»DevOps« is everywhere and the buzzword machines seem to work overtime, resulting in a lot of misunderstandings and fancy new marketing shenanigans.
But whatʼs really behind the term »DevOps«? What impact does it have on working relationships and company culture, not only for developer and operation teams? And why does reality often lag far behind the demands when it comes to implementation?
This talk/workshop gives a hands-on introduction on how to start monitoring with Prometheus. You will learn how to collect and evaluate metrics from servers and applications in minutes, learn the difference between blackbox and whitebox monitoring, and how to send alerts to different recipients.
Web developers use frameworks, libraries and 3rd-party services like analytics or advertising on a daily basis. But often we donʼt take the time to reflect how all those building blocks are affecting security. How can we take back control of what code really gets executed on our websites?
Itʼs 2015 and Cross Site Scripting (XSS) is still ranking high in OWASPʼs »Top Ten Security Risks«. How does this kind of attack work and what harm it can do to your site? And more important: How can we prevent it?
Security is often the neglected step-child of web-development and has the reputation of being hard and complex. I want to show you why it matters to bake security into your project right from the start, how to act responsibly concerning your usersʼ data and how to develop a good understanding of fundamental security topics.
hapi is a framework for building web applications, services and RESTful APIs in Node.js. Besides being the core building block for Walmartʼs mobile platform, it also powers the new npm website and many others.
Website authentication can become quite peculiar at times, both from a technical and user experience view. Addressing some of the bad practices, I present a few suggestions to improve the situation and make it easier for your users to login with your site.
Even some basic measures can noticeably increase the security of a web site. In this talk Iʼll show you how at least two typical attack scenarios (click jacking and injection of unwanted resources) can be mitigated with little effort and what »Content-Security-Policy« offers in modern browsers.
How to get your Node.js apps up and running? Weʼll discuss the pros and cons of different deployment techniques and how to keep your applicationʼs downtime to a minimum.
Metrics and log files help you to understand how your application behaves in production, but going through lots of them manually can be cumbersome. Instead, centralized logging with Elasticsearch and Logstash can help you with that.