21·11·2015 Software Innovation Talk
Nis partecipa a 2 importanti eventi nell'ambito Software Innovation: AngularConf2015 il 22 ottobre 2015 e CodemotionIT il 20 novembre 2015.
"Angular Js Security: Difendi La Tua Single Page Application" e "Continuous Security : ZAP your security issues now!"
Angular Js Security: Difendi La Tua Single Page Application
Securing an html5 Single Page Application is not the same as protecting a typical JEE/Rails/PHP/.NET webapp. The industry-wide move towards HTML5 and Single Page Applications, motivated by the opportunity for more sophisticated interaction and UX, is again upsetting the balance between Hackers and Developers.
A wave of new-generation front-end technologies, including Angularjs, is attracting Developers with their combination of productivity and innovative UX, but at the same time opens the door to new vulnerabilities and security challenges.
This talk will summarize the main principles of Secure Coding, and will discuss their application to a typical angular HTML5 application with REST backend to prevent major risks (including OWASP Top Ten). A concrete example will demonstrate the use of tools and libraries, from RBAC to JWT, from Spring Security to AngularJS directives for implementing secure HTML5/JS apps.
Continuous Security : ZAP your security issues now!
The "Security Sandwich" approach (up-front design + end-of-project Vulnerability Assessment) ineffectively exposes most vulnerabilities just before Production, when there is no more time/budget for massive refactoring or changes. Recently, Continuous Integration & Delivery achieved their huge positive impact by spreading Testing and Quality through the entire sw lifecycle.
We share our experience in applying this approach to Security, & demonstrate how Open Source tools such as OWASP ZAP, while notcovering all risks, effectively help us to continuously caring and testing for Security issues.
Workshop - Clean Code and Design Principles in Action: develop quality applications, faster
As developers, we often feel that we are always asked for more: more features, more bugfixes, more code to get our application done,
faster. In the workshop you’ll learn first hand how applying Clean Code and Design Principles will help you complete solid & maintainable applications in less time.