By Ben Hale
Have you ever developed a web application with a long user action based on form input? Did you curse the Java community for their inability to address this very common application type? Well, attend this session about Spring Web Flow and you'll curse no more.

In this session we'll learn about a new(ish) Spring sub-project, Spring Web Flow. Spring Web Flow is an innovative new framework for declaratively modeling web application user interactions. We'll start with an exploration of some web development issues and then take a look at the value proposition that Web Flow brings to the table. Once everyone is comfortable with that, we'll jump straight to code. We'll start by exploring some of the features that SWF has and then we'll finish with a live coding example where the audience will help write the application.

By Ben Hale
Spring 2.0 introduces the new concept of XML-based configuration namespaces. These namespaces allow you to define domain specific languages for configuring your applications. This session will walk through the business case behind these namespaces as well as note Spring's own use of this system to simplify common configuration tasks. The session will finish with a live coding example of how to implement an XML namespace for your own application. This will include XML Schema definition, parser implementation, and packaging in a jar file for use by consumers.


Through this session you'll learn about how Interface21 is enhancing the development experience for those building Spring based software components. You'll see how Interface21 has heard the calls for a simpler XML based configuration and developed a simple and powerful way to extend the standard
configuration mechanism.

By Brian Sletten
REST sounds like such a simple thing. But, what is it really? How do you convince your boss to let you try it when she has been sold on the equation SOAP = SOA + P(rofit)? How do you go about building, deploying, publishing and orchestrating web services without the (Un)Holy Trinity of SOAP, WSDL and UDDI?

This talk will thoroughly examine this REST phenomenon in terms of its history, its goals, its consequences and where it fits into the Big Picture of SOA. We will also look at exposing existing tools/APIs through RESTful APIs.

If you find yourself interested in talking about REST without people dismissing it as trivial (yeah, but what is it?!?!), unsaleable (yeah, but I am trying to solve problems, not buy tools!) or not SOA (<insert your own joke here -- that one leaves me speechless>), come on by.

By Brian Sletten
Imagine the simplicity of REST married to the power of Unix pipes with the benefits of a loosely-coupled, logically-layered architecture. If that is hard to imagine, it may because the architectures available to you today are convoluted accretions of mismatched technologies, languages, abstractions and data models.

NetKernel is a disruptive technology that changes the game. It has been quietly gaining mind share in the past several years; people who are exposed to it don't want to go back to the tired and blue conventions of J2EE and .NET. Not only does it make building the kinds of systems you are building today easier, it does it more efficiently, with less code and a far more scalable runway to allow you to take advantage of the emerging multi-core, multi-CPU hardware that is coming our way.

Come see how this open source / commercial product can change the way you think about building software.

NetKernel makes the things you are doing now easier, but also makes new types of systems possible.

A wise man once said, "XML is like lye. It is very useful, but humans shouldn't touch it." If you've had to incorporate XML into your project by hand, you have probably been burned by getting too close. NetKernel turns this wisdom on its head and encourages you to use XML like the liquid data stream you want it to be.

But, XML is only part of the story. Resource-oriented computing is a generalized and revolutionary approach to modern, flexible systems. There is less code to write, but it is more fun to do. Orchestration of existing services and data sources is faster, easier and more encompassing than with more conventional technologies.

This talk will help explain what NetKernel is (app server? pipeline tool? embedded SOA?) and, through a comprehensive set of examples, give you a glimpse at a deeper software reality than you might have thought possible.

Disclaimer: There will be no blue pills given to you to make you forget what you have seen. Come with an open mind.

By Brian Sletten
Most people new to Aspect-Oriented Programming (AOP) are fed up with separation of concerns zealots explaining how great their techniques are at dealing with... logging. Ok, you get it. Logging is a cross-cutting concern that can be appropriately modularized. What else does AOP have to offer? A lot, it turns out. This talk will give an introduction to the motivations of AOP as well as a series of concrete examples drawn from enterprise and client side Java. Come learn how AspectJ-flavored AOP can begin to benefit you immediately either in development or production environments. Learn how to enforce architectural policies, find Swing threading issues, reduce the invasiveness of the Observer design pattern or even improve the reusability of your domain models. Now that Spring 2.0 provides support for AspectJ, the time has never been better to learn about these new (but backwards compatible) ways of thinking about building software.

Attendees will learn about
The history and reasons behind AOP
Development-oriented aspects that can be useful, but compiled out of
production code
Production-oriented aspects that can simplify development and ease the
burden of future changes
Basic AspectJ usage and jargon
How to use AspectJ with Spring

Rating: Intermediate
Category: Architecture/Languages, Client Side Java, Server Side Java
Prerequisites: Basic Java. Some level of AOP understanding is helpful, but not required. The pace of the introduction will depend on the average level of exposure the audience has previously had to AOP.

By Brian Sletten
Object-oriented code metrics are a little like Artificial Intelligence: those who did it twenty years ago roll their eyes at the thought and prophesy the same ultimate failure at applicability now. Those who grew up with Java are approaching the topic with new eyes and are finding useful ways of incorporating metrics into their projects. Come hear about tools and ways to measure properties of software, how they might be beneficial and where you are likely to go astray with this approach.


Attendees will learn about
Approaches to measuring software
The attempt to predict failure via software metrics (and the failure to do so)
Analyzing OO designs based on the "Martin Metrics"
Tools that allow developers to use metrics for themselves

Rating: Intermediate
Category: Architecture/Languages, Design, Core Java, .NET
Prerequisites: Basic Java or C# skills

By Brian Sletten
Just about every modern software developer has a copy of the Gang of Four "Design Patterns" book sitting on a shelf; many of them have actually read it. The dark secret of the patterns community is that there is often a large gulf between whiteboard simplicity and real-world complexity. Language choice plays a part in the design (and even importance) of patterns. The situation is made even more confusing by the fact that many of the core patterns have now been "voted off the island" for one reason or another. This talk will give a pragmatic overview of the motivations behind design patterns and will focus on applying a handful of the GOF patterns to example scenarios in Java, Ruby and C#. A quick introduction to the role AOP plays in changing the patterns landscape will also be covered.

Attendees will learn about
The benefits and history of patterns in software
How language choice affects pattern implementations
Applying a handful of GOF patterns in code examples
Why there is no DP4J available

Rating: Intermediate
Category: Architecture/Languages, Core Java, .NET
Prerequisites: Basic Java or C# skills

By Brian Sletten
Just as the world is feeling comfortable with the Web, Tim Berners-Lee et al inform us that what we have seen so far is just the beginning. His original plans at CERN were larger and grander. The Semantic Web is the new vision of machine-processable documents and metadata to improve search, knowledge discovery and data integration and management. While there are many naysayers chiding such grand visions, there are also pragmatic and useful technologies emerging that can be applied today.

Attendees will learn:

The history and motivations behind the Semantic Web
The technology stack that will make it happen (including RDF and OWL)
An overview of tools and technologies that are beginning to satisfy the vision

This talk stands on its own, but feeds into the "Experiencing the Semantic Web" talk which is more hands on.

Rating: Intermediate
Prerequisites: This is all so new, most engineers will find something to excite them.

By Bruce Tate
In this session, we'll review the new features of Spring 2.0. If you've been using Spring 1.x, you'll want to hear about the improvements.

This material comes directly from Interface21. The SpringFramework version 2.0 brings tremendous maturity to one of the most successful Java projects of our time. In this session, you'll see

- Radical improvements in the simplicity of context definitions
- Much better AspectJ integration
- Unified user interface strategies, and the continued emergence of WebFlow.

By Bruce Tate
Agile programming is a collection of core principles and techniques that allow software developers to create lighter, more responsive applications, and to have fun doing it. Many established organizations are either openly or sub-conciously hostile to many of the principles of Agile development.

We'll explore the intersection of these new practices and old-world sensibilities, relying on real-world case studies to illustrate some of the compromises that are necessary to bridge the gap. In addition to technical and process aspects, we'll also spend some time talking about the business aspects, such as how Agile development affects contracts.

By Bruce Tate
The state of the art is progressing rapidly, and dynamic languages are driving the revolution. Find out about these topics that will be central to programming. We'll discuss continuation servers, metaprogramming frameworks and functional langauges.

Seaside provides a much richer web development experience than you can find in Java today. Learn how continuations can radically improve your web development experience, and learn what Java frameworks are doing about it.

The programming world is abuzz over the Rails framework, but how many of the ideas are exclusive to Rails? We'll look at Active Record, and discover the fundamental innovations that let it happen. What improvements might be made by Java persistence frameworks, and where does Active Record come up short?

Concurrent programming will come to a head with the introduction of multiprocessor systems. We'll discover just how broken conventional langauges are. Also, see how functional languages solve this problem.

By Bruce Tate
Most conferences will try to tell you that the secret to good software development lies with a process, or a technology, or an architecture. Here's a dirty little secret. You can build working software with an outdated two tier archtiecture, a waterfall process and COBOL. How? By building a great team. These techniques were used to build one of the most unique and complex up and coming Ruby on Rails sites.

By far, the biggest factor in the success or failure of a software project is the quality of your team. Build a great team first, and great software will follow. In this session, we'll explore ways to build effective teams for modern software development. Whether you're a project manager or a technical lead, you need to know how to build the most effective team possible. In this session, we'll look at all aspects of team building, including

- What team sizes are optimal for software projects?
- What tools can help your team communicate?
- How does development process come into play?
- How do you build better software faster?

By Bruce Tate
You can have rapid web development with Rails without losing access to your critical Java code. With the explosion of the Ruby programming language, more developers will need a strategy for letting Java and Ruby interoperate. This session explores two strategies: JRuby and Rails-based web services.

Both Java and Ruby do certain things well. Ruby tends to build web based user interfaces, complete with AJAX integration, very quickly. Java has thousands of libraries and millions of lines of legacy code. How can you combine the two? We'll explore three approaches.

An ambitious integration framework is also under development. The JRuby project recognizes the value of the best possible integration between Java and Ruby. As of today, 90% of the test cases for the Ruby language are passing for JRuby. How much is possible, and what's missing?

Finally, closures and a fantastic XML API make Ruby a fantastic framework for doing integration work with web services. Often, coarse grained integration is enough.

Come learn how to have your cake and eat it too.

By Burr Sutter
The focus of this session will be to demonstrate innovative open source technologies and give you an insight into the skills, tools and techniques for SOA-enabling your enterprise architecture.

This session will be taught via lecture as well as interesting live demonstrations (e.g. .NET linking to Java-based Rules engine) on various SOA related technologies such as ESB, BPEL and Web Services. This session also includes a number of interesting data points that I have collected from meeting with senior architecture teams from numerous large IT organizations.

By David Bock
Capistrano (formerly Switchtower) is a tool originally written to help automate application deployment for Ruby on Rails. It does this well, but it has grown up into a tool capable of much, much more. It can be used for deploying Java applications, updating server configurations acrtoss an enterprise, administering netwoeks, backing up files, and all sorts of other activities. Any activity you might do from the command line, you can now do simultaneously across large numbers of machines, with all machines succeeding (or rolling back in case of failure) together.

In this talk I discuss the fundamentals of capistrano, use the built-in tasks to deploy a rails application, demonstrate the capability of performing custom tasks across several computers simultaneously (thanks to several virtual machines), and show how applications can be rolled back in case of problems. Capistrano isn't perfect though; we will also discuss best practices, limitations, and lessons learned.

Capistrano requires a POSIX-compatible shell and SSH on the machines it is going to control; as a side-benefit, we will also learn about CYGWIN, an open source tool that provides these capabilities (and lots lots more) to Windows environments.

By David Bock
A well-designed domain model is the best foundation any application can have. Unfortunately, many models grow like weeds in a garden, driven more by the needs of a relational database than the needs of the business model. It doesn't have to be this way - we can build a solid domain model that can survive change and withstand several different mechanisms for persistence.

In this talk we will start with a list of requirements for a small application, and use these to build a domain application that will be free of persistence constraints, adaptable to changes in the business rules, and even predictive of the future needs of the application. While the examples alternate between Java and Ruby, the techniques involved are foundational and applicable to most any object-oriented language.

By David Geary
In April 2005, annual growth rates for jobs in JavaServer Faces, Struts, and Ruby on Rails were all at about 0%. Today, Struts' growth rate still hovers around 0%, but JSF and Rails have taken off. At the end of 2007, both JSF and Rails were growing at a rate of between 400-500% annually (according to indeed.com).

JSF has passed the adoption tipping point, and is now the Java-based framework of choice, as is evidenced by its ecosystem. From vendors such as MyEclipse and RedHat to open source projects such as Seam, Facelets, and Ajax4JSF, JSF is where the action is.

Come see why JSF is so popular. In this code- and demo-intensive session, I'll show you the fundamentals of JSF.

This session is taught by a member of the JSF Expert Group for JSF 1.0 and 2.0., and co-author of the best-selling book on JSF: Core JavaServer Faces. David will take you through a whirlwind introduction to JSF including what JSF is, how it was developed, and how you can best take advantage of the technology. Here is a list of topics:

Components, managed beans, value expressions, and static navigation
i18n, CSS, and actions
The Faces Context and Faces messages
The JSF Event Model
Using JavaScript with JSF

This introduction to JSF also contains 5 live-code demos, where David will develop a simple, but robust application during the course of the session.

Prerequisite: Some knowledge of Java-based web applications, such as Struts, is a plus, but is not required. If you have a significant experience with JSF, you probably already know most of what's covered in this session.

By David Geary
In 2005, JSF hit its stride, as evidenced from overwhelming support from both vendors and the open-source community. JSF 1.0 had plenty of holes, but open-source projects have arisen to address those needs. This session takes a look at three of those projects: Tomahawk (MyFaces component library) FaceletsSeam

MyFaces is an open-source implementation of the JSF spec. In addition, MyFaces developers got a little carried away and also developed a useful set of custom components that you can use in your own applications, regardless of whether you use MyFaces as your JSF implementation. Those components are now packaged separately from MyFaces under the name Tomahawk.

Facelets is an open-source project from java.net that lets you implement views with Tapestry-like HTML pages. That technique is a powerful feature that lets graphic designers and software developers work separately in parallel.

Seam is a framework from JBoss that provides a component model that unifies the EJB and JSF component models. Seam makes great use of annotations to meld EJBs and JSF components in a seamless fashion (thus the name).

Lots is happening in the JSF space. Come to this talk and learn about these three exciting open-source projects.

By David Geary
JavaServer Faces is a well designed user interface framework, but it lacks a number of features you might otherwise expect out of the box; for example, JSF does not explicitly provide support for client-side validation.

So, from the folks that brought you Struts, comes Shale, a collection of useful enhancements to JSF. A top-level Apache Software Foundation project, Shale adds some really cool features to vanilla JSF, including:

Web flow: script dialog flow
Remote Method Calls: easily call JavaBean methods from JavaScript
Tapestry-like views: code views in pure HTML
Use Apache Commons Validator validators on the client or server, or both
JSF testing framework: mocks for easy JSF testing

There's a lot of cool stuff in Shale that makes JSF a much more compelling proposition. Come see what it's all about.

This is a code-intensive, fast-paced look at Apache Shale. Forty-plus slides and five demos makes for an action packed session that illustrates the cool features that Shale provides.

By David Geary
JavaServer Faces is a perfect platform for implementing Web 2.0 interfaces with Ajax. This session explores how you can use these two potent technologies--JSF and Ajax--together to create applications that look and behave like desktop applications but run in the browser.

JavaServer Faces, with a mature component model and flexible lifecyle, is a perfect platform for implementing Web 2.0 user interfaces with Ajax. This session explores using JSF and Ajax to create applications that act like desktop applications but run in a browser.

We'll start with a quick look at implementing basic Ajax in a JSF application. Then, once your bloodthirst has been slaked, we'll dive deeper into Ajaxian Faces dynamics with a form completion demo that requires its implementor to understand two simple, but vital facts about JSF.

If you're savvy, you probably use client-side validation to augment your server side validation logic, which parenthetically, is no no-brainer in either of the leading web application frameworks, JSF or Rails. But anyway, client-side validation is old school. All the cool developers nowadays use Ajax to implement realtime validation, where you sneak a trip to the server as an unwary user types into your input fields. But to accomplish that, we'll have to dive even deeper into JSF, with concerns such as accessing view state and accounting for client-side state saving.

All of this Ajax development is great fun, but most of it is best relegated to components and frameworks, which are the topics that will wrap up our session. We'll see how to keep your JavaScript separate from your JSF components and how to pass JSP tag attributes all the way through to JavaScript. Finally, we'll take a look at Ajax4jsf, a JSF component library with a tag library that blends Ajax into JSF in a natural, intuitive way without having to write JavaScript.

As web developers, we've been handcuffed long enough by the shackles of Web 1.0 development. Come to this session and see the brave new world of Web 2.0 development with one of the hottest web application frameworks.

By David Geary
Developing highly interactive web applications, for the most part requires knowledge of a wide array of technologies: HTML, CSS, JavaScript, XMLHttpRequest, JSP, JSF, etc.

With the Google Web Toolkit (GWT), Google turns that notion of development on its head. Instead, you implement Ajax applications by writing almost entirely in Java. You use an AWT-like API, which the Google compiler compiles to JavaScript that runs on the client.

In the early days of Java, application development with the AWT was relatively simple. You had to have a decent understanding of Java and AWT fundamentals, but once equipped with such knowledge, you could dive in and develop some impressive applications.

Ten years later, we have, in so many respects, gone significantly backwards. We've shoehorned technologies such as HTML into shoes for which they were never intended, and for our efforts, we have a mismatch of disparate technologies that one needs to knit together for a truly interactive web application.

This is the first session of a two-part presentation on the GWT, where I'll concentrate on GWT basics: implementing Ajax-enabled applications in Java, internationalization, testing, and remote procedure calls.

By David Hussman
The participants of this session will become agile customers and product owners, using personas to create stories for a sample product development.

The questions around user stories are many, and the list grows larger as their popularity of increases. Many organizations are on their path to adopting stories as requirements vehicles, possibly struggling with story writing as well as finding a way to fit them into their organization. Along with writing stories, this session will cover connecting with product owners and a short review of several tools for tracking and managing user stories.

By David Hussman
This session will focus on tools and techniques for tracking an agile project plan from creation to project completion.

As agile grows, so too do the questions for how to track and communicate progress within the project community as well as to upper management and others interested in progress. We will create a simple plan in a planning tool, and run a mock project, showing how to estimate and use agile planning to communicating progress, addressing missed estimates, scope modifications, and more.

By David Hussman
As with many methodologies, moving agile into an organizations poses larger challenges. Before jumping in, it helps to ask a few questions before "racing toward agility". This session will provide 3 tactical steps that can help your adoption of agile.

There are many factors outside the developer world that can crash all the benefits of agile without regard to its success. This session will provide ways to select agile practices, create a transition plan for adopting agile, and bring people together before trying to adopt new techiniques that are part of agile development. Various tools and techniques will be discussed, and at least part of the session will include Q/A for the presenter to field specific questions about your organization.

By David Hussman
The presentation will briefly discuss stories, the origin and authoring of story tests, and a demonstration of how FIT and FitNesse (FIT living within a Wiki) can be used to automate acceptance tests.

Agile communities consider stories “done” when the acceptance tests (also called story tests) are shown to the customer. Originally, this was a manual process, but in recent years, several frameworks have been created to automate this process, providing acceptance testing all the benefits of automated unit testing. One of the most popular of these if called FIT, created by Ward Cunningham.

By David Hussman
Adopting agile is different for each company, but most companies will go through some amount of change during the adoption of agile.

This session will discuss some of the most common difficulties for adopting agile and provide various plans of attack. The session will start with a listing of issues for the session participants, and some portion of the session will be dedicated to an open forum where the presenter will address the issues collected.

By Neal Ford
This session delivers 10 techniques for improving your code, whether you are freshly graduated or a grizzled veteran.

Even the most competent programmer falls into habits and coding ruts. This session delivers 10 techniques for improving your code, whether you are freshly graduated or a grizzled veteran. It is derived from many sources, including other languages (Smalltalk, Lisp, Java, and others), and techniques and idioms we have developed teaching developers. It also consolidates information from books that delve into the craft of writing good software. The goal is to create code that is easier to read, maintain, debug, and enhance.

Key Session Points:

1. Names of Things


2. Composed Method


3. Apply the Unix Philosophies


4. Syntactic Stuff




• Constants


• Enumerations


• Common Methods: equals() && hashcode()




5. Orthogonality


6. Compactness


7. The Pragmatic Rules


8. Template Method


9. Bad Inheritance


10. Decoupling with Interfaces

By Neal Ford
This session shows you how to become a more productive programmer every day by using tools that you didn't know you already had.

<grizzled-programmer>
Why, in my day, we didn't have any fancy Gooey tools -- we did everything from the command line and we liked it. And, we got a lot more done than all you point-and-click monkeys
<grizzled-programmer>
Have you ever noticed that some old-school developers can run rings around you at the keyboard? Have you ever seen a 2 week problem become a 2 hour solution because someone knew a better way to solve it? This session is about all the command line and other tools that are extremely powerful yet widely neglected in today's graphical environments. This session shows you how to take advantage of those tools whether you run Windows, *Nix, or Mac. It focuses on specific recipes to make your job easier. I'll show you how to get around your computer in a hurry (no more clicking around in trees), how to find anything fast, how to manage projects and artifacts from the command line, how to automate the repetative tasks you find yourself doing every single day, how to stop repeating yourself, and how to stop repeating yourself. This session is guaranteed to improve your developer productivity by an order of magnitude.



Key Session Points

• Creating a common environment
  
• The Unix philosophy (without Granola or sandals)
  
• Automating common programming tasks
  
• Getting around in a hurry
  
• Searching techniques
  
• Text techniques
  
• Project management from the command line
  
• Stop repeating yourself
  
• Tying it together

By Neal Ford
This session introduces Ruby, aimed specifically at Java developers.

Why would any self-respecting Java developer care about Ruby? And why does everyone keep talking about it? This session answers these questions and more. Ruby is a very expressive, powerful general purpose language that keeps gathering raves from industry luminaries. This session introduces Ruby, aimed specifically at Java developers. It covers Ruby syntax and philosophy, showing lots of code along the way. See how a 200 line Java application equates to 20 lines of Ruby code. In addition to syntax, this session shows networking, file I/O, web services, threading, and a host of other topics. The goal of this session isn't to get you to switch from Java. It makes you think about expanding your toolbox and adding Ruby for things that don't need a full-blown Java application. Along the way, the Ruby philosophy will make you Java coding better too.

Key Session Points

• The Ruby Philosophy


• Ruby syntax


• Classes and objects in Ruby


• Closures


• Mixins


• Networking


• Threading


• Test-first coding in Ruby


• Ruby as a scripting language


• Ruby as a web language

By Neal Ford
This session describes the use and workings of Selenium, the open source web user interface testing tool.

Selenium is one of the most powerful functional testing frameworks to come from the open source world in a long time. This session covers all aspects of Selenium, starting from its origins as an internal user-acceptance testing tool through testing Ajax applications. This session covers Selenium functionality, syntax of the test scripts (both HTML and the scripting language), keywords, testing techniques, recording tests, creating extensions, and testing Ajax applications. Selenium is the premiere testing tool for Ajax, so I show several examples of the power of Selenium combined with Ajax.

Key Session Points

• Selenium origins and background


• Installation


• Building tests


• API overview


• The Selenium IDE


• Testing Ajax Applications


• Future directions

By Neal Ford
This session delves into details about building web applications with Tapestry, covering configuration, templates, and separation of concerns.

Tapestry is the most radical web framework available, and arguably the most powerful. This session delves into the details of how to use Tapestry. It covers configuration, templates, separation of concerns, components, dendency injection, testing, and other topics. This talk is
designed to jump-start experienced web developers with enough information about Tapestry to start building applications with it right away.

Key Session Points

• Understanding Tapestry's structure
  
• Building a simple Tapestry application
  
• Templates
  
• Components
  
• The Tapestry engine
  
• Dependency injection and HiveMind
  
• Testing
  

By Neal Ford
This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques.

Building secure web applications is difficult. Common trivial mistakes in other programming environments break web applications. This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques. The material in this session is derived from the Open Web Application Security Project (OWASP) and other sources. It covers the OWASP top 10 list of vulnerabilities (including examples). It also demonstrates some (legal!) hacker tools that malicious developers use against you. This session includes case studies showing complete attacks, from vulnerability acquisition to compromise. It also covers open-source tools (such as Stinger) that automate some of the security jobs for developers. This session is designed to scare you – but in a good way!



Key Session Points:

* OWASP List of Vulnerabilities

10. Insecure configuration management
9. Denial of service
8. Insecure storage
7. Improper error handling
6. Injection flaws
5. Buffer overflows
4. Cross site scripting flaws
3. Broken authentication and session management
2. Broken access control
1. Unvalidated input

* Security Tools and frameworks
* Case Study: Hacking Oracle through a browser
* Case Study: Cross-site scripting
* Case Study: SQL Injection

By Neal Ford
This session begins a detailed discussion about how to actually get XP done in the real world (and what to tell your boss). This session includes artifacts (project tracking sheets, code coverage reports, etc.) from real XP projects.

Extreme programming sounds a little too “ESPN2” for most managers, but there is a lot of sound engineering behind its principles. My employer, ThoughtWorks, has been extremely successful using the full XP stack and we have developed lots of experience with it. This session talks about how to do XP in the real world. XP is all about feedback loops, so I discuss how to replace the radical sounding ones with more palatable ones. I talk about the parts of XP that are absolutely vital (unit testing, collective ownership, continuous integration, etc) and the ones that you can introduce a little more slowly (pair programming, only a 40 hour work week). This session focuses on the practicality of XP and how you can adopt it at your organization. I also talk about political battles with managers, other departments, and barriers that pop up anytime you try to introduce change in a large enterprise. Discussion is encouraged (required) in this session.

Key Session Points:
XP and Feedback Loops
A pragmatic look at the XP practices
    The planning game
    Small releases
    Metaphor
    Simple design
    Testing
    Refactoring
    Pair programming
    Collective ownership
    Continuous integration
    40-hour week
    On-site customer
    Coding standards
Sample Project Tracking Sheets
Code Coverage
Overcoming objections
What to say to your boss and his boss
XP in the real world

By Neal Ford
Continues the discussion from Part 1, focusing on how to keep the benefits of XP without sacrficing it's effectiveness. This session shows real artifacts of XP in action.

Extreme programming sounds a little too “ESPN2” for most managers, but there is a lot of sound engineering behind its principles. My employer, ThoughtWorks, has been extremely successful using the full XP stack and we have developed lots of experience with it. This session talks about how to actually get XP done in the real world. XP is all about feedback loops, so I discuss how to replace the radical sounding ones with more palatable ones. I talk about the parts of XP that are absolutely vital (unit testing, collective ownership, continuous integration, etc) and the ones that you can introduce a little more slowly (pair programming, only a 40 hour work week). This session focuses on the practicality of XP and how you can adopt it at your organization. I also talk about political battles with managers, other departments, and barriers that pop up anytime you try to introduce change in a large enterprise. Discussion is encouraged (required) in this session.

Key Session Points:
XP and Feedback Loops
Continuing the pragmatic look at the XP practices
Tools to support agility
Overcoming objections
What to say to your boss and his boss
XP in the real world

By Paul Duvall
The key to improving the reliability of your software is to run tests whenever a change occurs. Continuous Testing leverages the practice of continuous integration (CI) to ensure highly reliable code.

You'll learn about various testing frameworks such as JUnit, Selenium, and DBUnit that can be incorporated into your CI system so that the tests are run continually (or periodically). Numerous examples will demonstrate the use of these tools so that you can immediately add continuous testing to your development infrastructure.

By Paul Duvall
Increase feedback on your project by building your software with every change applied to your source code repository. The practice of Continuous Integration (CI) can be used to decrease the time between when a defect is introduced and when it is fixed.

You will learn how to get the CruiseControl CI server and a source code management repository to work together in a CI system. From a working reference implementation in Java, you will learn the attributes that make up an effective development platform for CI. Learn how to use the CI system as the centerpiece to your software development activities to create automated code reviews, generate diagrams and documentation, and detect anomalies on a continual basis. Paul will use CruiseControl, Subversion, Ant, JUnit, and other tools that can help you implement a powerful CI system.

By Paul Duvall
Performing daily or continuous builds is essential for ensuring working software. Yet, most consider only the source, not the database, as a part of these builds. What’s good for the source code is also good for your database.

You’ll learn how to leverage your CI system to rebuild your database, along with the associated test data when changes occur. Examples will use the CruiseControl CI tool, Ant build tool and the MySQL database. You’ll see demonstrations for dropping and recreating a database along with its associated tables, inserting and modifying the test data.

By Rebecca Parsons
There are many well known tools and approaches in the Java and C# world for unit testing and Test Driven Development or Behaviour Driven Development. Extending these concepts in the EAI world is more of a challenge.

This talk briefly introduces both Test Driven and Behaviour Driven Development. We will spend most of the time talking about how to go about testing in an EAI world. Examples will be drawn from an actual project using Tibco Designer.