DeveloperWeek Europe 2021 DeveloperWeek Europe 2021

DevOps & Security

Tuesday, April 27, 2021

- BST
OPEN TALK: Practical Tips and Tricks for CI/CD Success
Join on Hopin
Zan Markan
Zan Markan
CircleCI, Developer Advocate

A CI/CD pipeline seems straightforward to implement and maintain. Yet it can often quickly become a tedious time sink and a source of universal frustration on many teams. From flaky builds, to long running builds, to flaky long running builds, the sources of frustration are endless. With the goal to ship more and faster as well as to compete in an ever changing industry, we can (and must) do better.

This talk will cover best practices for performance, stability, security, and maintainability of CI/CD pipelines, each supported with practical examples and counterexamples.

- BST
OPEN TALK: Running PostgreSQL Databases in a Cloud Native Environment with Kubernetes
Join on Hopin
Gabriele Bartolini
Gabriele Bartolini
EDB, VP, Cloud Native

This talk is the perfect opportunity for you to see where Cloud Native PostgreSQL, developed by EDB, is currently standing and how it can be integrated in your Kubernetes and OpenShift Container Platform workloads.

Cloud Native PostgreSQL is built on solid concepts and principles such as immutable infrastructure, declarative configuration and application containers, making it also ideal to use in your CI/CD pipelines as part of the applications’ E2E tests.

Join me to discover how our operators adapt to public/private/hybrid environments, how core features such as self-healing, high-availability, scalability and updates work, and – last but not least – what our DevSecOps culture and processes have produced in the area of security.

- BST
OPEN TALK: Playing the Observability Game
Join on Hopin
Christoph Engelbert
Christoph Engelbert
Instana, Senior Developer Advocate

As developers, we can remember the time when Nagios was state-of-the-art technology. We hated looking at all the numbers that seemed disconnected from our reality. The world has changed though, and Observability provides us with a new swiss army-knife in our toolbox. Used correctly it helps to improve reliability, brings additional focus on what matters, the business logic, and offers aid in case of problems or failures. Especially in time-critical situations, a distributed system with many service dependencies can be hard to analyze.
This session you will learn how to use Observability to assist developers instead of distract them.

- BST
OPEN TALK: AppSec Testing Automation for Developers
Join on Hopin
Oliver Moradov
Oliver Moradov
NeuraLegion, VP

Shifting Application Security Left and into the hands of developers has been a topic of discussion, but remains just that, a discussion. Legacy solutions in the market are not built from the ground up to enable this and achieve DevSecOps. In this session we will discuss the key features that your AppSec testing tools need to enable shift left, or shift everywhere, to empower developers to detect, prioritize and remediate security issues EARLY, as part of your agile development and unit testing processes, without slowing down DevOps. The talk will include specific examples from leading organizations that have deployed these solutions, the business impact they have achieved and the steps you can take to achieve the same, across your applications and APIs

Wednesday, April 28, 2021

- BST
OPEN TALK: How to Embed Security into Your Pipeline
Join on Hopin
Dirk Herrmann
Dirk Herrmann
Palo Alto Networks, Manager, Systems Engineering - Prisma Cloud

Cloud Native software development principles have fundamentally changed the way modern IT organizations work. Teams who have operated in silo in the past, are now working more closely with each other, with developer teams owning the entire stack and lifecycle. In these scenarios, automation has become more critical than ever before. This includes building, testing, deploying and operating applications at scale and at a high frequency. Security and compliance needs to be treated the same way and cannot be an after-thought or slow down development or deployment.

In this session we will provide examples of how to embed a variety of security and compliance practices into a fully automated pipeline, from the perspective of development and security teams.

Join us to learn more about how you can secure your entire application lifecycle, starting as early as possible, putting into practice “shift left” without making compromises on security and compliance.

- BST
4 Pillars of Successful Agile Test Automation
Join on Hopin
Mesut Durukal
Mesut Durukal
Rapyuta Robotics, Test Automation Lead

Motivation:
-------------
After executing a project to test a cloud-based microservices platform, we experienced a lot of challenges in both technical and social manners and tried to develop solutions to cope with them. Finally, we have wrapped them up to make a list of golden rules to successfully manage a test project. The purpose of this talk is to give insights about how a test automation project is managed.

Our problems were:
----------------
Technically, if not managed properly, automated testing will lead to extra costs and could even be less effective than manual testing.
From another aspect, at some point, we had too many complaints in our retrospective meetings about the heavy deployment activities and redundant executions. We had lots of flaky tests, execution lists full of not clear test definitions. Everyone was sick and tired of maintenance issues and the team was not happy. We took actions to improve motivation in the team.

Our 4 fundamental solutions are:
--------------
* Being truly agile: Adapt new solutions quickly.
* Manage the progress: Be aware of what is going on by setting KPIs to track & monitor with tools like CloudWatch, Grafana
+ Technical part: Automation principles for the sake of robustness.

* Solutions to reduce flaky tests & analysis effort & costs: Code demos on Java API polling libraries, Selenium usage and others.
* How we solved flaky tests: Adaptations into the code and observing the effect of each application. A few examples are polling mechanisms (safe wait methods) and test design techniques
* For maintenance efforts: We keep test history in the pipelines and develop helper methods to improve quality.
Improve coverage from different aspects to reduce escaped bugs.

* Team spirit!

Results & Conclusion
---------
After application of our proposals, we observed that waste is eliminated by prioritization and removing duplicated or dispensable work. After all, we believe that this submission has interesting content which can make great attention. Instead of theoretical claims, we discuss faced challenges and applied solutions. We analyze effects of solutions with before-after situations, graphs and evidence. Instead of what to do, we go over how to do it.

Takeaways
-----------
Proposed approaches can be applied by any organization by adapting according to the related work to achieve time and cost reduction. After this talk:

* Attendees will know our 4 golden milestones for successful agile testing: Being truly agile, Managing and improving internal processes, building a Good Automation Framework and Improving Efficiency.
* Attendees will be able to realize the importance of test coverage and see how it affects defects coming from production.
* Attendees will be able to realize the effect of test suites on sprint planning and execution effort.
* Attendees will be able to have some insights about increasing efficiency.
* Attendees will be able to utilize automation not only in implementation, but also in Executions, Reporting and other phases.
* Attendees will be able to analyze bugs. Just resolve and close them, or gain some lessons-learnt from them?


Outline
Introduction & project background
----------------------------------------------------------------
Importance of agility: Quality mindset, voice of customer
Demo 1: Collecting KPIs & metrics and monitor them on CloudWatch.
----------------------------------------------------------------
Automation Principles
Demo 2: Code Blocks to reduce test smells on Java, Postman and Selenium.
----------------------------------------------------------------
Efficiency & Team Productivity
Demo 3: A game showing the effects of team work.
----------------------------------------------------------------
Close & Questions

- BST
OPEN TALK: Leveraging Distributed Tracing in Kubernetes & Containerized Environments
Join on Hopin
Chinmay Gaikwad
Chinmay Gaikwad
Epsagon, Technical Evangelist


Microservices running in Kubernetes and containerized environments are complex and hard to monitor and troubleshoot. Join us as we discuss the growth in the adoption of Kubernetes and containers and the challenges that they have presented us all, focusing on why standard metrics and logs by themselves are leaving gaps in your observability strategy.

- BST
Security in CI/CD Pipeline - Myth or Truth
Join on Hopin
Mirza Dautbegovic
Mirza Dautbegovic
Endava, DevOps Engineer

Today we are talking a lot about security, data protection, privacy, but we are forget one pretty important stuff, a secure code. Normally most of IT professionals or security experts expect attack from outside. But what if the real enemy is our code? Many times we see that someone from developers forget to delete credentials from code, or just hard-code passwords, database endpoints, etc. From security perspective its very hard to detect it if app is already deployed.. In this session I would like to present how Endava integrate security into our CI/CD pipelines and how it help us to identify security issues.

- BST
OPEN TALK: Refining Systems Data without Losing Fidelity
Join on Hopin
Liz Fong-Jones
Liz Fong-Jones
Honeycomb, Developer Advocate

It is not feasible to run an observability infrastructure that is the same size as your production infrastructure. Past a certain scale, the cost to collect, process, and save every log entry, every event, and every trace that your systems generate dramatically outweigh the benefits. If your SLO is 99.95%, then you'll be naively collecting 2,000 times as much data about requests that satisfied your SLI as those that burnt error budget. The question is, how to scale back the flood of data without losing the crucial information your engineering team needs to troubleshoot and understand your system's production behaviors?

Statistics can come to our rescue, enabling us to gather accurate, specific, and error-bounded data on our services' top-level performance and inner workings. This talk advocates a three-R approach to data retention: Reducing junk data, statistically Reusing data points as samples, and Recycling data into counters. We can keep the context of the anomalous data flows and cases in our supported services while not allowing the volume of ordinary data to drown it out.

- BST
Your Code, Your Responsibility
Join on Hopin
Martin Knobloch
Martin Knobloch
Micro Focus, Global Application Security Strategist

While the business keeps increasing the pressure and demand of flexibility of the development team, the agile movement was pushed to the limits. CI/CD was born to reduce manual step to reduce human errors and increase speed to go-live! Last not least, with DevOps the teams took application responsibilities, from cradle to grave. Nevertheless, software security is still missing in many full-stack developers resume and application security responsibilities are pushed off to the security department still. Petty, because the exactly agile, CI/CD and DevOps are security enabling practices.
This session is explaining Shift-left, early security enablement in the development Lifecycle. As the application development becomes more developer centric, the developer’s toolset must match the new challenges to have responsibilities matching capabilities. Learn from rugged software to supply chain cleanliness. Learn to avoid the common pitfalls and benefits of modern application development strategies. Hear why security champions programs tend to fail, compliance driven security trainings are a waste of time and money. Take back the best practices, proven solutions and Shift Left beyond the development.

- BST
Use DevOps to Deliver Micoservices with High Quality
Join on Hopin
Moa Gardell
Moa Gardell
Softronic, Lead Developer, Consultant, Engineer

What would you do if you were asked to design a system to analyze transactions in near-real time to find money laundering? That was the challenge I has been working with the last year. I used microservices and after a while I had a fully functional system, but how to deploy it? How to keep control when each service acts independently from the rest of the system? How to deliver a system with high quality, availability, and reliability? The last piece of the puzzle was to add DevOps – and this is when things get interesting.

And during the process I must admit it, I have fallen in love with DevOps and the capabilities it brings. Come listen to a speech about the elegance and possibility’s I have learned.