using-the http://www.slideshare.net/tabaradetestare/owasp-2013-zapquickintro
PROTECTING DEV SECRETS WITH BLACKBOX
Git Repo
Keys
Shhhh
secret
ShhhhBlackbox
Repo seen by all
Secrets readable by few
25
TOOLSADOPT 48. Composer 49. Go CD 50. Mountebank 51. Postman
TRIAL 52. Boot2docker 53. Brighter NEW 54. Consul
55. Cursive 56. Gitlab 57. HAMMS NEW
58. IndexedDB 59. POLLY NEW 60. Rest-assured NEW 61. Swagger 62. Xamarin 63. ZAP NEW
ASSESS 64. Apache Kafka NEW 65. Blackbox 66. Bokeh/Vega NEW 67. Gor NEW 68. NaCL NEW 69. Origami NEW 70. Packet beat 71. pdfmake NEW 72. PlantUML NEW 73. Prometheus NEW 74. Quick NEW 75. Security Monkey NEW
HOLD 76. Citrix for development
28
LANGUAGES & FRAMEWORKS
ADOPT 77. Nancy
TRIAL 78. Dashing 79. Django Rest 80. Ionic Framework 81. Nashorn 82. Om 83. React.js 84. Retrofit 85. Spring Boot
ASSESS 86. Ember.js NEW 87. Flight.js 88. Haskell Hadoop library 89. Lotus 90. Reagent 91. Swift
HOLD 92. JSF
30
BUILDING YOUR MICROSERVICES - DJANGO REST
Build restful APIs for Python with Django
Can build your microservices for you in Python
Has authentication schemes out of the box.
Browsable web API to visualize data and responses for the different APIs.
31
BUILDING YOUR MICROSERVICES - SPRING BOOT
Easy setup of standalone Spring-based applications
Can build your microservices with easy deploy
Has hibernate mappings so data access simplified
Caution: Has a significant number of dependencies
33
FRAMEWORKSADOPT 77. Nancy
TRIAL 78. Dashing 79. Django Rest 80. Ionic Framework 81. Nashorn 82. Om 83. React.js 84. Retrofit 85. Spring Boot
ASSESS 86. Ember.js NEW 87. Flight.js 88. Haskell Hadoop library 89. Lotus 90. Reagent 91. Swift
HOLD 92. JSF
35
PLATFORMSADOPT TRIAL 25. Apache Spark NEW 26. Cloudera Impala NEW 27. DigitalOcean 28. TOTP Two-Factor Authentication
HOLD 45. Application Servers NEW 46. OSGi 47. SPDY NEW
ASSESS 29. Apache Kylin NEW 30. Apache Mesos 31. CoreCLR and CoreFX NEW 32. CoreOS 33. Deis NEW 34. H2O NEW 35. Jackrabbit Oak 36. Linux security modules 37. MariaDB 38. Netflix OSS Full stack 39. OpenAM 40. SDN 41. Spark.io 42. Text it as a service / Rapidpro.io 43. Time-series Databases NEW 44. U2F
36
PLATFORMS
33 DEIS
30 APACHE MESOS
32 COREOS45APPLICATION SERVERS
Deployment architectures keep evolving.
THE RISE OF DOCKER
37
http://blog.docker.com/2014/11/docker-governance-advisory-board-output-of-first-meeting/
GitHub Stars by Date and Project Config Management GitHub Totals
DEIS: DOCKER-BASED PAAS — ANYWHERE
39http://docs.deis.io/en/v0.9.0/gettingstarted/architecture/
Developer Application Consumers
Load Balancer
Controller Load Balancer
Cluster (Test)
ContainersScheduler Router
Cluster (Dev)
ContainersScheduler Router
Cluster (Prod)
ContainersScheduler Router
Monitoring Logging Backing Services
Containers
Containers
Containers
Containers
Containers
Containers
Router
Router
Router
APACHE MESOS
40http://abhishek-tiwari.com/post/building-distributed-systems-with-mesos
batch services Workloads
Apps
Frameworks
Kernel
DFS
Cluster
C++ BASH Python
Scalding Impala Shark MySQL Kafka JBoss Django Rails
MPI Hadoop Spark Storm
Marathon
Chronos
RubyPythonJVMC++
distributed file system
distributed resources: CPU, RAM, I/O, FS, rack locality, etc.
42
PLATFORMSADOPT TRIAL 25. Apache Spark NEW 26. Cloudera Impala NEW 27. DigitalOcean 28. TOTP Two-Factor Authentication
HOLD 45. Application Servers NEW 46. OSGi 47. SPDY NEW
ASSESS 29. Apache Kylin NEW 30. Apache Mesos 31. CoreCLR and CoreFX NEW 32. CoreOS 33. Deis NEW 34. H2O NEW 35. Jackrabbit Oak 36. Linux security modules 37. MariaDB 38. Netflix OSS Full stack 39. OpenAM 40. SDN 41. Spark.io 42. Text it as a service / Rapidpro.io 43. Time-series Databases NEW 44. U2F
43
Evan Bottcher
@evanbottcher
Brain Leke Betechuoh
@BrianLekeBrian
thoughtworks.com/radar