Talks in English

Monitoring with Prometheus

2018-03-15 · Bonner Microservices Meetup, Bonn
2018-03-21 · DevOps Düsseldorf, Düsseldorf

How to keep track of your applications at runtime has been an issue for developers long before this whole »devops« became a thing.

This talk shows with a couple of small live demos what Prometheus is and what makes it so interesting. You will learn how to easily collect and evaluate metrics from servers and applications in minutes, what the difference between blackbox and whitebox monitoring is, and how to send alerts to different recipients.

There’s no party like 3rd party – handle dependencies securely

2016-10-23 · GDG DevFest, Düsseldorf
2017-03-08 · Pott.js, Essen
2017-09-13 · IT-Security Meetup, Kassel

Web developers use frameworks, libraries and 3rd-party services like analytics or advertising on a daily basis. But often we don’t take the time to reflect how all those building blocks are affecting security. How can we take back control of what code really gets executed on our websites?

Don’t cross the sites!

2015-08-22 · FrOSCon 2015, St. Augustin

It’s 2015 and Cross Site Scripting (XSS) attacks are still ranking high in OWASP’s »Top Ten Security Risks«.

So what is this XSS and what harm it can do to your site? And more important: How can we prevent those kind of attacks on our websites? I’ll talk about some of the bad advice (unfortunately being repeated on the web over and over again) and show you better, more sustainable approaches.

Developing a web-security mindset

2015-03-07 · .concat() 2015, Salzburg

Security is often the neglected step-child of web-development. It has the reputation of being hard and complex and in general to be someone else’s problem. Too often it’s addressed after the project launched - or shortly before it’s supposed to go live (after all, you are supposed to write bug-free software, right?).

In my talk I want to show you why it matters to bake security into your project right from the start, how to act responsibly concerning your users’ data and how to develop a good understanding of fundamental security topics.

hapi – Building applications and services in Node.js

2015-02-10 · Cologne.js, Cologne

hapi is a framework for building web applications, services and RESTful APIs in Node.js. Besides being the core building block for Walmart’s mobile platform, it also powers the new npm website and many others.

Login failed. Retry? – Website authentication methods and UX

2014-09-11 · Webworker NRW, Düsseldorf
2014-10-08 · Fronteers Jam Session, Amsterdam
2014-10-29 · #UXCGN12, Cologne

Website authentication can become quite peculiar at times, both from a technical and user experience view. Addressing some of the bad practices, I present a few suggestions to improve the situation and make it easier for your users to login with your site.

Digital self-defense – Mitigate Clickjacking and XSS attacks with HTTP headers

2014-04-27 · JS Unconf 2014, Hamburg

Web security is for the most part an unloved stepchild for most developers, but in this talk I’ll show you how at least two typical attack scenarios - clickjacking and injection of unwanted resources – can be mitigated with little effort and what Content-Security-Policy offers in modern browsers.

(English version of my talk "Digitale Selbstverteidigung", which I held spontaneously at JS Unconf 2014.)

Running Node.js apps in production

2014-04-08 · Cologne.js, Cologne
2014-04-26 · JS Unconf 2014, Hamburg

At JS Unconf 2014 I talked about pros and cons of different deployment techniques for your Node.js application, what makes a good startup script and how to keep downtime to a minimum during deployment.

The second part is about handling errors and exceptions without letting your entire application crash. Metrics and log files help you to understand, how your application behaves in production, but as grepping through tons logfiles can be cumbersome, I’ll show you why Elasticsearch and Logstash might be a good alternative for you.

Talks in German

Digitale Selbstverteidigung – Mehr Sicherheit auf der eigenen Website

2014-01-09 · Webworker NRW, Düsseldorf
2014-02-27 · Webworker Ruhr, Essen

Sicherheit von Webseiten wird von vielen Entwicklern – wenn überhaupt – meistens herumgereicht wie der Schwarze Peter. Bestenfalls soll sich jemand anderes darum kümmern. In diesem Talk zeige ich, wie sich zumindest zwei Angriffsszenarien – Clickjacking und Einschleusen unerwünschten Codes – schon mit einfachen Mitteln etwas entschärfen lassen und welche Möglichkeiten die Content-Security-Policy im Browser bietet.

Einführung in Require.js

2014-01-09 · Webworker NRW, Düsseldorf
2014-02-27 · Webworker Ruhr, Essen

JavaScript-Code in Websites und -applikationen wird immer umfangreicher, mit zunehmender Komplexität ist aber dieser Code deutlich schlechter zu warten: Codepflege in große Dateien ist unübersichtlich und führt schnell zu Fehlern. Ebenso müssen Abhängigkeiten einzelner Teile zueinander beachtet werden.

Require.js bietet die Möglichkeit, Code sauber in kleine Module zu unterteilen und die jeweils benötigten Teilkomponenten in der richtigen Reihenfolge zu laden. So lässt sich der Code auch in möglichst kleinen Einheiten besser testen.

Code-Organisation in JavaScript

2013-01-10 · Webworker NRW, Düsseldorf

Wie kann ich meinen JavaScript-Code sauber kapseln, damit es ungewünschte Überschneidungen mit anderen Scripten oder externen Bibliotheken gibt? Eine kurze Übersicht über Function Expressions, das Module-Pattern, Entkopplung von Komponenten mittels PubSub und wie sich Code modularisieren lässt.