Is Service Oriented Architecture the next wave of distributed computing or just the same old crap in a shiny new package? This session provides an overview of what most people agree is the definition of SOA. I talk about SOA, ESB, CORBA, your MOM, and a bunch of other acronyms.

This session is a pragmatic look at SOA from a developer perspective, including such (never talked about) topics like tranports, granularity, versioning services, transformations, and whether you should be doing this or not. I show lots of slides with diagrams and talk about how to evolve towards an SOA. SOA can work if you ignore the hype and focus on the real meat: building loosely coupled message-based applications. This session discusses just that.

This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques.

Building secure web applications is difficult. Common trivial mistakes in other programming environments break web applications. This session highlights common mistakes made by web programmers, stating the problems and avoidance techniques. The material in this session is derived from the Open Web Application Security Project (OWASP) and other sources. It covers the OWASP top 10 list of vulnerabilities (including examples). It also demonstrates some (legal!) hacker tools that malicious developers use against you. This session includes case studies showing complete attacks, from vulnerability acquisition to compromise. It also covers open-source tools (such as Stinger) that automate some of the security jobs for developers. This session is designed to scare you – but in a good way!

Key Session Points:
* OWASP List of Vulnerabilities

1. Insecure configuration management
2. Denial of service
3. Insecure storage
4. Improper error handling
5. Injection flaws
6. Buffer overflows
7. Cross site scripting flaws
8. Broken authentication and session management
9. Broken access control

10. Unvalidated input

    • Security Tools and frameworks
    • Case Study: Hacking Oracle through a browser
    • Case Study: Cross-site scripting
    • Case Study: SQL Injection

This session delivers 10 techniques for improving your code, whether you are freshly graduated or a grizzled veteran.

Even the most competent programmer falls into habits and coding ruts. This session delivers 10 techniques for improving your code, whether you are freshly graduated or a grizzled veteran. It is derived from many sources, including other languages (Smalltalk, Lisp, Java, and others), and techniques and idioms we have developed teaching developers. It also consolidates information from books that delve into the craft of writing good software. The goal is to create code that is easier to read, maintain, debug, and enhance.
Key Session Points:

1. Names of Things
2. Composed Method
3. Apply the Unix Philosophies
4. Syntactic Stuff
• Constants
• Enumerations
• Common Methods: equals() && hashcode()
5. Orthogonality
6. Compactness
7. The Pragmatic Rules
8. Template Method
9. Bad Inheritance
10. Decoupling with Interfaces

This session discusses techniques and tools for debugging enterprise applications (without using System.out.println()!)

It's an interesting dilemma – we have the best tools for software development ever, yet developers are still debugging enterprise applications using ystem.out.println()! This session discusses techniques and tools for debugging enterprise applications. It shows how to perform remote debugging through all the major IDEs, either on the same machine or across a network. It also shows how to debug using the command-line jdb debugger (the only one guaranteed to always be available).This session shows how to debug web, EJB, and lightweight enterprise applications. It discusses class loaders, interactive enterprise debugging with Groovy, and how to automate repetitive tasks using JWebUnit and Selenium, making the computer do work for you instead of vice versa (how many times do you have to walk multiple pages through a web application to get to the point where you can debug it?). This session shows you how to automate these and other common debugging tasks. The goal is to make hunting and eliminating bugs in complex applications much easier.

Key Session Points: • Setting up remote debugging in IDE's    o Eclipse    o IntelliJ • Effective remote debugging • When it's all you've got: jdb and enterprise applications • Forensic debugging using loggers • Debugging web applications    o Inspector    o Bookmarklets • Debugging EJB • Debugging in lightweight frameworks • Interactive Debugging with Groovy • Automating debugging tasks    o JWebUnit    o Selenium

Regular expressions should be an integral part of every developer?s toolbox, but most don?t realize what an important topic it is. Regular expressions have existed for decades, but many developers don't understand how to take full advantage of this powerful mechanism, either through command line tools and editors or in their development.

This session shows how to fully exploit regular expressions. It begins with the basic premise of how regular expressions work, then shows how to take advantage of the RegEx library built into the Java platform. This session shows how to use wildcards, escape characters, meta-tags, character class operators, look-aheads/look-behinds, and how to use the greedy operators effectively. It covers regular expressions from the beginning through to advanced usage, both in Java and in tools that support regular expressions. This session is packed with real examples of regular expressions (including a game show with no fabulous prizes).

Key Session Points:

This session shows how to use Java as the building block for domain-specific languages. It discusses the next revolution in programming: language-oriented programming and the nascent tools that support it.

If you look at the way advanced programmers in highly dynamic languages (like Lisp, Smalltalk, Ruby, etc.) work, they tend to build domain specific languages on top of their low-level language. The language syntax itself becomes building blocks for languages that are highly specific to their problem domain. It’s not as easy to apply this technique to a static language (like Java), but it is possible. This session shows how to use Java as the building block for domain-specific languages. It discusses internal and external DSLs, with pros and cons for each. This session progresses from creating an internal DSL using Java syntactic elements as keywords through using compiler-building tools to create your own external DSL arriving ultimately at the new tools that allow you to build, edit, and deploy external DSL (language workbenches). This session covers the theory and practice of building DSL's and why this is an important step in the evolution of programming paradigm.

Key Session Points: 1. Why Dynamic languages? 2. Building domain languages 3. Language-oriented Programming    a. Internal DSLs    b. External DSLs 4. Internal DSL    a. Characteristics    b. Advantages    c. Disadvantages 5. External DSL    a. Characteristics    b. Advantages    c. Disadvantages 6. Case Study: Building your own language    a. Building the parser    b. Building the lexer    c. Abstract Syntax Trees 7. Parsing other languages    a. Parsing Java    b. Parsing HTML, JavaScript, and others 8. Language Workbenches

This session talks about how to actually get XP done in the real world (and what to tell your boss).

Extreme programming sounds a little too ?ESPN2? for most managers, but there is a lot of sound engineering behind its principles. My employer, ThoughtWorks, has been extremely successful using the full XP stack and we have developed lots of experience with it. This session talks about how to do XP in the real world. XP is all about feedback loops, so I discuss how to replace the radical sounding ones with more palatable ones. I talk about the parts of XP that are absolutely vital (unit testing, collective ownership, continuous integration, etc) and the ones that you can introduce a little more slowly (pair programming, only a 40 hour work week). This session focuses on the practicality of XP and how you can adopt it at your organization. I also talk about political battles with managers, other departments, and barriers that pop up anytime you try to introduce change in a large enterprise. Discussion is encouraged (required) in this session.

Key Session Points: XP and Feedback Loops A pragmatic look at the XP practices     The planning game     Small releases     Metaphor     Simple design     Testing     Refactoring     Pair programming     Collective ownership     Continuous integration     40-hour week     On-site customer     Coding standards XP in the real world