Wrapping up a 4-city Tech Radar roadshow in Brisbane, ThoughtWorks Australia’s Head of Technology Scott Shaw and senior consultant Jean Robert D’Amore cover topics from all 4 quadrants of the latest edition of the ThoughtWorks Technology Radar. This presentation covers Consumer-Driven Contract Testing, Security, Nancy, Apache Mesos, and Docker.
10. 9
ADOPT
1. Consumer-driven contract testing NEW
2. Focus on mean time to recovery
3. Generated infrastructure diagrams NEW
4. Structured logging
TRIAL
5. Canary builds
6. Datensparsamkeit
7. Local storage sync
8. NoPSD
9. Offline-first web applications NEW
10. Products over projects NEW
11. Threat Modelling NEW
ASSESS
12. Append-only data store
13. Blockchain beyond Bitcoin
14. Enterprise Data Lake
15. Flux NEW
16. “git-based CMS” NEW
17. Phoenix environments NEW
18. Reactive architectures NEW
HOLD
19. Long lived branches with Gitflow
20. Microservice envy
21. Programming in your CI/CD tool
22. SAFe™
23. Security sandwich
24. Separate DevOps team
TECHNIQUES
27. 25
ADOPT
1. Consumer-driven contract testing NEW
2. Focus on mean time to recovery
3. Generated infrastructure diagrams NEW
4. Structured logging
TRIAL
5. Canary builds
6. Datensparsamkeit
7. Local storage sync
8. NoPSD
9. Offline-first web applications NEW
10. Products over projects NEW
11. Threat Modelling NEW
ASSESS
12. Append-only data store
13. Blockchain beyond Bitcoin
14. Enterprise Data Lake
15. Flux NEW
16. “git-based CMS” NEW
17. Phoenix environments NEW
18. Reactive architectures NEW
HOLD
19. Long lived branches with Gitflow
20. Microservice envy
21. Programming in your CI/CD tool
22. SAFe™
23. Security sandwich
24. Separate DevOps team
TECHNIQUES
28. 26
ADOPT
1. Consumer-driven contract testing NEW
2. Focus on mean time to recovery
3. Generated infrastructure diagrams NEW
4. Structured logging
TRIAL
5. Canary builds
6. Datensparsamkeit
7. Local storage sync
8. NoPSD
9. Offline-first web applications NEW
10. Products over projects NEW
11. Threat Modelling NEW
ASSESS
12. Append-only data store
13. Blockchain beyond Bitcoin
14. Enterprise Data Lake
15. Flux NEW
16. “git-based CMS” NEW
17. Phoenix environments NEW
18. Reactive architectures NEW
HOLD
19. Long lived branches with Gitflow
20. Microservice envy
21. Programming in your CI/CD tool
22. SAFe™
23. Security sandwich
24. Separate DevOps team
TECHNIQUES
31. 28
TOOLS
ADOPT
48. Composer
49. Go CD
50. Mountebank
51. Postman
TRIAL
52. Boot2docker
53. Brighter NEW
54. Consul
55. Cursive
56. Gitlab
57. Hamms NEW
58. IndexedDB
59. POLLY NEW
60. Rest-assured NEW
61. Swagger
62. Xamarin
63. ZAP NEW
ASSESS
64. Apache Kafka NEW
65. Blackbox
66. Bokeh/Vega NEW
67. Gor NEW
68. NaCL NEW
69. Origami NEW
70. Packet beat
71. pdfmake NEW
72. PlantUML NEW
73. Prometheus NEW
74. Quick NEW
75. Security Monkey NEW
HOLD
76. Citrix for development
34. SECURITY AWARENESS AMONG SENIOR DEVELOPERS*
30*Source: http://jemurai.com/developer-survey-1-results-part-2.html
37%
think security is
a small concern
8% think it is a top concern
67%
haver never heard of
OWASP, OWASP top 10, or
CWE top 25
25%
of projects reported had
security training, pen test
or security embedded in
development
Overwhelmingly, the only security practices
in place are manual code and design reviews.
35. OWASP ZED ATTACK PROXY
31
The Main Features
All the essentials for web application testing
■ Intercepting Proxy
■ Active and Passive Scanners
■ Traditional and Ajax Spiders
■ WebSockets support
■ Forced Browsing (using OWASP DirBuster code)
■ Fuzzing (using fuzzdb & OWASP JBroFuzz)
■ Online Add-ons Marketplace
Browser configured to use proxy
Browser
Primary OS
Web Proxy
Your Computer
VM
Web Server
Browser
Web
Proxy
Web
Server
http://www.slideshare.net/dgsweigert/using-the http://www.slideshare.net/tabaradetestare/owasp-2013-zapquickintro
36. ARE YOUR REPOS AND BUILD SERVERS SECURE?
32
http://www.wired.com/2012/09/adobe-digital-cert-hacked/
37. ARE YOUR REPOS AND BUILD SERVERS SECURE?
32
http://www.wired.com/2012/09/adobe-digital-cert-hacked/
38. PROTECTING DEV SECRETS WITH BLACKBOX
Git Repo
Keys
Shhhh
secret
Shhhh
Blackbox
Repo
seen by all
Secrets
readable by few
39. 34
TOOLS
ADOPT
48. Composer
49. Go CD
50. Mountebank
51. Postman
TRIAL
52. Boot2docker
53. Brighter NEW
54. Consul
55. Cursive
56. Gitlab
57. HAMMS NEW
58. IndexedDB
59. POLLY NEW
60. Rest-assured NEW
61. Swagger
62. Xamarin
63. ZAP NEW
ASSESS
64. Apache Kafka NEW
65. Blackbox
66. Bokeh/Vega NEW
67. Gor NEW
68. NaCL NEW
69. Origami NEW
70. Packet beat
71. pdfmake NEW
72. PlantUML NEW
73. Prometheus NEW
74. Quick NEW
75. Security Monkey NEW
HOLD
76. Citrix for development
59. THE RISE OF DOCKER
49
http://blog.docker.com/2014/11/docker-governance-advisory-board-output-of-first-meeting/
GitHub Stars by Date and Project Config Management GitHub Totals
64. 54
PLATFORMS
ADOPT
TRIAL
25. Apache Spark NEW
26. Cloudera Impala NEW
27. DigitalOcean
28. TOTP Two-Factor Authentication
HOLD
45. Application Servers NEW
46. OSGi
47. SPDY NEW
ASSESS
29. Apache Kylin NEW
30. Apache Mesos
31. CoreCLR and CoreFX NEW
32. CoreOS
33. Deis NEW
34. H2O NEW
35. Jackrabbit Oak
36. Linux security modules
37. MariaDB
38. Netflix OSS Full stack
39. OpenAM
40. SDN
41. Spark.io
42. Text it as a service / Rapidpro.io
43. Time-series Databases NEW
44. U2F