The document provides an overview of an induction training program for web application development. It discusses the following key topics in web applications:
1. Security is the most important consideration and covers network, server, and application level security with examples of best practices.
2. Maintainability is the highest cost over time due to the dynamic nature of web applications and need for frequent updates. Applications should be built for easy customization, separation of code and content, and use of templates and style sheets.
3. Performance optimization includes keeping page sizes small, minimizing server-side processing and database queries, and optimizing database indexes and disk reads.
In this SOA workshop in Colombo, Sri Lanka (September 17, 2009), Paul Fremantle, CTO and Co-Founder, WSO2 presented about SOA and discussed why SOA is the basis of all modern Enterprise Architecture.
By leveraging services in the cloud, businesses can host new applications and services in a cost effective manner. Existing systems can also leverage the cloud in its entirety or for specific aspects of the system to reduce infrastructure management costs and to support potential scale-out requirements as usage increases. Windows Azure offers many services from application hosting, storage, content delivery, messaging, caching and security. Pricing each of these services to estimate your costs requires some thoughtfulness around how you will use each service within your architecture, and some predictions about the number of users, payload traffic and number of transactions. How then can you estimate your costs, or price your own offering to customers when there are so many variables? Pricing is not a perfect science and each business will have its own level of tolerance for cost absorption vs. costs to be deferred to customers. In this session we will break down the pricing model of the cloud, look at ways to quantify your service using various architectural examples, and look at ways you can track usage, validate costs and ultimately collect your costs across the core Windows Azure features to gain perspective on what you need to charge your customers for those services, along with some ideas on how to project revenue.
Planning on deploying an Extranet on SharePoint? Before you open up your internal site for the your partners, consider the security, confidentiality, authentication and licencing implications
High Scalability by Example – How can Web-Architecture scale like Facebook, T...Robert Mederer
Skalierbarkeit bedeutet hohes Aufkommen von Traffic, Daten, Userbase, IO, Parallelverarbeitung und Concurrency, aber wie funktioniert dies bei den bekannten Web 2.0 Plattformen. Wie wird skaliert – horizontal oder vertikal, im Client-Layer, Service-Layer oder im Backend-Layer? Welche Rolle spielt Caching, NoSQL, Clustering und MapReduce bei der Skalierbarkeit? Wie wirkt sich die Skalierbarkeit in Sachen Konsistenz vs. Verfügbarkeit vs. Network Toleranz aus? Der Vortrag geht vergleichend auf verschiedene Konzepte von Skalierbarkeit ein und erläutert anhand von Beispielen wie mit pragmatischen Mitteln eine skalierbare Architektur erreicht werden kann.
In this SOA workshop in Colombo, Sri Lanka (September 17, 2009), Paul Fremantle, CTO and Co-Founder, WSO2 presented about SOA and discussed why SOA is the basis of all modern Enterprise Architecture.
By leveraging services in the cloud, businesses can host new applications and services in a cost effective manner. Existing systems can also leverage the cloud in its entirety or for specific aspects of the system to reduce infrastructure management costs and to support potential scale-out requirements as usage increases. Windows Azure offers many services from application hosting, storage, content delivery, messaging, caching and security. Pricing each of these services to estimate your costs requires some thoughtfulness around how you will use each service within your architecture, and some predictions about the number of users, payload traffic and number of transactions. How then can you estimate your costs, or price your own offering to customers when there are so many variables? Pricing is not a perfect science and each business will have its own level of tolerance for cost absorption vs. costs to be deferred to customers. In this session we will break down the pricing model of the cloud, look at ways to quantify your service using various architectural examples, and look at ways you can track usage, validate costs and ultimately collect your costs across the core Windows Azure features to gain perspective on what you need to charge your customers for those services, along with some ideas on how to project revenue.
Planning on deploying an Extranet on SharePoint? Before you open up your internal site for the your partners, consider the security, confidentiality, authentication and licencing implications
High Scalability by Example – How can Web-Architecture scale like Facebook, T...Robert Mederer
Skalierbarkeit bedeutet hohes Aufkommen von Traffic, Daten, Userbase, IO, Parallelverarbeitung und Concurrency, aber wie funktioniert dies bei den bekannten Web 2.0 Plattformen. Wie wird skaliert – horizontal oder vertikal, im Client-Layer, Service-Layer oder im Backend-Layer? Welche Rolle spielt Caching, NoSQL, Clustering und MapReduce bei der Skalierbarkeit? Wie wirkt sich die Skalierbarkeit in Sachen Konsistenz vs. Verfügbarkeit vs. Network Toleranz aus? Der Vortrag geht vergleichend auf verschiedene Konzepte von Skalierbarkeit ein und erläutert anhand von Beispielen wie mit pragmatischen Mitteln eine skalierbare Architektur erreicht werden kann.
Are You Ready For More Visitors Cognizant Gomez Jan20Compuware APM
To tell us more about the steps that you need to take to ensure that your applications, transactions and web pages perform well, when it matters most, under load, or at peak times, we are joined today by two experts in the field – Hari Ramachandran from Cognizant and Colin Mason from Gomez.
Hari has 10 years of experience in IT industry in Software Development and Performance Management. He has lead performance testing initiatives for large mission critical applications for several Fortune 500 companies across Insurance, Banking/Finance, Travel, Retail, Manufacturing and Logistics. Hari is a Mercury LoadRunner Certified Product Consultant, and he currently heads the Non Functional Testing Center of Excellence at Cognizant.
Colin is the Product Manager for Reality Load, the web load and performance testing solution at Gomez. He has 10 years of performance testing experience, and has overseen hundreds of load tests for companies all over the world. He has presented at several industry conferences, including STAR, and has authored industry-acclaimed papers on performance testing web applications.
In today’s presentation Hari and Colin will discuss the challenges of delivering Web applications today, why performance testing is critical, and they will share with you their recommendations for successful performance testing. You will also learn about Gomez’s Reality Load, a new way of realistically load testing your applications from the Internet, where your customers are, so you can find and resolve more problems inside and outside the firewall than ever before.
Alfresco CMS is leading open source Enterprise Content Management System. Businessware Technologies is the leading open source solution provider in gulf region.
http://businessware-tech.com/product/alfresco-cms-and-intranet
How can you accelerate the delivery of new, high-quality services? How can you be able to experiment and get feedback quickly from your customers? To get the most out of the agility afforded by serverless and containers, it is essential to build CI/CD pipelines that help teams iterate on code and quickly release features. In this talk, we demonstrate how developers can build effective CI/CD release workflows to manage their serverless or containerized deployments on AWS. We cover infrastructure-as-code (IaC) application models, such as AWS Serverless Application Model (AWS SAM) and new imperative IaC tools. We also demonstrate how to set up CI/CD release pipelines with AWS CodePipeline and AWS CodeBuild, and we show you how to automate safer deployments with AWS CodeDeploy.
InterConnect 2017 HBP-2884-IBM BPM upgrade and migration made easyBrian Petrini
Upgrading to the latest version of IBM BPM has never been easier. Ever since the release of IBM BPM 8500 in 2013, customers has been able to move to the latest release with an in-place upgrade without the need for data migration. This session will discuss the top practices in planning a painless upgrade to the latest BPM continuous release version?whether you are running BPM 85x or an older version. We will also discuss the options available if you want to move your BPM program to the cloud. In addition, we will also discuss ways to design your applications to ensure an easy upgrade every time.
Web Server Technologies II: Web Applications & Server MaintenancePort80 Software
Supporting Web applications: server-side programming and Web application frameworks. Web server maintenance: Web Analytics (Logs and Log Analysis), Dealing with bots and spiders, Server and site monitoring, Tuning and acceleration, Programmatic administration.
IT Automation With CFEngine - Business Value and Basic ConceptsCFEngine
Automation has been central to infrastructure management and more recently to the continuous delivery of applications, DevOps. What has changed is the scale at which these are conducted. CFEngine delivers IT automation at Web-Scale. Scale in this context includes speed and agility along with size. So, smaller organizations can also benefit from IT automation for their infrastructure and continuous delivery needs.
In this webinar we discussed the business value of Web-Scale IT Automation as well as CFEngine's capabilities through a demonstration of its key features. Based on sound principles of Promise Theory CFEngine is a highly scalable, very secure, model-based approach to infrastructure management and continuous delivery.
Node.js BFFs: our way to better/micro frontendsEugene Fidelin
About 2 years ago Marktplaats.nl started to build a new platform. We migrated from huge Java-based frontends towards smaller Node.js BFFs (backend-for-frontends). We are close to the next step and adapt a micro-frontends approach.
Here I would like to share the outcomes of this quest: what architecture solutions are made, how does Marktplaats.nl run and scale so many BFFs in production, how we grew as a team, educated frontend-developers to write backend code and what were our biggest challenges.
For enterprises trying to stay ahead of the game, having a robust and fast application development program can make or break their market presence. The challenge for developers, however, is to build responsive, devise-agnostic applications in days, not months.
Connect Ops and Security with Flexible Web App and API ProtectionDevOps.com
Organizations continue to adopt container orchestration to drive efficiencies in their CI/CD pipelines. Given the current business climate with more employees working from home and consumers transacting more online, how can development and operations teams release at increasing velocity with protection baked in?
Connecting operations and security teams have not always been a smooth process: developers and operations staff are charged with site reliability, availability, and uptime while security staff is held responsible for securing an organization’s always-moving perimeter and valuable web layer assets. But the lines have started to blur between DevOps teams and security: you can’t guarantee uptime without baking effective application security tooling into your processes and infrastructure configurations.
A true next-generation, holistic web application and API protection platform does just that: operations teams can integrate security into their workflows and ensure new infrastructure and app code released to production is both effective and secure. Join application security experts Aneel Dadani and Orlando Barerra II from Signal Sciences to learn how your team can deploy at scale safely while gaining layer 7 visibility in production environments. Attendees will learn:
How to inspect web traffic in containers, at the API gateway, or the ingress
How DevOps teams can scale their application footprint to meet demand while securing your codebase in production
How development teams can gain visibility into how their apps and APIs are being used in production and what vulnerabilities may exist that they overlooked
Demo these application security concepts with Ansible, a simple yet powerful IT automation engine that companies use to accelerate DevOps initiatives, including baking application security into their infrastructure.
Are You Ready For More Visitors Cognizant Gomez Jan20Compuware APM
To tell us more about the steps that you need to take to ensure that your applications, transactions and web pages perform well, when it matters most, under load, or at peak times, we are joined today by two experts in the field – Hari Ramachandran from Cognizant and Colin Mason from Gomez.
Hari has 10 years of experience in IT industry in Software Development and Performance Management. He has lead performance testing initiatives for large mission critical applications for several Fortune 500 companies across Insurance, Banking/Finance, Travel, Retail, Manufacturing and Logistics. Hari is a Mercury LoadRunner Certified Product Consultant, and he currently heads the Non Functional Testing Center of Excellence at Cognizant.
Colin is the Product Manager for Reality Load, the web load and performance testing solution at Gomez. He has 10 years of performance testing experience, and has overseen hundreds of load tests for companies all over the world. He has presented at several industry conferences, including STAR, and has authored industry-acclaimed papers on performance testing web applications.
In today’s presentation Hari and Colin will discuss the challenges of delivering Web applications today, why performance testing is critical, and they will share with you their recommendations for successful performance testing. You will also learn about Gomez’s Reality Load, a new way of realistically load testing your applications from the Internet, where your customers are, so you can find and resolve more problems inside and outside the firewall than ever before.
Alfresco CMS is leading open source Enterprise Content Management System. Businessware Technologies is the leading open source solution provider in gulf region.
http://businessware-tech.com/product/alfresco-cms-and-intranet
How can you accelerate the delivery of new, high-quality services? How can you be able to experiment and get feedback quickly from your customers? To get the most out of the agility afforded by serverless and containers, it is essential to build CI/CD pipelines that help teams iterate on code and quickly release features. In this talk, we demonstrate how developers can build effective CI/CD release workflows to manage their serverless or containerized deployments on AWS. We cover infrastructure-as-code (IaC) application models, such as AWS Serverless Application Model (AWS SAM) and new imperative IaC tools. We also demonstrate how to set up CI/CD release pipelines with AWS CodePipeline and AWS CodeBuild, and we show you how to automate safer deployments with AWS CodeDeploy.
InterConnect 2017 HBP-2884-IBM BPM upgrade and migration made easyBrian Petrini
Upgrading to the latest version of IBM BPM has never been easier. Ever since the release of IBM BPM 8500 in 2013, customers has been able to move to the latest release with an in-place upgrade without the need for data migration. This session will discuss the top practices in planning a painless upgrade to the latest BPM continuous release version?whether you are running BPM 85x or an older version. We will also discuss the options available if you want to move your BPM program to the cloud. In addition, we will also discuss ways to design your applications to ensure an easy upgrade every time.
Web Server Technologies II: Web Applications & Server MaintenancePort80 Software
Supporting Web applications: server-side programming and Web application frameworks. Web server maintenance: Web Analytics (Logs and Log Analysis), Dealing with bots and spiders, Server and site monitoring, Tuning and acceleration, Programmatic administration.
IT Automation With CFEngine - Business Value and Basic ConceptsCFEngine
Automation has been central to infrastructure management and more recently to the continuous delivery of applications, DevOps. What has changed is the scale at which these are conducted. CFEngine delivers IT automation at Web-Scale. Scale in this context includes speed and agility along with size. So, smaller organizations can also benefit from IT automation for their infrastructure and continuous delivery needs.
In this webinar we discussed the business value of Web-Scale IT Automation as well as CFEngine's capabilities through a demonstration of its key features. Based on sound principles of Promise Theory CFEngine is a highly scalable, very secure, model-based approach to infrastructure management and continuous delivery.
Node.js BFFs: our way to better/micro frontendsEugene Fidelin
About 2 years ago Marktplaats.nl started to build a new platform. We migrated from huge Java-based frontends towards smaller Node.js BFFs (backend-for-frontends). We are close to the next step and adapt a micro-frontends approach.
Here I would like to share the outcomes of this quest: what architecture solutions are made, how does Marktplaats.nl run and scale so many BFFs in production, how we grew as a team, educated frontend-developers to write backend code and what were our biggest challenges.
For enterprises trying to stay ahead of the game, having a robust and fast application development program can make or break their market presence. The challenge for developers, however, is to build responsive, devise-agnostic applications in days, not months.
Connect Ops and Security with Flexible Web App and API ProtectionDevOps.com
Organizations continue to adopt container orchestration to drive efficiencies in their CI/CD pipelines. Given the current business climate with more employees working from home and consumers transacting more online, how can development and operations teams release at increasing velocity with protection baked in?
Connecting operations and security teams have not always been a smooth process: developers and operations staff are charged with site reliability, availability, and uptime while security staff is held responsible for securing an organization’s always-moving perimeter and valuable web layer assets. But the lines have started to blur between DevOps teams and security: you can’t guarantee uptime without baking effective application security tooling into your processes and infrastructure configurations.
A true next-generation, holistic web application and API protection platform does just that: operations teams can integrate security into their workflows and ensure new infrastructure and app code released to production is both effective and secure. Join application security experts Aneel Dadani and Orlando Barerra II from Signal Sciences to learn how your team can deploy at scale safely while gaining layer 7 visibility in production environments. Attendees will learn:
How to inspect web traffic in containers, at the API gateway, or the ingress
How DevOps teams can scale their application footprint to meet demand while securing your codebase in production
How development teams can gain visibility into how their apps and APIs are being used in production and what vulnerabilities may exist that they overlooked
Demo these application security concepts with Ansible, a simple yet powerful IT automation engine that companies use to accelerate DevOps initiatives, including baking application security into their infrastructure.
The Rise of Serverless Architecture in Web Development.docxSavior_Marketing
The rise of serverless architecture has been a significant trend in web development in recent years. Serverless architecture is a cloud computing model that allows developers to build and deploy applications without the need to manage traditional server infrastructure
A Public Cloud Based SOA Workflow for Machine Learning Based Recommendation A...Ram G Athreya
Over the past decade the field of Cloud Computing has been the focus of intensive research. In this paper we propose a framework that will simulate the architectural setup of a cloud environment and examine how it can leverage Apriori and Sequential Pattern based recommendation algorithms through R. Furthermore, we present a multi layered application encompassing its backend architecture, user interface built using the responsive web design technique and its development workflow. The proposed system was also exhaustively load tested using Apache JMeter to ensure its reliability at scale and the experimental results are presented.
2. Web Application | What do you think is most important for building web sites?
Security
Maintainability
Usability
Performance
Graphic Design
3. Web Application | Security
Three Categories
- Network
- Server
Installing a quality firewall and hiring a competent system
administrator can go a long way towards making you feel
comfortable
- Application
Not very easy. Must undergo a series of audits and "trial by fire"
before it can be considered anywhere near safe
4. Web Application | Security | Some Quick Rules
Always verify any data sent from a client for size and type.
Be extra careful with scripts that talk to databases - don't give
the web server any more permissions that it needs.
Any file operations done by the web server are high risk. Verify
that your permission structure does not grant any unnecessary
permissions which could be exploited to damage the system.
Avoid executing shell commands at all costs.
Never send clear-text passwords over the network. Use
encrypted connections, with SSH or SSL, whenever sending
important information.
5. Web Application | Maintainability
Traditional systems design
- Typical lifetime of 2 to 4 years
- Once the application has reached a stable configuration
the design effort is all but finished.
- Majority of expense is in the systems understanding and
analysis.
6. Web Application | Maintainability
What's the number one cost in web design?
- Planning the application?
- Building the application for the first time?
- Cost of the server or the connectivity?
7. Web Application | Maintainability
“The highest cost in web design will be maintaining the
application”
- Dynamic aspect of the web
- Improvements in existing applications are continuous
- New content is expected
- New technologies appear on a regular basis
- User feedback and design demands are much more
prevalent
In fact your software must be frequently modified and updated
8. Web Application | Maintainability | Build everything for distribution
Build customization variables into your code
Separate code and content
Use templates
Use style sheets
Make the language of your site customizable
Develop a common coding style and stick with it
Comment your code well
9. Web Application | Usability
Usability is the study of how to make using applications easy
and intuitive
- Listen to the geeks
- Listen to the newbies
- Just because everyone else does it
- The need for speed
Great: < 8 KB/page (text and images)
Good: 8 - 20 KB/page
Reasonable: 20 - 50 KB/page
Poor: 50 - 100 KB/page
Don't: > 100 KB/page
10. Web Application | Performance
Performance on the web is straightforward: a relatively small amount of servers
must be able to support a potentially unlimited number of clients
Any code running on the server must be clean and fast
Database optimization
Number your queries in your code. This will help you keep track of how many queries are involved in a
certain process, and will save you time when trying to optimize your scripts.
Create proper indexes. Optimized indexes are key to database speed. Any fields which are routinely
queried against should have indexes. Don't create too many indexes, as unnecessary indexes will slow
INSERTs and increase the database size unnecessarily.
Test, test, and test again. Poorly written queries can kill a database server. Take the time to gauge the
performance of your queries and understand what the database needs to do in order to execute them.
Disk reads
minimal number of included files
11. Web Application | Graphic Design
Changing the graphic design of the site is as easy as changing
your t-shirt
12. Web Application | Architecture
Hosting
Server
Response
DNS
Visitors Server
Internet
Request
Registrar
13. Web Application | The Fundamentals of HTTP
Hypertext Transfer Protocol
One of the few protocols that bridges the gap between
networking and application development groups
HTTP Request Methods
GET
POST
PUT
DELETE
HEAD
HTTP response
-consists of a header section and a body
-The header section tells the browser how to treat the body content and
-Each HTTP response includes a status code, which indicates the status of the request
- 200 OK
- 304 Not Modified
- 404 Not Found
- 401 Authorization Required
- 500 Internal Error
14. Web Application | HTTP Headers
HTTP headers carry information about behaviour and
application state between the browser and the server
HTTP version (HTTP/1.0 or HTTP/1.1)1.
Accept-Encoding: gzip, deflate2.
Connection: Keep-Alive3.
If-* headers4.
Cache-Control or Pragma no-cache5
15. Web Application | Cookies
Cookies are sent by the web server to the browser as an HTTP
header and used to store all sorts of information about a user’s
interaction with the site
Encrypted cookies will affect the performance of an application
16. Web Application | Meta Tags
Two types of meta tags
- HTTP-EQUIV
- NAME
HTTP-EQUIV meta tags are equivalent to HTTP headers