This document provides an overview of emerging technologies and trends in the areas of techniques, tools, languages/frameworks, and platforms, as identified by Thoughtworks' Technology Advisory Board. Some notable technologies that are being adopted or assessed for adoption include consumer-driven contract testing, Spring Boot and Django Rest for building microservices, Docker and container platforms like Deis and Mesos, and front-end frameworks like React.js. Security-related tools like ZAP and Blackbox are also highlighted. The document outlines the potential benefits and risks of various approaches for organizations to evaluate as they plan their technology strategy.
9. 8
ADOPT
1. Consumer-driven contract testing NEW
2. Focus on mean time to recovery
3. Generated infrastructure diagrams NEW
4. Structured logging
TRIAL
5. Canary builds
6. Datensparsamkeit
7. Local storage sync
8. NoPSD
9. Offline-first web applications NEW
10. Products over projects NEW
11. Threat Modelling NEW
ASSESS
12. Append-only data store
13. Blockchain beyond Bitcoin
14. Enterprise Data Lake
15. Flux NEW
16. “git-based CMS” NEW
17. Phoenix environments NEW
18. Reactive architectures NEW
HOLD
19. Long lived branches with Gitflow
20. Microservice envy
21. Programming in your CI/CD tool
22. SAFe™
23. Security sandwich
24. Separate DevOps team
TECHNIQUES
16. CONSUMER DRIVEN CONTRACTS - STAGES
14
Backend — API
Frontend — Consumer
Unit Integration Staging DeploymentContract
Unit Integration Staging DeploymentContract
17. CONSUMER DRIVEN CONTRACTS - STAGES
15
Backend — API
Frontend — Consumer
Unit Integration Staging
Deployment
Contract
Contract
Unit Integration Staging DeploymentContract
18. CONSUMER DRIVEN CONTRACTS - STAGES
16
Backend — API
Frontend — Consumer
Unit Integration Staging
Deployment
Contract
Contract
Unit Integration Staging DeploymentContract
19. 17
ADOPT
1. Consumer-driven contract testing NEW
2. Focus on mean time to recovery
3. Generated infrastructure diagrams NEW
4. Structured logging
TRIAL
5. Canary builds
6. Datensparsamkeit
7. Local storage sync
8. NoPSD
9. Offline-first web applications NEW
10. Products over projects NEW
11. Threat Modelling NEW
ASSESS
12. Append-only data store
13. Blockchain beyond Bitcoin
14. Enterprise Data Lake
15. Flux NEW
16. “git-based CMS” NEW
17. Phoenix environments NEW
18. Reactive architectures NEW
HOLD
19. Long lived branches with Gitflow
20. Microservice envy
21. Programming in your CI/CD tool
22. SAFe™
23. Security sandwich
24. Separate DevOps team
TECHNIQUES
22. 19
TOOLS
ADOPT
48. Composer
49. Go CD
50. Mountebank
51. Postman
TRIAL
52. Boot2docker
53. Brighter NEW
54. Consul
55. Cursive
56. Gitlab
57. HAMMS NEW
58. IndexedDB
59. POLLY NEW
60. Rest-assured NEW
61. Swagger
62. Xamarin
63. ZAP NEW
ASSESS
64. Apache Kafka NEW
65. Blackbox
66. Bokeh/Vega NEW
67. Gor NEW
68. NaCL NEW
69. Origami NEW
70. Packet beat
71. pdfmake NEW
72. PlantUML NEW
73. Prometheus NEW
74. Quick NEW
75. Security Monkey NEW
HOLD
76. Citrix for development
25. SECURITY AWARENESS AMONG SENIOR DEVELOPERS*
21*Source: http://jemurai.com/developer-survey-1-results-part-2.html
37%
think security is
a small concern
8% think it is a top concern
67%
haver never heard of
OWASP, OWASP top 10, or
CWE top 25
25%
of projects reported had
security training, pen test
or security embedded in
development
Overwhelmingly, the only security practices
in place are manual code and design reviews.
26. OWASP ZED ATTACK PROXY
22
The Main Features
All the essentials for web application testing
■ Intercepting Proxy
■ Active and Passive Scanners
■ Traditional and Ajax Spiders
■ WebSockets support
■ Forced Browsing (using OWASP DirBuster code)
■ Fuzzing (using fuzzdb & OWASP JBroFuzz)
■ Online Add-ons Marketplace
Browser configured to use proxy
Browser
Primary OS
Web Proxy
Your Computer
VM
Web Server
Browser
Web
Proxy
Web
Server
http://www.slideshare.net/dgsweigert/using-the http://www.slideshare.net/tabaradetestare/owasp-2013-zapquickintro
27. ARE YOUR REPOS AND BUILD SERVERS SECURE?
23
http://www.wired.com/2012/09/adobe-digital-cert-hacked/
28. ARE YOUR REPOS AND BUILD SERVERS SECURE?
23
http://www.wired.com/2012/09/adobe-digital-cert-hacked/
29. PROTECTING DEV SECRETS WITH BLACKBOX
Git Repo
Keys
Shhhh
secret
Shhhh
Blackbox
Repo
seen by all
Secrets
readable by few
30. 25
TOOLS
ADOPT
48. Composer
49. Go CD
50. Mountebank
51. Postman
TRIAL
52. Boot2docker
53. Brighter NEW
54. Consul
55. Cursive
56. Gitlab
57. HAMMS NEW
58. IndexedDB
59. POLLY NEW
60. Rest-assured NEW
61. Swagger
62. Xamarin
63. ZAP NEW
ASSESS
64. Apache Kafka NEW
65. Blackbox
66. Bokeh/Vega NEW
67. Gor NEW
68. NaCL NEW
69. Origami NEW
70. Packet beat
71. pdfmake NEW
72. PlantUML NEW
73. Prometheus NEW
74. Quick NEW
75. Security Monkey NEW
HOLD
76. Citrix for development
37. 30
BUILDING YOUR MICROSERVICES - DJANGO REST
Build restful APIs for Python with Django
Can build your microservices for you in Python
Has authentication schemes out of the box.
Browsable web API to visualize data and responses for the different APIs.
38. 31
BUILDING YOUR MICROSERVICES - SPRING BOOT
Easy setup of standalone Spring-based applications
Can build your microservices with easy deploy
Has hibernate mappings so data access simplified
Caution: Has a significant number of dependencies
43. 35
PLATFORMS
ADOPT
TRIAL
25. Apache Spark NEW
26. Cloudera Impala NEW
27. DigitalOcean
28. TOTP Two-Factor Authentication
HOLD
45. Application Servers NEW
46. OSGi
47. SPDY NEW
ASSESS
29. Apache Kylin NEW
30. Apache Mesos
31. CoreCLR and CoreFX NEW
32. CoreOS
33. Deis NEW
34. H2O NEW
35. Jackrabbit Oak
36. Linux security modules
37. MariaDB
38. Netflix OSS Full stack
39. OpenAM
40. SDN
41. Spark.io
42. Text it as a service / Rapidpro.io
43. Time-series Databases NEW
44. U2F
46. THE RISE OF DOCKER
37
http://blog.docker.com/2014/11/docker-governance-advisory-board-output-of-first-meeting/
GitHub Stars by Date and Project Config Management GitHub Totals
51. 42
PLATFORMS
ADOPT
TRIAL
25. Apache Spark NEW
26. Cloudera Impala NEW
27. DigitalOcean
28. TOTP Two-Factor Authentication
HOLD
45. Application Servers NEW
46. OSGi
47. SPDY NEW
ASSESS
29. Apache Kylin NEW
30. Apache Mesos
31. CoreCLR and CoreFX NEW
32. CoreOS
33. Deis NEW
34. H2O NEW
35. Jackrabbit Oak
36. Linux security modules
37. MariaDB
38. Netflix OSS Full stack
39. OpenAM
40. SDN
41. Spark.io
42. Text it as a service / Rapidpro.io
43. Time-series Databases NEW
44. U2F