Chris Holland leads a small Software Engineering Team at an HR company. Throughout a career spanning more than 20 years, Chris has held Sr. Engineering and Leadership roles for small and large successful publicly-traded companies such as EarthLink and Internet Brands, serving business models across Content, Commerce, Travel & Finance on a wide variety of technology stacks including PHP/LAMP, Java/J2EE and C#/.Net, catering to audiences over 100 million monthly visitors.
Change is Software's greatest threat, and its defining characteristic. Disagree? How's that Agile Transformation going for you?
We will explore this cognitively-dissonant statement as we investigate the challenges that we've faced, how we continue to fail to address them, and what we can do tame this raucous beast.
To do this, we will study the most ambitious, most expensive computing system built by the United States military in the post cold-war era of the 1950s, looking at the challenges they faced, and the choices they made to overcome them.
We will then explore how many of those choices were carried-over to modern-day software engineering throughout the 1990s until we, as an industry, decided to free ourselves from the shackles of certain self-imposed limitations.
In doing so, we got ourselves into different sorts of troubles. We will explore what they are and how some of us have chosen to overcome them.
Explore effective methods to identify & avoid the most common and devastating security pitfalls in Web Applications.
When it comes to an enterprise's exposure to security vulnerabilities, one could easily argue that its web presence is by far its greatest threat. There are many ways to build vulnerable applications and a few effective ways to "build them right". We'll instrument you to stay on right side of this equation.
Basic Resources and Tooling
* We'll look at the OWASP Top 10
* Open-Source Code Analysis for your CI/CD
* Open-Source Security Scanning
Low-level Threat Avoidance
* Avoiding SQL Injections -- Dangers of not properly-using an ORM
* Avoiding CSRF
* Avoiding XSS --- Data Scrubbing --- Data Rendering
Application Threat Avoidance
* User Authentication / Password Hashing
* OAuth Security
* Resource Access -- Multi Tenancy: Users & Companies
Imagine building an application without having to mess with a Web Browser, a REST client or a MySQL client. What if you could build full-blown functionality with realistic data operations within the comfort of a Unit Test Harness?
What if this meant shipping code earlier and more frequently than you ever have before?
Building upon concepts outlined in this talk: http://bit.ly/tdd-talk-2 , and leveraging an evolving "Kata" for building a "Ride-Hailing Application", this exercise will walk thru a rapid-development example from a "clean-slate" Symfony3 project, with just enough bootstrapping to enable Test-Driven Development with PHPUnit & Doctrine.
A Journey toward sustained agility.
magine shipping software early and often, and sustaining the pace as it matures. Imagine harnessing "Change" as a catalyst for opportunity.
Software Engineering can be extremely difficult and maddening. But it doesn’t have to be. We'll take a look at the various challenges we face and explore practical ways to overcome them, to answer this question:
Can we put ourselves in a position to ship code earlier and more often?
Toward answering this question, we will explore 5 areas:
* Bad Code vs Agility – What it means to be “Agile” and the impact of Bad Code on Agility.
* Better Code: Enablers – Enabling Concepts for Better Code such as TDD, Clean Code and Patterns, with an eye toward adapting them to various programming paradigms such as Functional and OOP.
* Empowering OOP – If OOP is to be chosen as a paradigm, we’ll explore what it means to play to the strengths of this paradigm.
* Web Application Architectures: When building Web Applications, we’ll explore various architectures that may hinder or promote a sustainable business fueled by better code.
* TDD: Better Fuels Faster – Leveraging preceding topics, we’ll put it all together in describing a workflow leveraging test-driven development for shipping better products ... faster, while delighting our customers.
The end of this talk will showcase code examples of a real-world Kata for building the service layer of a “Ride Hailing Application”. It will also link to recorded Kata videos, as well as a “clean slate” branch in my git repository to follow along. If you wish to take an early look at these videos, they are all available here: http://bit.ly/tdd-vids
Having made this case, we’ll conclude with the positive impact this workflow will have on a team’s ability to ship new products and new features at a sustained pace, with high levels of predictability.
While PHP, Symfony and Doctrine are used for code examples, concepts in this talk are applicable to all PHP frameworks and environments, as well as other programming languages such as Java and C#.
This session will explore how much time and energy we currently waste when writing software, simply to answer two simple questions:
* "Does my code work?"
* "Did I just break something?"
As we explore these pain-points, Test-Driven Development will emerge as a surprisingly efficient workflow putting us in a position to ship code sooner, more often, on a sustained basis.
Most of us are "surprised" by this, as it just seems very counter-intuitive to write a test before even having written any code. Yet, as we explore this workflow, we start uncovering the efficiencies that we gain, and things become fascinating.
As a result, we will show what it "feels" like to write software that responds to change, as a true sensation of agility emerges, driven not by Scrum, but instead, driven by better code.
Harnessing Errors & Edge-Cases with Ease & Elegance.
Imagine handling error conditions and unexpected edge-cases with code that is easier to read, maintain & extend.
The temptation is real.
We create methods that return an array of objects, or "false" if nothing was found. Or "null". We might further "signal" unexpected results or error-conditions with integer values.
It then becomes the responsibility of consumers of these methods, to properly interpret what "false", "null", or "-500" mean.
As a result, we produce code that is difficult to read, maintain and extend.
Exceptions are seldom leveraged, and most often thought of as objects thrown by some frameworks for instrumentation.
When properly leveraged, they however offer an opportunity to manage unexpected and edge-case behavior at various layers of our applications, with elegant control flows.
By leveraging your language's Exceptions alongside its "Type System", we can create elegant, flexible and advanced handling of Error conditions, which will promote code that is easier to work with.
Despite our agility, we can't ship software at a sustained pace.
With so many companies "becoming agile", nobody bothered to inform the software upon which they depend, that it too, should be agile.
If you ask of any company these days whether or not they consider themselves to be „agile“, the vast majority will answer in the affirmative, and proudly point you to the many „agile processes“ they follow, and „agile tools“ they use.
And yet … in spite of all this „agility“, as our meticulously-planned „sprints“ take longer to execute, as our backlogs fill-up with overhead having nothing to do with core business value, as it gets exponentially difficult to predict just “what” is going to be delivered and “when”, it feels like just about every software project we end-up working on, doesn’t quite deliver on this feeling of overabundant „agility“.
We will explore various challenges that we software engineers face, and offer practical approaches to overcome them, such that we might deliver sustained business value as we evolve toward True Agility.
Bootstrapping Symfony w/ REST, OAuth, User Management, Unit & Acceptance Tests.
We'll review how I setup Doctrine with PHPUnit in Symfony, to enable a highly-productive TDD workflow for a "Ride-Hailing Application" Web Service "Kata".
* Bootstrapping Doctrine against SQLite when in PHPUnit, to test-drive Repository classes with true data operations while retaining blazing-fast speed.
* Test-Driving Doctrine Entity classes as part of this process, while not creating a DB schema on our local MySQL instance.
* Letting Doctrine generate all MySQL migrations to bring the DB schema in-sync with our Entities.
We'll also look at:
* API/REST support via FOSRestBundle
* OAuth support via FOSOAuthServerBundle
* User Management via FOSUserBundle
I'll show configuration optimizations to remove overhead on Unit Tests when introducing these frameworks.
Finally, we'll look at leveraging Codeception to test-drive the creation of Symfony Controller classes, with end-to-end tests going over HTTP thru Symfony's web server, hitting our local MySQL.