DeveloperWeek OPEN STAGE 2
Thursday, February 18, 2021
In this talk we will demo an optimized PDF workflow using pdfOCR to recognize data in PDF documents, and pdf2Data to extract selected data from your OCR search. The beauty of using pdf2Data in this way is it can pick up exactly where pdfOCR leaves off, allowing you to both recognize and extract all kinds of data from PDF documents that would otherwise be inaccessible.
pdf2Data is our iText 7 add-on for smart data extraction from PDF documents. It’s tailored especially for extracting hard to reach data locked inside PDFs, and it fits neatly into the iText 7 ecosystem. The cherry on top? Anyone can quickly create a template for data extraction using the sleek user interface, with no need to tediously define document structures programmatically. Let the template designer assist you in creating your data extraction templates; no coding required!
If you haven’t tried it already, we’d like to give you a quick tour of its capabilities, while also demonstrating how it’s a great companion for our pdfOCR add-on.
How confident are you that your code—including any 3rd party code your team brought in—is running in a secure and compliant manner before you deploy to production?
Imagine this - your developers check-in code for a new feature. It includes pieces of code your team wrote and pieces of code from a 3rd party. The code passes SAST & SCA and you deploy it to production. A day later, your production server is breached...and the attacker leveraged a bug in your code that caused privilege escalation and was able to become root.
In today’s microservices-containers/Kubernetes/Docker-DevOps world, a static code scanner isn't sufficient. You need RUNTIME observability into the application’s security, privacy, and compliance. Your developers need to know if their code or a 3rd party’s code can cause issues at runtime.
This panel of RUNTIME observability and security developers and experts will discuss the what, why, and how DeepFactor’s Continuous Observability platform:
- Automatically observes more than 170 parameters—across system call, library, network, web, and API behaviors in every thread of every process in every running container of your application—and detects security and compliance risks in your CI pipeline
- Detects insecure behaviors that only manifest at runtime and cannot be caught with code scanning or just looking at known CVE databases
- Reduces alert volume by prioritizing the findings of your SCA tools with runtime insights from observability tools
- Empowers Engineering leadership to accelerate productivity and decrease mean-time-to-remediate (MTTR) security and compliance risks pre-production as their teams ship secure releases on schedule
You’ll leave this session armed with the knowledge to immediately leverage continuous observability to consistently deploy apps with confidence.
Not too long ago, a reactive variant of the JDBC API was released, known as Reactive Relational Database Connectivity (R2DBC). While R2DBC started as an experiment to enable integration of SQL databases into systems that use reactive programming models, it now specifies a robust specification that can be implemented to manage data in a fully-reactive and completely non-blocking fashion.
In this session, we’ll briefly go over the fundamentals that make R2DBC so powerful. We'll keep light on the slides so that we can jump directly into application code to get a first-hand look at the recently released R2DBC client from MariaDB. From there we'll examine how you can take advantage of crucial concepts, like event-driven behavior and backpressure, that enable fully-reactive, non-blocking interactions with a relational database.
Historically, data security has been an afterthought — something that others handle; the IT team will handle it after our software goes live, the client will handle it with hardware. In today’s environment of large-scale data breaches, data security as an afterthought is too little too late.
Application and data security should be part of every design and product roadmap discussion just like functionality, stability and user experience. The more mobile the data needs to be, the more agile the solution needs to be. By shifting security conversations to early in the product development lifecycle instead of after code has already been released, software organizations can save money, better differentiate their offerings and scale more effectively in the long run. This session will discuss important design considerations for application-level security and how to select tools and methods that support your software architecture instead of dictating it.
If you are building applications today, you are probably using either cloud or Kubernetes ... or both! As a result, we are entering an era that we don’t have to make complex architecture decisions by weighing tradeoffs on scale, uptime, and usability. Patrick McFadin has been building and supporting scale applications for a long time and has seen all the evolution that has brought us to today. Engineer to engineer, Patrick wants to show you his journey into this world and what he’s been doing at DataStax and the Apache Cassandra project to help make it a reality. Here’s what he’ll cover.
-How you can shorten application development time and ship code fast
-The role of open source in this next wave of modern application development
-Ways to participate in this fast-moving community of data services
-How you can futureproof your code and be ready for the next big thing
In this session, we’ll explore how to secure your delivery pipelines, from development to deployment with key learnings including:
- Combining continuous packaging with integration & delivery.
- Applying holistic security principles across the whole value stream.
- Using infrastructure-as-code techniques to build, stage, and deploy.
Creating consistent, quality APIs is a tough job, especially as ecosystems move past 100 APIs and beyond. API Style Guides can help, but developers rarely read them, and those that do don't always remember everything. API Design Reviews and Governance tooling is maturing to help solve this, automating API Style Guides allowing teams to introduce new guidance over time. Learn how to roll this out at your company easily.
The low-code movement is creating a lot of buzz. In this workshop, hear about how no/low-code identity verification is making compliance and fraud prevention more cost-effective and accessible.
-How no/low-code solutions can be easily implemented by anyone, including non-technical entrepreneurs
-Why identity verification is making cross-border KYC and fraud mitigation faster with less friction
-How an identity platform streamlines verification workflows by leveraging multiple identity solutions and a network of single-point data sources
Friday, February 19, 2021
With the average enterprise organization consuming thousands of APIs, it has become increasingly challenging for developers to locate or socialize created APIs. It is even more difficult for organizations to manage their API collections. Even companies are now offering to socialize business partner’s APIs to their customers in order to create microservices, complex integrations, and product solutions.
IBM’s answer to this problem is the IBM API Hub. This essential API hub offering allows for managing friction, preventing resource duplication, and breaks silos. It provides a single place for organizations to publish and share created APIs in an easy discoverable, searchable, highly available, and curated environment.
In this session, learn about the key attributes of the IBM API Hub. Explore the consumer experience and its low barrier of entry for any API Provider. Discover how IBM Sterling has created an all new enriched experience for their developers using the IBM API Hub. Try out the IBM API Hub yourself with a full set of API consumer features and functionality.
The task at hand: brief your executives and the board on the progress you’ve made this quarter. Business execs and board members want to see what it is your team is doing, or whether and why you are or are not doing whatever is in their head. This can be tough when it comes to engineering. You may know how your team is performing, and you know what they’re doing, but it can be a challenge to present this to the business and board members. What topics should technical leaders cover, and how should they present those topics to answer the board’s questions even before they’re asked?
Andrew Lau, engineering leader turned CEO of Jellyfish has experienced these presentations from both sides. In this session, he’ll walk through:
- Why engineering leaders can and should be more influential in executive decision-making
- The most important topics that your board will want to hear about
- How and where to find the data
- How to present it in ways that will resonate with business executives
The networked software systems we build are increasing in complexity every moment. From the abstractions of cloud hosting and inherited libraries to container scheduling and third-party vendors, the turtles go all the way around!
Today the most successful builders and operators are embracing complexity through CI/CD, Chaos Engineering, and innovation in Incident Response. They realize that the adaptive world around us is advancing at such a breakneck speed, it is leaving our capacity to understand it in the dust. That humans and technology must race a gauntlet of automation surprises and collaboration challenges as a team, learning and improving along the way.
This session showcases methods of deploying, running, and navigating complexity. It offers a practical view of how software systems can scale and remain robust to failure (like fallbacks or high-availability), achieve highly reliable socio-technical operations (via runbooks and game-days), and adapt to surprise through techniques of resilience engineering (graceful extensibility and building for adaptation).
Are you struggling with security testing of your APIs, web-services or cloud-native applications? Are you looking for new ways to test security without impacting velocity? Would you like to get visibility into sensitive data that your application handles? If answer to any of these questions is yes, allow us to introduce you to new and unique ways to perform security testing. In this session, we will give you an overview of developer friendly security test tools from Synopsys for unparalleled accuracy and visibility into application vulnerabilities with remediation guidance and just-in-time contextual training to help your developers with remediation effort to improve your application security posture.
Serverless cloud technologies have been around for some time now and most of us know the benefits include simpler management and pay-per-use billing. There are additional benefits on top of these, however, adoption of this technology is not as straightforward as other cloud transition strategies. In this talk, we explore the advantages of serverless technologies, highlight the architectures that support them, and discuss the challenges of adoption.
As we go through these points you will hear from an organization that has embraced Serverless technology and are well on their journey towards full adoption. You will hear about the reasons they selected serverless, the challenges they faced while adopting the serverless mindset, and how they overcome these challenges.