Ken Sipe
Cloud Architect & Tech Leader
Ken is a distributed application engineer. Ken has worked with Fortune 500 companies to small startups in the roles of developer, designer, application architect and enterprise architect. Ken's current focus is on containers, container orchestration, high scale micro-service design and continuous delivery systems.Ken is an international speaker on the subject of software engineering speaking at conferences such as JavaOne, JavaZone, Great Indian Developer Summit (GIDS), and The Strange Loop. He is a regular speaker with NFJS where he is best known for his architecture and security hacking talks. In 2009, Ken was honored by being awarded the JavaOne Rockstar Award at JavaOne in SF, California and the JavaZone Rockstar Award at JavaZone in Oslo, Norway as the top ranked speaker.
Presentations
Web Application Security Workshop
9:00 AM MDT
As a web application developer, most of the focus is on the user stories and producing business value for your company or clients. Increasingly however the world wide web is more like the wild wild web which is an increasingly hostile environment for web applications. It is absolutely necessary for web application teams to have security knowledge, a security model and to leverage proper security tools.
This training workshop on security will provide an overview of the security landscape starting with the OWASP top ten security concerns with current real world examples of each of these attack vectors. The first session will consist of a demonstration and labs using hacker tools to get an understanding of how a hacker thinks. It will include a walk through of the ESAPI toolkit as an example of how to solve a number of these security concerns including hands-on labs using the OWASP example swingset.
The workshop will include several hands on labs from the webgoat project in order to better understand the threats that are ever so common today.
Attendees will come away with the following skills / capabilities:
- threat modeling
- security audit plan
- introduction to Pen testing
- key / certificate management
- fixing web application security issues
Don't be the weakest link on the web!
Flying through the Cloud
8:30 AM MDT
cloud architecture… an architectural walk through cloud services and components
high level
Data Centers / VDC
CDN
Monitoring
Load Balancing
Queue
Storage (s3, etc)
DNS
Search
Routing
(Amazon + Open Source) example: CloudSearch vs ElasticSearch
Security
low level
HAProxy
Nerve
synapse
queues
compute
dns
cloud architecture… an architectural walk through cloud services and components
high level
Data Centers / VDC
CDN
Monitoring
Load Balancing
Queue
Storage (s3, etc)
DNS
Search
Routing
(Amazon + Open Source) example: CloudSearch vs ElasticSearch
Security
low level
HAProxy
Nerve
synapse
queues
compute
dns
Flying through the Cloud
10:30 AM MDT
cloud architecture… an architectural walk through cloud services and components
high level
Data Centers / VDC
CDN
Monitoring
Load Balancing
Queue
Storage (s3, etc)
DNS
Search
Routing
(Amazon + Open Source) example: CloudSearch vs ElasticSearch
Security
low level
HAProxy
Nerve
synapse
queues
compute
dns
cloud architecture… an architectural walk through cloud services and components
high level
Data Centers / VDC
CDN
Monitoring
Load Balancing
Queue
Storage (s3, etc)
DNS
Search
Routing
(Amazon + Open Source) example: CloudSearch vs ElasticSearch
Security
low level
HAProxy
Nerve
synapse
queues
compute
dns
Architectural Case Studies
5:00 PM MDT
There is nothing better than looking at real-world examples to understand project failures and project successes. This session is intended to be an open conversation, based closely to a birds of a feature (BOF) session, however it will have a series of “that happened to me” topics throughout discussed from the perspective of technology.
Discussed will be a clients dating back from 2005. The actually client and there name will not be revealed, but the industry, the contraints and some of the outcomes will.
Networks for Programmers
8:30 PM MDT
In the words of John Gage, “The network is the computer”. At the heart of everything we do is a complex system of infrastructure from which we are often abstracted. For general application development this abstraction provides the convenience of simplifying our efforts. With a growing number of mobil applications with intermittent connectivity and higher latency, and with increased hostility on the network from a security standpoint, there is great value in pulling back the curtain and understanding the details of this computer.
This session will start with the underlying understanding of networking at a low level. At this level we will discuss, IP, MAC, ARP, DNS and DHCP. As we walk up an abstraction level, we discuss sockets, NAT, gateways and firewalls along with the use of TCP and UDP. Spending some time at this layer can make network developers more productive, as we look at tools which help us answer the question, “who owns this port?“, “where is this packet going?” and “What is my latency and why?“.
The session will end with a little fun looking at wifi, where will we sniff, snort, crack:) From a security stand point we will look at the challenges of wifi and how it has become the weakest component on the net.
This session is extremely fast-pace. The attendees will come away with a more enhanced understanding of the this thing we call the internet. It will include through discussion or demonstration tools such as tcproute, tcpdump, nemesis, nmap, tcpmon and wireshark.
Hacking Workshop
9:00 AM MDT
The net has cracks and crackers are among us. With all the news of security failures, it can be a challenge to know what is FUD and what is really at risk and to what extent. This session isn’t about hacking an application together nor is it about coding a solution. It is about looking at the network and network infrastructure and understanding some of its weaknesses. This workshop is a 50% mix of lecture / discussion and hands on attacking in order to best understand the challenges.
The labs will require the use of:
- a virtual machine with BackTrack 5
- a wifi adaptor
- and a laptop.
We will have ISO installations of BackTrack 5 for you to install on your VM. It is best if you have this pre-installed, it can be downloaded at http://www.backtrack-linux.org/ . In order to run backtrack, you will want to install this to a virtual machine, if this is new to you, pick up virtualbox or vmware.
The wifi adaptor needed is an Alfa AWUS036H or Alfa AWUS036NHA. You will need 1 of these external adaptors. There are ~ $30 at amazon.
Through the labs we will:
- Disassociate wireless traffic
- Crack a WEP key
- Learn to break through a WPA device
- Scan for open ports
Hacking Workshop
11:00 AM MDT
The net has cracks and crackers are among us. With all the news of security failures, it can be a challenge to know what is FUD and what is really at risk and to what extent. This session isn’t about hacking an application together nor is it about coding a solution. It is about looking at the network and network infrastructure and understanding some of its weaknesses. This workshop is a 50% mix of lecture / discussion and hands on attacking in order to best understand the challenges.
The labs will require the use of:
- a virtual machine with BackTrack 5
- a wifi adaptor
- and a laptop.
We will have ISO installations of BackTrack 5 for you to install on your VM. It is best if you have this pre-installed, it can be downloaded at http://www.backtrack-linux.org/ . In order to run backtrack, you will want to install this to a virtual machine, if this is new to you, pick up virtualbox or vmware.
The wifi adaptor needed is an Alfa AWUS036H or Alfa AWUS036NHA. You will need 1 of these external adaptors. There are ~ $30 at amazon.
Through the labs we will:
- Disassociate wireless traffic
- Crack a WEP key
- Learn to break through a WPA device
- Scan for open ports
OOP Principles
1:30 PM MDT
For decades object-oriented programming has been sold (perhaps over sold) as the logical programming paradigm which provides “the way” to software reuse and reductions in the cost of software maintenance as if it comes for free with the simple selection of the an OO language. Even with the renewed interests in functional languages, the majority of development shops are predominately using object-oriented languages such as Java, C#, and Ruby. So most likely you are using an OO language… How is that reuse thing going? Is your organization realizing all the promises? Even as a former Rational Instructor of OOAD and a long time practitioner, I find great value in returning to the basics. This session is a return to object-oriented basics.
This session is intended to balance the often-touted theoretical object-oriented practices with lessons from the real world. The session will start with a review of some of the basics regarding abstractions and encapsulation. Although simple concepts, we will push the boundary of how these techniques are applied. We will discuss the difference between analysis and design and how that is reflected in our code. We will also look at the limitations of Java the language as outlined in Josh Block’s book “Effective Java”. The session will go past the basics of object-oriented principles and into what our true goals of development really are.
Understanding Java Memory
10:45 AM MDT
So your server is having issues? memory? Connections? Limited response? Is the first solution to bounce the server? Perhaps change some VM flags or add some logging? In todays Java 6 world, with its superior runtime monitoring and management capabilities the reasons to the bounce the server have been greatly reduced.
This session will look at the Java monitoring and management capabilities, which includes the ability to make VM argument changes on the fly. This session will dive into the different memory compartments and how they are used by the JVM. Final this session will explore the different GC options and how they affect response times and throughput.
Spock Intro Workshop
1:30 PM MDT
Spock Intro Workshop - 2 sessions hands on (basics and mocking)
Spock Intro Workshop - 2 sessions hands on (basics and mocking)
Spock Intro Workshop
3:15 PM MDT
Spock Intro Workshop - 2 sessions hands on (basics and mocking)
Spock Intro Workshop - 2 sessions hands on (basics and mocking)
Books
Spring Recipes: A Problem-Solution Approach (Expert's Voice in Open Source)
by Gary Mak, Daniel Rubio, and Josh Long
With over 3 million users/developers, Spring Framework is the leading “out of the box” Java framework. Spring addresses and offers simple solutions for most aspects of your Java/Java EE application development, and guides you to use industry best practices to design and implement your applications.
The release of Spring Framework 3 has ushered in many improvements and new features. Spring Recipes: A Problem-Solution Approach, Second Edition continues upon the bestselling success of the previous edition but focuses on the latest Spring 3 features for building enterprise Java applications. This book provides elementary to advanced code recipes to account for the following, found in the new Spring 3:
- Spring fundamentals: Spring IoC container, Spring AOP/ AspectJ, and more
- Spring enterprise: Spring Java EE integration, Spring Integration, Spring Batch, jBPM with Spring, Spring Remoting, messaging, transactions, scaling using Terracotta and GridGrain, and more.
- Spring web: Spring MVC, Spring Web Flow 2, Spring Roo, other dynamic scripting, integration with popular Grails Framework (and Groovy), REST/web services, and more.
This book guides you step by step through topics using complete and real-world code examples. Instead of abstract descriptions on complex concepts, you will find live examples in this book. When you start a new project, you can consider copying the code and configuration files from this book, and then modifying them for your needs. This can save you a great deal of work over creating a project from scratch!
What you’ll learn
- How to use the IoC container and the Spring application context to best effect.
- Spring’s AOP support, both classic and new Spring AOP, integrating Spring with AspectJ, and load-time weaving.
- Simplifying data access with Spring (JDBC, Hibernate, and JPA) and managing transactions both programmatically and declaratively.
- Spring’s support for remoting technologies (RMI, Hessian, Burlap, and HTTP Invoker), EJB, JMS, JMX, email, batch, scheduling, and scripting languages.
- Integrating legacy systems with Spring, building highly concurrent, grid-ready applications using Gridgain and Terracotta Web Apps, and even creating cloud systems.
- Building modular services using OSGi with Spring DM and Spring Dynamic Modules and SpringSource dm Server.
- Delivering web applications with Spring Web Flow, Spring MVC, Spring Portals, Struts, JSF, DWR, the Grails framework, and more.
- Developing web services using Spring WS and REST; contract-last with XFire, and contract–first through Spring Web Services.
- Spring’s unit and integration testing support (on JUnit 3.8, JUnit 4, and TestNG).
- How to secure applications using Spring Security.
Who this book is for
This book is for Java developers who would like to rapidly gain hands-on experience with Java/Java EE development using the Spring framework. If you are already a developer using Spring in your projects, you can also use this book as a reference—you’ll find the code examples very useful.
Table of Contents
- Introduction to Spring
- Advanced Spring IoC Container
- Spring AOP and AspectJ Support
- Scripting in Spring
- Spring Security
- Integrating Spring with Other Web Frameworks
- Spring Web Flow
- Spring @MVC
- Spring RESTSpring and Flex
- Grails
- Spring Roo
- Spring Testing
- Spring Portlet MVC Framework
- Data Access
- Transaction Management in Spring
- EJB, Spring Remoting, and Web Services
- Spring in the Enterprise
- Messaging
- Spring Integration
- Spring Batch
- Spring on the Grid
- jBPM and Spring
- OSGi and Spring