In the third part of a 4-city Tech Radar roadshow in Sydney, ThoughtWorks TAB members Scott Shaw and Evan Bottcher cover topics from all 4 quadrants of the latest edition of the ThoughtWorks Technology Radar. This presentation covers Reactive Architectures, Security, Spring Boot vs. Nancy, and Docker.
10. 9
ADOPT
1. Consumer-driven contract testing NEW
2. Focus on mean time to recovery
3. Generated infrastructure diagrams NEW
4. Structured logging
TRIAL
5. Canary builds
6. Datensparsamkeit
7. Local storage sync
8. NoPSD
9. Offline-first web applications NEW
10. Products over projects NEW
11. Threat Modelling NEW
ASSESS
12. Append-only data store
13. Blockchain beyond Bitcoin
14. Enterprise Data Lake
15. Flux NEW
16. “git-based CMS” NEW
17. Phoenix environments NEW
18. Reactive architectures NEW
HOLD
19. Long lived branches with Gitflow
20. Microservice envy
21. Programming in your CI/CD tool
22. SAFe™
23. Security sandwich
24. Separate DevOps team
TECHNIQUES
26. 16
Insights
Analytics
Reports,
Model
Parameters
Spark, Hadoop
File Store
(S3)
Event Queue
(Time Series Database,
Apache Kafka,
AWS Kinesis,
Eventstore, …)PUSHES RESPONSIBILITY FOR DATA QUALITY BACK ON
THE SOURCE SYSTEMS
ALL DATA IN MOTION IS IMMUTABLE
FIT-FOR-PURPOSE “STATE” IS COMPUTED BY THE
CONSUMER
MANAGING AND PUBLISHING EVENTS BRINGS
COMPLEXITY
27. 17
ADOPT
1. Consumer-driven contract testing NEW
2. Focus on mean time to recovery
3. Generated infrastructure diagrams NEW
4. Structured logging
TRIAL
5. Canary builds
6. Datensparsamkeit
7. Local storage sync
8. NoPSD
9. Offline-first web applications NEW
10. Products over projects NEW
11. Threat Modelling NEW
ASSESS
12. Append-only data store
13. Blockchain beyond Bitcoin
14. Enterprise Data Lake
15. Flux NEW
16. “git-based CMS” NEW
17. Phoenix environments NEW
18. Reactive architectures NEW
HOLD
19. Long lived branches with Gitflow
20. Microservice envy
21. Programming in your CI/CD tool
22. SAFe™
23. Security sandwich
24. Separate DevOps team
TECHNIQUES
30. 19
TOOLS
ADOPT
48. Composer
49. Go CD
50. Mountebank
51. Postman
TRIAL
52. Boot2docker
53. Brighter NEW
54. Consul
55. Cursive
56. Gitlab
57. Hamms NEW
58. IndexedDB
59. POLLY NEW
60. Rest-assured NEW
61. Swagger
62. Xamarin
63. ZAP NEW
ASSESS
64. Apache Kafka NEW
65. Blackbox
66. Bokeh/Vega NEW
67. Gor NEW
68. NaCL NEW
69. Origami NEW
70. Packet beat
71. pdfmake NEW
72. PlantUML NEW
73. Prometheus NEW
74. Quick NEW
75. Security Monkey NEW
HOLD
76. Citrix for development
33. SECURITY AWARENESS AMONG SENIOR DEVELOPERS*
21*Source: http://jemurai.com/developer-survey-1-results-part-2.html
37%
think security is
a small concern
8% think it is a top concern
67%
haver never heard of
OWASP, OWASP top 10, or
CWE top 25
25%
of projects reported had
security training, pen test
or security embedded in
development
Overwhelmingly, the only security practices
in place are manual code and design reviews.
34. OWASP ZED ATTACK PROXY
22
The Main Features
All the essentials for web application testing
■ Intercepting Proxy
■ Active and Passive Scanners
■ Traditional and Ajax Spiders
■ WebSockets support
■ Forced Browsing (using OWASP DirBuster code)
■ Fuzzing (using fuzzdb & OWASP JBroFuzz)
■ Online Add-ons Marketplace
Browser configured to use proxy
Browser
Primary OS
Web Proxy
Your Computer
VM
Web Server
Browser
Web
Proxy
Web
Server
http://www.slideshare.net/dgsweigert/using-the http://www.slideshare.net/tabaradetestare/owasp-2013-zapquickintro
35. ARE YOUR REPOS AND BUILD SERVERS SECURE?
23
http://www.wired.com/2012/09/adobe-digital-cert-hacked/
36. ARE YOUR REPOS AND BUILD SERVERS SECURE?
23
http://www.wired.com/2012/09/adobe-digital-cert-hacked/
37. PROTECTING DEV SECRETS WITH BLACKBOX
Git Repo
Keys
Shhhh
secret
Shhhh
Blackbox
Repo
seen by all
Secrets
readable by few
38. 25
TOOLS
ADOPT
48. Composer
49. Go CD
50. Mountebank
51. Postman
TRIAL
52. Boot2docker
53. Brighter NEW
54. Consul
55. Cursive
56. Gitlab
57. HAMMS NEW
58. IndexedDB
59. POLLY NEW
60. Rest-assured NEW
61. Swagger
62. Xamarin
63. ZAP NEW
ASSESS
64. Apache Kafka NEW
65. Blackbox
66. Bokeh/Vega NEW
67. Gor NEW
68. NaCL NEW
69. Origami NEW
70. Packet beat
71. pdfmake NEW
72. PlantUML NEW
73. Prometheus NEW
74. Quick NEW
75. Security Monkey NEW
HOLD
76. Citrix for development
50. FRAMEWORKS VS. COMPOSITION
32
Spring Framework
Your Spring Boot App
Jetty
Your
App
Code
Owin
Nancy.Owin
Nancy
Composes
Calls higher-order functions
51. 33
LANGUAGES &
FRAMEWORKS
ADOPT
77. Nancy
TRIAL
78. Dashing
79. Django Rest
80. Ionic Framework
81. Nashorn
82. Om
83. React.js
84. Retrofit
85. Spring Boot
ASSESS
86. Ember.js NEW
87. Flight.js
88. Haskell Hadoop library
89. Lotus
90. Reagent
91. Swift
HOLD
92. JSF
54. 35
PLATFORMS
ADOPT
TRIAL
25. Apache Spark NEW
26. Cloudera Impala NEW
27. DigitalOcean
28. TOTP Two-Factor Authentication
HOLD
45. Application Servers NEW
46. OSGi
47. SPDY NEW
ASSESS
29. Apache Kylin NEW
30. Apache Mesos
31. CoreCLR and CoreFX NEW
32. CoreOS
33. Deis NEW
34. H2O NEW
35. Jackrabbit Oak
36. Linux security modules
37. MariaDB
38. Netflix OSS Full stack
39. OpenAM
40. SDN
41. Spark.io
42. Text it as a service / Rapidpro.io
43. Time-series Databases NEW
44. U2F
57. THE RISE OF DOCKER
37
http://blog.docker.com/2014/11/docker-governance-advisory-board-output-of-first-meeting/
GitHub Starts by Date and Project Config Management GitHub Totals
62. 42
PLATFORMS
ADOPT
TRIAL
25. Apache Spark NEW
26. Cloudera Impala NEW
27. DigitalOcean
28. TOTP Two-Factor Authentication
HOLD
45. Application Servers NEW
46. OSGi
47. SPDY NEW
ASSESS
29. Apache Kylin NEW
30. Apache Mesos
31. CoreCLR and CoreFX NEW
32. CoreOS
33. Deis NEW
34. H2O NEW
35. Jackrabbit Oak
36. Linux security modules
37. MariaDB
38. Netflix OSS Full stack
39. OpenAM
40. SDN
41. Spark.io
42. Text it as a service / Rapidpro.io
43. Time-series Databases NEW
44. U2F