(1) Security testing should be integrated into continuous delivery pipelines to test applications as part of each build. (2) Pre-processing and grouping scan results reduces noise and false positives, saving developer time on analysis. (3) Leveraging existing automated tests within security scanners finds more accurate vulnerabilities than traditional scans alone.
Tempest provides scenario tests that test integration between multiple OpenStack services by executing sequences of operations. Current scenario tests cover operations like boot instances, attach volumes, manage snapshots and check network connectivity. Running scenario tests helps operators validate their cloud and developers check for regressions. While useful, scenario tests have issues like needing more test coverage, complex configuration, and difficulty analyzing failures. The future includes making scenario tests easier to use without command line skills and more flexible in specifying test environments.
This document provides an overview of OpenStack APIs and the WSGI (Web Server Gateway Interface) that powers them. It begins with an introduction to WSGI and how OpenStack services are implemented as WSGI applications. It then demonstrates how the OpenStack APIs can be accessed via libraries like novaclient or directly with HTTP requests. Code examples are provided showing how to authenticate against Keystone and retrieve images using urllib2. The document concludes with explanations of how WSGI, WebOb, and Paste are used to implement the OpenStack "web stack".
This document summarizes a talk about microservices architecture using Golang. It discusses some key advantages of Golang for building microservices like static compilation, concurrency support through goroutines, and built-in HTTP and JSON packages. It also covers Docker for containerization, and tools like Docker Machine, Swarm and Compose for orchestration. Prometheus is presented as an open-source monitoring solution for microservices running in Docker containers.
How to transfer you public cloud infrastructure into code, and then add testing, integrate with Jenkins to build up release pipeline
This document discusses using document databases like CouchDB with TYPO3 Flow. It provides an overview of persistence basics in Flow and Doctrine ORM. It then covers using CouchDB as a document database, including its REST API, basics, and the TYPO3.CouchDB package. It notes limitations and introduces alternatives like Radmiraal.CouchDB that support multiple backends. Finally, it discusses future support for multiple persistence backends in Flow.
Tempest is an Openstack test suite which runs against all the OpenStack service endpoints. It makes sure that all the OpenStack components work together properly and that no APIs are changed. Tempest is a "gate" for all commits to OpenStack repositories and will prevent merges if tests fail.
Running a Spring Boot application but still want to benefit from Quarkus and its supersonic, subatomic Java capabilities? Me too! With a “hello world” everything looks simple, but what about a real app? Will it be easy? Or fun? In this session we’ll show our experience migrating a Spring Boot app to Quarkus. Technologies involved in the app include Hibernate, Prometheus, REST endpoints, and more. Be prepared to listen to a journey of reality, failure, and wins in the Quarkus universe.
This document discusses programming at the edge using Fastly's edge cloud platform. It provides an overview of Fastly's fiddle tool which allows users to test edge configurations by writing VCL code without affecting production configurations. The document outlines several exercises that can be completed in the fiddle tool, including adding GeoIP headers, logging to third party services, redirects, routing and A/B testing, and edge caching techniques like shielding. It encourages exploration of more advanced solutions and provides resources for learning more about programming at the edge with Fastly.
Dropwizard is a Java framework for developing ops-friendly, high-performance, painless RESTful web services. I've presented this simple & light-weight framework (with an example project) on 10th of June. Agenda: Presentation (20 minutes): - Definition & History (What is Dropwizard, versions, first commit etc.) - Libraries (Built-in libraries, what we use these for etc.) - User Manual (Project configuration, documentation, getting started etc.) - Performance (Comparison with other frameworks) - Versus (Dropwizard vs Springboot on technical terms) I've prepared a sample Brown Bag Seminars (BBS) application to demonstrate features of Dropwizard (with MongoDB integration). Sample Project & Code Review (40 minutes): - Project configuration - Resource - Representations - Views - Health checks - Metrics - Tests
This document provides information about automating scans with the OWASP Zap security tool, including: - An introduction to the baseline scan, which runs quickly and can be easily integrated into continuous integration pipelines. - Options for more thorough scanning using the Zap command line interface, Jenkins plugin, or driving the Zap API directly from scripts. - Tips for customizing Zap scans, such as configuring authentication, tuning speed and accuracy, and getting help with the documentation and user community. - A demonstration of exploring targets using the Zap API, running passive and active scans, and generating reports programmatically.
This document discusses deploying Plack web applications. It begins with an overview of the PSGI specification and how it allows various web frameworks like Catalyst and Dancer to run on different web servers through a common interface. It then discusses various options for the server environment including standalone HTTP servers like Starman and FastCGI servers. Finally, it covers useful Plack middleware for application environments, including modules for rate limiting, caching, authentication, and more.
If knowing is half the battle, having the most information available is the best way to win. Using real-time log streaming and a knowledge of the data passing through the system, metrics can provide more depth and breadth in to the goings on requests as they pass through various parts of the stack. This session will cover the difference between logging and metrics, writing JSON and Influx Line Protocol in VCL, and building out dashboards to give deeper insights (and more importantly, alerting) on requests and responses at the edge.
Logstash is a tool for managing logs that allows for input, filter, and output plugins to collect, parse, and deliver logs and log data. It works by treating logs as events that are passed through the input, filter, and output phases, with popular plugins including file, redis, grok, elasticsearch and more. The document also provides guidance on using Logstash in a clustered configuration with an agent and server model to optimize log collection, processing, and storage.
Talk from Sydney JVM Community Meetup S04E01 : Microservice Frameworks http://www.meetup.com/Sydney-JVM-Community/
Andrew Betts Web Developer, The Financial Times at Fastly Altitude 2016 Running custom code at the Edge using a standard language is one of the biggest advantages of working with Fastly’s CDN. Andrew gives you a tour of all the problems the Financial Times and Nikkei solve in VCL and how their solutions work.
Planet9energy.com is a new electricity company building a sophisticated analytics and energy trading platform for the UK market. Since the earliest draft of the platform, we took the unconventional decision to go serverless and build the product on top of AWS Lambda and the Serverless framework using Node.js. In this talk, I want to discuss why we took this radical decision, what are the pros and cons of this approach and what are the main issues we faced as a tech team in our design and development experience. We will discuss how normal things like testing and deployment need to be re-thought to work on a serverless fashion but also the benefits of (almost) infinite self-scalability and the peace of mind of not having to manage hundreds of servers. Finally, we will underline how Node.js seems to fit naturally in this scenario and how it makes developing serverless applications extremely convenient. Technologies: Backend Frontend Application architecture Javascript cloud computing
A talk outlining the use of Vagrant, Puppet and Webmin, practical tools for programmers, administrators and DevOps.
How quality engineering, in terms of continuous testing can come to rescue to organizations that face challenges in a DevOps environment? Read the full presentation to know more