This document discusses strategies for moving away from legacy code using behavior-driven development (BDD). It summarizes three popular options: 1) Rewriting the entire application from scratch using best practices, 2) Doing technical refactoring of the code, and 3) Taking a business-focused approach using the "BDD pipeline" which involves impact mapping, prioritizing features, example workshops, and BDD layers to support planned changes. The presenter argues that the third option of a BDD pipeline is preferable to a full rewrite or only technical refactoring as it focuses on delivering business value over time rather than rewriting the code.
Greenfield projects are bunch of fun – you can apply craziest cutting edge architecture decisions and use best practices on the market. But what if you stuck in a Legacy project? Does it mean that you need to descend into darkness of despair on every required change? Does it mean that you can’t effectively use Agile or any modern design practices or tools?
This talk will show you how to be successful even with the oldest legacy projects out there through the focus on value and measurement. It will present couple of ways to approach software rewrites and maintain sanity when working with haphazardly put together code.
Specification by example - course summaryJakub Holy
Key lessons from the course on specification by example called From user stories to acceptance tests lead by Gojko Adzic in Oslo, 1/2012.
What SbE is, what are its key goals, how to introduce it, selected techniques including Effect Mapping and Specification Workshop.
Software development is riddled with explicit and implicit costs. Every decision you make has a cost attached to it. When you're writing code, you're making an investment, the size of which will for a long time define the costs of your future growth. Making right decision about these investments is very tricky and the cost of wrong decisions might be crippling for both business and teams that support it.
Extreme Programming and Test Driven Development in particular are practices that are aiming at supporting development effort by making it easier to introduce change. That said, sometimes those tools can become a problem of its own when applied in the wrong way or for the wrong context. Understanding software cost forces is a very important skill of successful teams and something that helps understand how to apply XP and TDD in different contexts.
Agile is defined by an open development process driven by collaboration. But we know that collaboration is not always easy, and we need to come up with creative ways of establishing and supporting it.
For this reason, the agile community was very busy in the last decade coming up with new and innovative tools to boost collaboration - eg story mapping, impact mapping, example mapping, risk brainstorming, the 3 amigos workshop, stakeholder mapping, event storming etc. There are a lot of tools. But how do all they fit together, and when should you use one or another in the wider context of a project delivery?
This is a very practical session that will attempt to group and present modern agile tools in the context of project delivery and provide guidance recommendations for their use.
How do you create applications with an incredible level of extendability without losing readability in the process? What if there's a way to separate concerns not only on the code, but on the service definition level? This talk will explore structural and behavioural patterns and ways to enrich them through tricks of powerful dependency injection containers such as Symfony2 DIC component.
Greenfield projects are awesome – you can develop highest quality application using best practices on the market. But what if your bread actually is Legacy projects?
Does it mean that you need to descend into darkness of QA absence? Does it mean that you can’t use Agile or modern communication practices like BDD?
This talk will show you how to be successful even with the oldest legacy projects out there through the usage of Agile processes and tools like Impact Mapping, Feature Mapping, Example Workshop, Story and Spec BDDs.
Greenfield projects are bunch of fun – you can apply craziest cutting edge architecture decisions and use best practices on the market. But what if you stuck in a Legacy project? Does it mean that you need to descend into darkness of despair on every required change? Does it mean that you can’t effectively use Agile or any modern design practices or tools?
This talk will show you how to be successful even with the oldest legacy projects out there through the focus on value and measurement. It will present couple of ways to approach software rewrites and maintain sanity when working with haphazardly put together code.
Specification by example - course summaryJakub Holy
Key lessons from the course on specification by example called From user stories to acceptance tests lead by Gojko Adzic in Oslo, 1/2012.
What SbE is, what are its key goals, how to introduce it, selected techniques including Effect Mapping and Specification Workshop.
Software development is riddled with explicit and implicit costs. Every decision you make has a cost attached to it. When you're writing code, you're making an investment, the size of which will for a long time define the costs of your future growth. Making right decision about these investments is very tricky and the cost of wrong decisions might be crippling for both business and teams that support it.
Extreme Programming and Test Driven Development in particular are practices that are aiming at supporting development effort by making it easier to introduce change. That said, sometimes those tools can become a problem of its own when applied in the wrong way or for the wrong context. Understanding software cost forces is a very important skill of successful teams and something that helps understand how to apply XP and TDD in different contexts.
Agile is defined by an open development process driven by collaboration. But we know that collaboration is not always easy, and we need to come up with creative ways of establishing and supporting it.
For this reason, the agile community was very busy in the last decade coming up with new and innovative tools to boost collaboration - eg story mapping, impact mapping, example mapping, risk brainstorming, the 3 amigos workshop, stakeholder mapping, event storming etc. There are a lot of tools. But how do all they fit together, and when should you use one or another in the wider context of a project delivery?
This is a very practical session that will attempt to group and present modern agile tools in the context of project delivery and provide guidance recommendations for their use.
How do you create applications with an incredible level of extendability without losing readability in the process? What if there's a way to separate concerns not only on the code, but on the service definition level? This talk will explore structural and behavioural patterns and ways to enrich them through tricks of powerful dependency injection containers such as Symfony2 DIC component.
Greenfield projects are awesome – you can develop highest quality application using best practices on the market. But what if your bread actually is Legacy projects?
Does it mean that you need to descend into darkness of QA absence? Does it mean that you can’t use Agile or modern communication practices like BDD?
This talk will show you how to be successful even with the oldest legacy projects out there through the usage of Agile processes and tools like Impact Mapping, Feature Mapping, Example Workshop, Story and Spec BDDs.
Behaviour Driven Development (BDD) and Domain Driven Design (DDD) seen a great growth in adoption in recent years. We are all creating new practices and tools that try and bring these two very important modern methodologies together. What if we have it backwards and they were actually together all along? What if most of the misunderstandings and challenges we face in implementing BDD are spawned from the very simple mistake of us separating something that was created as a whole? In this talk we'll delve into BDD as it was meant to be done from the beginning and look at its very rooted connection with the software design.
What is the purpose of BDD and how it fits into the Agile development? If you ever wondered what are the benefits of BDD or why should you care about tools like Behat or PhpSpec, this talk will try to guide you through the reasoning and goals of modern Agile practices and tools in PHP.
Agile is defined by an open development process driven by collaboration. But you know that collaboration is not always an easy process and in a lot of cases you need to come up with creative ways of establishing and supporting it. By that reason Agile community was very busy in the last decade coming up with new and innovative tools to boost collaboration on different aspects of development and planning - Story Mapping, Impact Mapping, Example Mapping, Risk Brainstorming, Three Amigos workshop, Stakeholder Mapping, Event Storming, etc. There’s a lot of tools. But how do all they fit together and when should you use one or another in the wider context of a project delivery?
This is a very practical talk that will attempt to group and present modern Agile tools in the context of project delivery and will provide guidance recommendations for their use.
Konstantin puts it to you that one of the biggest problems in the software industry manifest from the gaps in shared understanding. This leads businesses to make technological choices with limited knowledge of technology impacts, or worse, technology delivery teams to make business choices without business guidance. Inevitably this leads to products being built badly, or the wrong products being built.
Agile, and BDD in particular, try to solve this problem through steady and deliberate discovery. What if you don't have time to be steady? What if you need to start bridging this gap very quickly with a new customer at the beginning of a new project, almost every week? Enter the project discovery - a way to get on the same page with many businesses in an agency-like environment.
This talk will present a collaborative process built on top of Agile and BDD practices aimed to replace requirements gathering and contract negotiation processes with Agile delivery planning.
Greenfield projects are awesome – you can develop highest quality application using best practices on the market. But what if your bread actually is Legacy projects? Does it mean that you need to descend into darkness of QA absence? This talk will show you how to be successful even with the oldest legacy projects out there through the introduction of Agile processes and tools like Behat.
What should you test with your unit tests? Some people will say that unit behaviour is best tested through it's outcomes. But what if communication between units itself is more important than the results of it? This session will introduce you to two different ways of unit-testing and show you a way to assert your object behaviours through their communications.
Prashant technical practices-tdd for xebia eventXebia India
Theme: Agile Technical Practices
Epic: TDD implementation
Stories:
Context of TDD
What is TDD
Response of Developers to TDD implementation
Practices complimenting TDD
Success with TDD
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB
Are you new to schema design for MongoDB, or are you looking for a more complete or agile process than what you are following currently? In this talk, we will guide you through the phases of a flexible methodology that you can apply to projects ranging from small to large with very demanding requirements.
Disciplined Entrepreneurship: How Do You Design And Build Your Product? How D...Elaine Chen
In this class, we will look at how you define a minimum viable product – and think about a “minimum viable BUSINESS product” that is saleable. We will discuss product safety and regulatory implications for a saleable hardware product and discuss practical ways to gauge purchase intent / pricing elasticity before investing in tooling. We will discuss ways to define the product, differentiate it from the competition, and have a protectable core technology or asset that makes it hard for fast followers to copy your strategy. We will talk about the concept of a product roadmap both via software upgrades to a hardware platform (like iOS upgrades) and via upgrades to the hardware platform itself (like iPhone upgrades).
If everyone write their documents with the intent that they be standardized and converted, conversion to S1000D would be easy. But the reality is that most legacy data lacks the details needed for a full conversion or contains anomalies and irrelevant text. This leads us to the question one must ask: should I convert, rewrite, or manually convert the legacy data? In this presentation, we will attempt to answer this question by reviewing:
o A very quick introduction to S1000D conversions
o What the technical headaches are
o Whether to convert or rewrite
o Planning for a good conversion experience
o What the timeline looks like
o Some tools to help
MongoDB .local Bengaluru 2019: A Complete Methodology to Data Modeling for Mo...MongoDB
Are you new to schema design for MongoDB, or are looking for a more complete or agile process than what you are following currently? In this talk we will guide you through the phases of a flexible methodology that you can apply to projects ranging from small to large with very demanding requirements.
Refactor your code: when, why and how (revisited)Nacho Cougil
Have you always heard about refactor and it always sounded like a foreign language to you? Have you tried to change code several times but found it impossible to make such changes in several projects? Do you feel overwhelmed when working with legacy code?
Let's see the benefits of refactoring your code and see some tips on how to do it safely!
We will start talking about what is legacy code, what we understand about refactoring and why it is so important nowadays when in most cases we work with software that others have written. Later we will share when we should start thinking on refactoring code and next we will see some recommended techniques to work with legacy code, which will even help us to know where to start and how. And finally, we will see in a live coding session some of the most important and useful refactoring techniques we could apply in our day-to-day job
At the end of this session, I hope you may have learned some tips on how to work with legacy code and how to apply certain techniques to make your day to day more enjoyable ;-)
===
* Presentation shared at Jconf Mexico (October 3rd, 2020) - https://convoca.dev/jconf-mexico-2020/talk/FMDT8Z/ and revisited and updated for sharing at JConf Centro América (December 5th, 2020) https://hopin.to/events/jconf-centroamerica-2020
Re-uploading my User Story Splitting workshop; it seems to have gone missing.
This is a slide deck I have used for helping people learn various user story splitting techniques.
Patterns of the Lambda Architecture -- 2015 April - Hadoop Summit, EuropeFlip Kromer
This talk centers on two things: a set of patterns for the architecture of high-scale data systems; and a framework for understanding the tradeoffs we make in designing them.
Behaviour Driven Development (BDD) and Domain Driven Design (DDD) seen a great growth in adoption in recent years. We are all creating new practices and tools that try and bring these two very important modern methodologies together. What if we have it backwards and they were actually together all along? What if most of the misunderstandings and challenges we face in implementing BDD are spawned from the very simple mistake of us separating something that was created as a whole? In this talk we'll delve into BDD as it was meant to be done from the beginning and look at its very rooted connection with the software design.
What is the purpose of BDD and how it fits into the Agile development? If you ever wondered what are the benefits of BDD or why should you care about tools like Behat or PhpSpec, this talk will try to guide you through the reasoning and goals of modern Agile practices and tools in PHP.
Agile is defined by an open development process driven by collaboration. But you know that collaboration is not always an easy process and in a lot of cases you need to come up with creative ways of establishing and supporting it. By that reason Agile community was very busy in the last decade coming up with new and innovative tools to boost collaboration on different aspects of development and planning - Story Mapping, Impact Mapping, Example Mapping, Risk Brainstorming, Three Amigos workshop, Stakeholder Mapping, Event Storming, etc. There’s a lot of tools. But how do all they fit together and when should you use one or another in the wider context of a project delivery?
This is a very practical talk that will attempt to group and present modern Agile tools in the context of project delivery and will provide guidance recommendations for their use.
Konstantin puts it to you that one of the biggest problems in the software industry manifest from the gaps in shared understanding. This leads businesses to make technological choices with limited knowledge of technology impacts, or worse, technology delivery teams to make business choices without business guidance. Inevitably this leads to products being built badly, or the wrong products being built.
Agile, and BDD in particular, try to solve this problem through steady and deliberate discovery. What if you don't have time to be steady? What if you need to start bridging this gap very quickly with a new customer at the beginning of a new project, almost every week? Enter the project discovery - a way to get on the same page with many businesses in an agency-like environment.
This talk will present a collaborative process built on top of Agile and BDD practices aimed to replace requirements gathering and contract negotiation processes with Agile delivery planning.
Greenfield projects are awesome – you can develop highest quality application using best practices on the market. But what if your bread actually is Legacy projects? Does it mean that you need to descend into darkness of QA absence? This talk will show you how to be successful even with the oldest legacy projects out there through the introduction of Agile processes and tools like Behat.
What should you test with your unit tests? Some people will say that unit behaviour is best tested through it's outcomes. But what if communication between units itself is more important than the results of it? This session will introduce you to two different ways of unit-testing and show you a way to assert your object behaviours through their communications.
Prashant technical practices-tdd for xebia eventXebia India
Theme: Agile Technical Practices
Epic: TDD implementation
Stories:
Context of TDD
What is TDD
Response of Developers to TDD implementation
Practices complimenting TDD
Success with TDD
MongoDB SoCal 2020: A Complete Methodology of Data Modeling for MongoDBMongoDB
Are you new to schema design for MongoDB, or are you looking for a more complete or agile process than what you are following currently? In this talk, we will guide you through the phases of a flexible methodology that you can apply to projects ranging from small to large with very demanding requirements.
Disciplined Entrepreneurship: How Do You Design And Build Your Product? How D...Elaine Chen
In this class, we will look at how you define a minimum viable product – and think about a “minimum viable BUSINESS product” that is saleable. We will discuss product safety and regulatory implications for a saleable hardware product and discuss practical ways to gauge purchase intent / pricing elasticity before investing in tooling. We will discuss ways to define the product, differentiate it from the competition, and have a protectable core technology or asset that makes it hard for fast followers to copy your strategy. We will talk about the concept of a product roadmap both via software upgrades to a hardware platform (like iOS upgrades) and via upgrades to the hardware platform itself (like iPhone upgrades).
If everyone write their documents with the intent that they be standardized and converted, conversion to S1000D would be easy. But the reality is that most legacy data lacks the details needed for a full conversion or contains anomalies and irrelevant text. This leads us to the question one must ask: should I convert, rewrite, or manually convert the legacy data? In this presentation, we will attempt to answer this question by reviewing:
o A very quick introduction to S1000D conversions
o What the technical headaches are
o Whether to convert or rewrite
o Planning for a good conversion experience
o What the timeline looks like
o Some tools to help
MongoDB .local Bengaluru 2019: A Complete Methodology to Data Modeling for Mo...MongoDB
Are you new to schema design for MongoDB, or are looking for a more complete or agile process than what you are following currently? In this talk we will guide you through the phases of a flexible methodology that you can apply to projects ranging from small to large with very demanding requirements.
Refactor your code: when, why and how (revisited)Nacho Cougil
Have you always heard about refactor and it always sounded like a foreign language to you? Have you tried to change code several times but found it impossible to make such changes in several projects? Do you feel overwhelmed when working with legacy code?
Let's see the benefits of refactoring your code and see some tips on how to do it safely!
We will start talking about what is legacy code, what we understand about refactoring and why it is so important nowadays when in most cases we work with software that others have written. Later we will share when we should start thinking on refactoring code and next we will see some recommended techniques to work with legacy code, which will even help us to know where to start and how. And finally, we will see in a live coding session some of the most important and useful refactoring techniques we could apply in our day-to-day job
At the end of this session, I hope you may have learned some tips on how to work with legacy code and how to apply certain techniques to make your day to day more enjoyable ;-)
===
* Presentation shared at Jconf Mexico (October 3rd, 2020) - https://convoca.dev/jconf-mexico-2020/talk/FMDT8Z/ and revisited and updated for sharing at JConf Centro América (December 5th, 2020) https://hopin.to/events/jconf-centroamerica-2020
Re-uploading my User Story Splitting workshop; it seems to have gone missing.
This is a slide deck I have used for helping people learn various user story splitting techniques.
Patterns of the Lambda Architecture -- 2015 April - Hadoop Summit, EuropeFlip Kromer
This talk centers on two things: a set of patterns for the architecture of high-scale data systems; and a framework for understanding the tradeoffs we make in designing them.
How using Git together with software development best practices learned from Open Source development projects can increase efficiency and turnover for your activity
Many times we developers have come across the perfect contributed module, with a section of code that just doesn't do it for us. Since the Drupal infrastructure is Open to all, it is simpler to take that awesome-ish module and make the changes we need to make it full on awesome. Then we need to take those changes and apply it back to the module and let the whole world bask in the awesome, but we don't get to commit, to Git. (Rule of threes). Therefore we need to create a patch that allows the maintainer of the module to easily combine your great code with theirs. In this session we'll go over the acceptable ways to clone a projects repository, create a great looking patch and contribute said greatness back to the project. Thus, adding to the great chain of life. Oh, was it mentioned that this will work with Drupal Core as well? It should have been.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
2. BDD Evangelist
BDD Practice Manager @Inviqa
Creator of Behat, Mink, PhpSpec2,
Prophecy
Contributor to Symfony2, Composer
@everzet
3. This talk is about
• Solving purely technical “TCIAM” problem using
behavioural business analysis and discovery process
• Building a delivery strategy on the idea of the
change appreciation
• Real-life experience
4. This talk is not about
• Greenfield projects
• Maintenance-mode projects
• Solutions for everyone
• How to write code
11. If the project can afford at least one full-time
specialist on a payroll that whines how horrible
this project is, then surely it did something right.
15. This world is full of brilliant projects that nobody
wants to whine about. Sadly, it’s often simply
because there’s no one left to pay for that.
16. The truth is:
You deliver value!
Just not as effectively as you could
17. • Great value + Awful code = Great product today
• Great value + Great code = Great product tomorrow
• No value + Any kind of code= Awful product anytime
18. • Great value + Awful code = Great product today
• Great value + Great code = Great product tomorrow
• No value + Any kind of code= Awful product anytime
21. Three popular options
1. Rewrite an entire application using “the right way”
2. Do technical refactoring
3. Do business-oriented rewrite using “BDD pipeline”
29. #2: Technical Refactoring
• Blackbox testing
• New routing
• New templating system
• Migration of model layer (MySQL -> Mongo)
• Whatever else that is easy to replace
40. Questionnaire
1. Where is this project going?
2. Which features are going to change?
3. How are they going to change?
4. How to support that change?
41. “BDD Pipeline”
1. Where is this project going?
2. Which features are going to change?
3. How are they going to change?
4. How to support that change?
• Impact Mapping
• Business Prioritisation
• Example (3 Amigos) Workshop
• BDD layers
42. 1. Where is this
project going?
Impact Mapping
43. – Gojko Adzic
“Impact mapping is a strategic planning technique
that prevents organisations from getting lost
while building products and delivering projects,
by clearly communicating assumptions, helping
teams align their activities with overall business
objectives and make better roadmap decisions.”
44. Four levels of Impact Map
1. Why? are we doing all this (rewrite)? What is the
goal we’re trying to achieve?
2. Who? will be impacted by it?
3. How? can they help us to achieve the goal?
4. What? can we do to support them?
54. 3. How are these features
going to change?
Example (3 Amigos) workshops
55. Three layers of a User-Story
• Business rule(s)
• Communication
• Acceptance criteria
56. Three layers of a User-Story
• Business rule(s) == Acceptance criteria
• Communication
57. Three layers of a User-Story
• Business rule(s) == Acceptance criteria
• Communication == Examples
58. Three layers of a User-Story
• Business rule(s)
• Communication == Examples == Acceptance criteria
59. In order to keep track of stock
As a store owner
I want to add items back to stock when they are returned
Feature: Returned items go back to stock
60. Scenario: Refunded items should be returned to stock
In order to keep track of stock
As a store owner
I want to add items back to stock when they are returned
Feature: Returned items go back to stock
61. Scenario: Replaced items should be returned to stock
Scenario: Refunded items should be returned to stock
In order to keep track of stock
As a store owner
I want to add items back to stock when they are returned
Feature: Returned items go back to stock
62. Scenario: ...
Scenario: Replaced items should be returned to stock
Scenario: Refunded items should be returned to stock
In order to keep track of stock
As a store owner
I want to add items back to stock when they are returned
Feature: Returned items go back to stock
63. Scenario: ...
Scenario: ...
Scenario: ...
Scenario: ...
Scenario: ...
Scenario: Replaced items should be returned to stock
Scenario: Refunded items should be returned to stock
In order to keep track of stock
As a store owner
I want to add items back to stock when they are returned
Feature: Returned items go back to stock
64. Given a customer previously bought a black sweater from me
And I currently have three black sweaters left in stock
When he returns the sweater for a refund
Then I should have four black sweaters in stock
Scenario: Refunded items should be returned to stock
In order to keep track of stock
As a store owner
I want to add items back to stock when they are returned
Feature: Returned items go back to stock
66. Given a customer previously bought a black sweater from me
And I currently have three black sweaters left in stock
When he returns the sweater for a refund
Then I should have four black sweaters in stock
Scenario: Refunded items should be returned to stock
In order to keep track of stock
As a store owner
I want to add items back to stock when they are returned
Feature: Returned items go back to stock
71. Step#2: Discuss old logic
1. What should this thing do
2. What if it suddenly stops doing it?
3. How would you know if it doesn't work?
4. How would you know if it does?
72. Step#3: Prepare for A change
1. Cover old behaviour in an end-to-end fashion
2. Make sure that scenarios/tests are green
3. Refactor code to make the upcoming change easier
4. Make scenarios/tests green
73.
74. Step#4: Make a change
1. Automate new scenarios
2. Make scenarios green by applying BDD loops
81. Step#0: Prepare for any change
1. Prepare the application infrastructure for bridging
a. Share sessions
b. Share data
2. Prepare the server infrastructure for bridging
82. Step#1: Make a change
1. Automate new scenarios
2. Make scenarios green by applying BDD loops