DeveloperWeek OPEN STAGE 3
Thursday, February 18, 2021
Runtime security for containers, Kubernetes and cloud native isn't for the faint of heart. To confidently secure your applications, you need a recipe. And, much like the one grandma used for her consistently amazing chocolate chip cookies, the one you get from this session will guarantee your security success.
In this session, Scott Surovich and POP will share practical experience and excerpts from Scott's new book Kubernetes and Docker - An Enterprise Guide. They’ll share the key ingredients for tooling that provides an engine, ruleset, and outputs that fit real-world scenarios.
They will cover:
- An introduction to CNCF open source project Falco for runtime security of applications/ cloud native infrastructure
- Real world use cases of Falco with a short demo showing rulesets and outputs valid for your business
- A primer to how to contribute your own capabilities to Falco
- A kickass chocolate chip cookie recipe to wow your friends and family
Context switching between your IDE, Github.com, JIRA, Terminal, and Slack is no way to optimize collaboration and it results in countless hours of distraction and lack of focus, hurting code quality. Team alignment and productivity depend on just the right mix of collaboration and staying in the zone. Extensible IDEs are opening the door to great innovation in developer workflow. Turning the IDE into the true Hub of the development flow is the best way to integrate the essential tools into a cohesive and streamlined process. In the future, your code host, issue tracker and messaging app will be placed where they belong: In your editor. Here we will discuss how such an integration should happen, and we will spell out the benefits that accrue to the individual developer, the team and the organization.
Shifting Application Security Left and into the hands of developers has been a topic of discussion, but remains just that, a discussion. Legacy solutions in the market are not built from the ground up to enable this and achieve DevSecOps. In this session we will discuss the key features that your AppSec testing tools need to enable shift left, or shift everywhere, to empower developers to detect, prioritise and remediate security issues EARLY, as part of your agile development and unit testing processes, without slowing down DevOps. The talk will include specific examples from leading organizations that have deployed these solutions, the business impact they have achieved and the steps you can take to achieve the same, across your applications and APIs
The role of the developer continues to change as they sit on the front line of application and even cloud infrastructure security. Today, developers are focused on innovating fast and improving security, but how do high-performing teams accomplish this? They commit code frequently, release often and update dependencies regularly (608x faster than others).
In this webinar, we discuss the key traits of high-performing teams and how that impacts the role of the developer.
Choose the best third party dependencies
Determine the lowest effort upgrades between open source versions
Solve for issues in both direct and transitive dependencies with a single-click
Block and quarantine suspicious open source components
OPEN TALK: Accelerating to Escape Velocity: Migrating Applications to the Cloud with Programmable Data Infrastructure
Building on its rich history of innovation, Choice Hotels used a cloud-first approach to accelerate innovation and battle digital-native competitors.
To escape the gravitational pull of data and make the cloud promise a reality, Choice Hotels brought on an API-first programmable data infrastructure platform to automate data compliance and data delivery. By doing so, the organization broke down data silos, allowing software teams to significantly improve the quality and speed of application testing and development.
In this fireside chat with Jason Simpson, VP of Engineering at Choice Hotels, you’ll discover:
Learnings from a migration of hundreds of applications from legacy systems to Amazon Web Services (AWS)
Insights on leveraging data to minimize the risk of outages and delivering a frictionless experience for customers and franchisees across platforms
Reaping the scalability of cloud to manage unexpected business shifts including impacts from COVID-19
Perspectives on how Programmable Data Infrastructure can be leveraged for Migration, CI/CD Acceleration and even Service Restoration with APM Integration
Speakers: Jason Simpson, VP of Engineering at Choice Hotels & Alex Hesterberg, Chief Customer Officer at Delphix
Observability, instrumentation, telemetry--what does it all mean? This introduction to observability is for software practitioners who want to better understand the health of their production systems. Learn how to generate better data and gain new insights. You'll walk away ready to use observability to level up everyone on your team!
We’re quickly becoming better at building software. The increased adoption of microservices architectures and the move to open source are evidence of this. But, we’re not really that much better at fixing it. Finding and remediating bugs is a drain on developers’ time and productivity. We’re reliant on tools that tell us about the stability of our infrastructures. But with more lines of code being written today than the day before, it’s not enough. Teams are getting too much noise and false signals, creating alert fatigue. Developers spend too long investigating issues, struggle to prioritize what needs fixing, and become less productive.
How we build, test, deploy, and release has become more complex, so finding the root cause of errors has become harder. More contextual information is needed to quickly pinpoint where it’s occurring and better error signals can help reduce the noise by grouping together similar root causes which, in turn, alleviates alert fatigue. Plus, bugs should get resolved before users complain, which is still the top way companies find out about bugs despite all the tools they have in place.
And all of this is happening as companies embrace faster deployment models like CI/CD. It’s why the shift left movement is happening, to move testing earlier in the process to catch issues earlier. But what if you could shorten testing cycles and still catch errors before users do?
In this session, you’ll learn:
* Why developers need to be focused on continuously improving code, and not just observability
* How to boost developer productivity by spending less time debugging
* How to catch errors before users report them
How do you build increasingly better APIs? It’s easier than you may think! In this session, we will talk about how to build better APIs with API management and show the key advantages of using APIM to drive your API development. We will cover the basics of APIM features and some of the use cases for these features. Including: Rate limiting
Whether you are looking to provide better service for your users, better reporting and metrics for your stakeholders, or to help your support team to become more efficient at supporting your API portfolio, stop in to see how API management can power these improvements.
Friday, February 19, 2021
In this session, Blue Hexagon and AWS present AI-powered cloud-native security for near real-time threat detection and response, deep visibility into cloud configuration and workloads, and achieving compliance with industry-standards. Delivered agentless and managed as code, this technology greatly reduces the burden of deployment and management of an effective security posture against adversaries, even as DevOps teams build and deploy business workloads at an agile pace.
Cloud and Kubernetes adoption led to greater container usage in 2020. Staying up-to-date with the latest trends in security and monitoring for Kubernetes and container environments is more important than ever.
In this session, you’ll hear real-world examples of nearly one billion unique containers deployed in today’s modern global enterprises. You’ll walk away with new knowledge about:
- How organizations are dealing with container security concerns
- Interesting shifts in runtime and registry usage
- Usage trends that impact container security
- Practices others are using to to run containers with greater confidence
- Trends in lifespan and density as container usage matures
After a long evolution, the browser has become a programmable client that lives in a globally connected world of APIs. This combination of a ubiquitous client with a sea of serverless APIs and the emergence of APIs with advanced security features have enabled the new, client-serverless application model. In such a model, we slowly move away from three-tier applications. In three-tier applications, APIs were typically guarded by the backend. In client-serverless, clients are rapidly taking on a more central role, where clients become responsible for gathering their data services directly from the data source. Needless to say, this reduces complexity, but also brings an entirely different security model which SaaS providers will need to prepare for.
Are you ready to say goodbye to your application backlog, and hello to developing apps at lightning speed? Look no further than progressive web apps.
Progressive web apps (PWAs) are web apps that provide end-users with a frictionless experience while still offering the features of the native-like applications they know and love. Some of the key benefits of PWAs include cross-platform, independent distribution, no installation, and offline capabilities.
In this session, Rui Barbosa, Developer Advocate at OutSystems, will demonstrate how to quickly build a mobile application from scratch and immediately distribute it using PWA technology. See how the OutSystems platform can empower you to become a world-class problem solver!
As distributed systems grow bigger they have become more complex and harder to manage. The amount of data coming out of these microservices based applications is more than any human, or even group of humans, can process on their own. Because of this, AIOps is essential for proper management of all the Observability data points.
With a look into the AIOps space, there are many different options to choose from. And, those choices are not just limited to products and companies. A bigger challenge is to understand the different routes to implement data gathering. Domain-Centric or Domain-Agnostic are the two main approaches.
In this presentation I’ll walk down the road of issues, how they can be solved, and take a quick tour into the differences of Domain-Centric and Domain-Agnostic approaches, as well as their pros or cons.
Picture yourself flying First Class. You board the plane first, you get champagne, and you feel as though you’re the most important. Why not treat your APIs the same way? Join FireHydrant’s CEO and Co-Founder, Robert Ross, for this session where he’ll share why putting your APIs first can be a game-changer for your business.
In this session we’ll discuss:
- The benefits of building your API first and how it can pay dividends in the long haul
- The different types of APIs and which choice is the right choice
- The importance of hosting API documentation