• DevSecOps: Continuously Hacking Your App + Mutation Testing Patterns

    Submit your own future talk at http://submit.cdxpisrael.com Schedule: ------------------------------ 18:00 Getting together (Pizza!) 18:30: DevSecOps: Continuously Hacking Your App (Omer Levi Hevroni) 19:30: Break 19:45: Community Announcements & Hiring Callouts 19:50: Mutation Testing Patterns (Anna David & Yaniv Nahoum) 20:40: End of the evening Details: --------- 18:30: DevSecOps: Continuously Hacking Your App (Omer Levi Hevroni) There are so many sophisticated ways to exploit web applications, that it’s almost impossible for a developer to write completely secure code. But we can’t accept this situation. We can’t expose our users (and our user's data) to hackers. So what can we do? We can switch from defense to offense. We can take hacking tools, used by malicious hackers, and use them to test our web application for security issues. In this talk, we will take a vulnerable web application, and try to find as many vulnerabilities as we can - using only automated tools. I’ll discuss the vulnerabilities we find, explain why we should care - and how we can remediate it securely. All the tools I’ll use are tools you can start using today - to scan your applications and make sure you deploy more secure applications. About Omer: Omer is a DevSecOps Engineer @Soluto by Asurion. He is also an open source maintainer & a father! 19:50: Mutation Testing Patterns (Anna David & Yaniv Nahoum) ----------------------------------------- Code tends to contain bugs, that's one of the reasons we write tests. But how do we test the tests? In most applications, the metric used to measure the test suites is test coverage. While coverage does give us some information regarding the areas in our code in which we are more exposed, it says nothing about the quality of the tests in the areas that they cover. That’s where mutation testing comes in. Finally, we can get real insight into the quality of our tests! About Anna: Anna David is a software development manager and automation solution expert at AT&T Israel. She works closely with development teams, helping them deliver faster and with higher quality by putting a strong emphasis on software development life cycle productivity and engineering practices. About Yaniv: Yaniv Nahoum is a software developer and technical coach at AT&T Israel. He works closely with development teams, helping them deliver faster and with higher quality by putting a strong emphasis on developer productivity and engineering practices.

    6
  • Democratizing CI/CD, Empowering Devs + Co-Ops: Avoiding Waterfall Pipelines

    Submit a talk at http://submit.cdisrael.com Schedule: ------------------------------ 18:00 Getting together (Pizza!) 18:30: Joseph Goldstein: Democratizing CI/CD & Empowering developers with Jenkins Pipelines 19:15: Break 19:30: Community Announcements & Hiring Callouts 19:35: Roy Osherove: Co-Ops: Moving from Waterfall Pipelines to Cooperative Pipelines 20:20: End of the evening Details: --------- 1) Josef Goldstein (Proofpoint) Democratizing CI/CD & Empowering developers with Jenkins Pipelines -------------------- Building and maintaining a robust CI/CD solution for modern day SaaS applications can become an ever increasing challenge. Catering to a vast and diverse array of Microservices, and the developers behind them, can prove to be impractical if leaned on a single team in the R&D. In this session we will talk about how we can overcome these challenges by placing the responsibility back in the hands of the developers using simple tools like Jenkins pipelines. About Josef : ---- Josef Goldstein in an Engineering Manager at Proofpoint, where he leads the platform engineering team for Proofpoint’s cloud security products. He has over a decade of experience with building service oriented systems and deploying them at scale. Josef believes the secret sauce for creating sustainable complex software systems is good design practices and effective communication between people, and works tirelessly to build the culture necessary to support these values. 2) Roy Osherove: Co-Ops - Moving from Waterfall Pipelines to Cooperative Pipelines Why are some organizations able to implement true continuous delivery, and others are endlessly struggling and striking out on the path there? I this talk we will introduce the idea of Co-Ops: Pipeline-driven processes - and how those are different from "we just have a few Jenkins jobs lying around". By delegating Tactical day to day IT related decisions to pipelines, instead of letting humans make them, we can slowly achieve true continuous delivery. In a pipeline-driven world, testers need to learn new skills (coding, automation, coaching). Ops need to learn new skills (coaching, infra as code, testing). Security folks need to learn new skills (coaching, testing, automation and coding, ops). Devs need to learn new skills (coaching, testing, ops, security). Compliance need to learn new skills (automation, testing, coaching). Everyone is affected. Co-Ops & Pipeline driven organizations pull us out of our silos and into more collaboration. It can be really painful if we don't know what to expect. In this talk we will discuss what such a process might look like in real life, what types of possible collaborations can exist, and what challenges we face making it happen. About Roy: -------- Roy is the author of "Art of Unit Testing" and "Elastic Leadership" and the upcoming "Pipeline Driven" book. He is a freelance consultant and trainer. His website is at osherove.com .

    2
  • Secure Coding Processes with CI/CD + Patterns for Continuous Software Updates

    מלון דניאל הרצליה - Daniel Herzliya Hotel

    Submit a future talk at http://submit.cdisrael.com today. Schedule: ------------------------------ 18:00 Getting together 18:30: Ada Sharoni: Secure Coding Processes with CI/CD 19:15: Break 19:30: Community Announcements & Hiring Callouts 19:35: Baruch Sadogursky : DevOps Patterns & Antipatterns for Continuous Software Updates 20:20: End of the evening Details: --------- 1) Ada Sharoni: Secure Coding Processes with CI/CD -------------------- CICD and micro services are great concepts, but in the world of cyber security they can become incredibly risky. Most software developers are not security oriented, and as the race to production becomes incredibly fast, it’s no wonder we get to see a vast increase in exposure to vulnerabilities. Last year, one of three web applications was graded as having an extremely poor level of security, and 83% had some vulnerabilities detected in them. In this lecture we will try to demonstrate vividly how cyber attacks actually look like and what can be done in order to gain more safety while still maintaining fast delivery. Bio : ---- Ada Sharoni is a Software Engineer team lead at Akamai, that specializes in the fields of cyber security and ML. As a Talpiot graduate, she served in the Israeli intelligence community for many years, and for the last few years has focused on cloud security solutions at Akamai. 2) Baruch Sadogursky : Patterns & Antipatterns for Continuous Software Updates -------------------- So, you want to update the software for your user, be it the nodes in your K8s cluster, a browser on user’s desktop, an app in user’s smartphone or even a user’s car. What can possibly go wrong? In this talk, we’ll analyze real-world software update fails and how multiple DevOps patterns, that fit a variety of scenarios, could have saved the developers. Manually making sure that everything works before sending update and expecting the user to do acceptance tests before they update is most definitely not on the list of such patterns. Join us for some awesome and scary continuous update horror stories and some obvious (and some not so obvious) proven ideas for improvement and best practices you can start following tomorrow: Bio : ---- Baruch Sadogursky (a.k.a JBaruch) is the Head of Developer Relations and a Developer Advocate at JFrog. His passion is speaking about technology. Well, speaking in general, but doing it about technology makes him look smart, and 18 years of hi-tech experience sure helps. When he’s not on stage (or on a plane to get there), he learns about technology, people and how they work, or more precisely, don’t work together. He is a CNCF ambassador, Developer Champion, and a professional conference speaker on DevOps, DevSecOps, Go, Java and many other topics, and is a regular at the industry’s most prestigious events including DockerCon, GopherCon, Devoxx, DevOps Days, OSCON, Qcon, JavaOne and many others. You can see some of his talks at jfrog.com/shownotes VENUE - Yalla-DevOps! Conference: ---------- This month's meeting will be held with the cooperation of Yalla-DevOps! Conference, and will take place immediately after the conference, at the conference venue. Jfrog will also be recording and feeding us - thanks!!

    2
  • CI/CD Lies & Metrics + Microservices? MicroFrontends? MicroPipelines?

    AGENDA: ------------- 18:00-18:30 Networking & Pizza 18:30 - 19:15 Roy Osherove: Lies, Damned Lies & Metrics 19:15 - 19:30 Break 19:30 - 19:35 Community Announcements, Jobs & Collaborations 19:35 - 20:20 Gil Tayar: Microservices? Microfrontends? Micropipelines! *** Video Recording Sponsored by: (sponsor needed) Pizza Sponsored by: CodeFresh.io https://codefresh.io *** 1) Roy Osherove: CI/CD Lies, Damned Lies & Metrics -------------------------------------------------------- They say that "you get what you measure", and we've all see it happen. "We need to get the coverage up!" followed by people frantically writing tests that might not actually test anything. Coverage is up. Quality? not so much. So what metrics can we use to drive the things we believe in? How can we measure our success in Continuous Delivery? In this session Roy Osherove covers recommended and un-recommended metrics and how each one could drive our team towards a bleaker, or brighter future 2) Gil Tayar: Microservices? Microfrontends? Micropipelines! Or... How We CD at Applitools ------------------------------------------------------- Pipelines are at the forefront of Continuous Deployment today—big long pipelines which try to encompass the whole monolithic development process. Sound familiar? Yes, very similar to monolithic apps. At Applitools, we tried a different model. I will try and describe this model, which consists of a monorepo, many loosely coupled small modules, microservices, a simple build and deploy process that ties it all together, and tons and tons of tests. Come join me to listen to a day in the life of an Applitools developer, and see how we treat the development process to reach CD nirvana.

    4
  • First Meeting - Optimizing Pipeline Flows + CD & Testing with Micro Services

    AGENDA: ------------- 18:00-18:30 Networking & Pizza 18:30 - 18:55 Roy Osherove: Continuous Delivery Goals & Vision for CD Israel + Logistics + Sponsors 19:00 - 19:45 Ant Weiss: Optimizing the Delivery Pipeline for Flow 19:45 - 20:00 Break 20:00 - 20:45 Anton Drukh: CD & Testing Challenges with Micro Services *** Video Recording Sponsored by: JFrog https://yalla-devops.com/ Pizza Sponsored by Snyk: https://snyk.io/ *** INTRO: Roy Osherove -------------------------------------------------------- * What's the point of a Continuous Delivery Meetup? * Vision for CD Israel * Logistics SESSION 1: Optimizing the Delivery Pipeline for Flow ------------------------------------------------------- Ant Weiss The main purpose of Continuous Delivery can be defined as establishing flow. In this presentation we'll discuss what flow is, what enables or inhibits it. And most importantly - how to measure the flow in order to make sure our Continuous Delivery pipeline serves its purpose. About the Speaker: Ant(on) Weiss Software Delivery Futurist 19 years in tech, marketing and leadership roles. A fanatic of software delivery optimization. 5 years in technical and executive training. Expert in DevOps, Lean, Systems Thinking, Continuous Delivery, Cloud Native and Decentralized Systems. Coder, speaker, writer. Fixated on improving the ways humans collaborate by telling mind-provoking stories. SESSION 2: CD and Testing Challenges with Micro Services ------------------------------------------------------- Anton Drukh Testing plays a critical role in CI/CD, allowing to gain confidence in every change we make. Tests define expected success and failure modes, and assert your code's behaviour. When your microservices' codebase grows, tests become complex. Each feature requires a chain of functional changes, also changing your tests. The need to run all affected microservices in unison becomes critical. This causes tight coupling, working against the flexibility of microservices. In this talk I'll present an approach to address this problem By embedding testability into your microservices paradigm. I will show practical examples based on our journey from the very beginning to a team of 40+ devs today. About the Speaker: Anton Drikh has been in engineering management positions for the past decade, and is fascinated by how everything makes sense in one’s IDE, only to be pulled upside down in production. Outside of work, Anton enjoys being raised by his family and having an occasional beer.

    7