October 16, 2014
How do you keep getting better, when you’re already the best? Or what happens when complacency, out-dated thinking or weariness stunts performance? What do you do when growth stalls, or when your team is working below its true potential? The answer: you’ve got to pursue your true potential. Mark Sanborn has worked with many of America’s best companies. That’s because he has the ability to motivate and teach simple, proven and highly effective ways of thinking and doing that keep individuals and organizations moving forward and gaining new ground. Not only has he learned from working with the best—some 2400 clients—but he’s learned what doesn’t work, too, and can help you change your thinking and supercharge your performance.
Most security presentation to developers are a dry rehashing of OWASP Top Ten; do this and don't do that with terse snippets of code.
This session aims to be different in that the tools that are available to penetration testers (and hackers) will be demonstrated to show how a web application is attacked. Using the OWASP Top Ten as a guide, a combination of vulnerabilities will be used to attack a demonstration application. Two tools that will be highlighted are sqlmap and BeEF (Browser Exploitation Framework).
Target audience: Developers that want to be more security conscience
Assumed Knowledge: None
You will learn:
- Recent events in security and hacking
- Overview of OWASP 2013 Top Ten
- Show how attacks are never a single issue, but combination of vulnerabilities
- See what SQL Injection compromise really look like
- Demo: sqlmap
- How easy it is to defeat weak password hashes
- See why Cross Site Scripting (XSS) is a serious vulnerability
- Demo: BeEF and Metasploit
- See an attack on ColdFusion
- Demo: Published Exploit Script
- Quick overview of Web Application Firewalls and Web Vulnerability Scanners
What does it mean to build an AngularJS application that communicates to ColdFusion? We will introduce AngularJS and talk about its top features. We will look at how to structure a real AngularJs application to perform database interaction using the RESTful API features of ColdFusion. We will learn how to design an AngularJS application using controllers, directives, routes, modules and services that works with your back end ColdFusion server. The focus will be on the communication between AngularJS and ColdFusion dealing with topics such as returning result sets, REST, authentication, security tokens, http interceptors, models, using data binding inside forms, error handling, and performance. In addition to the above we will also add a realtime communication channel using Node.js, the Express routing framework and Socket.io to talk to the same ColdFusion RESTFul services providing the AngularJS application with real time updates.
This two hour session will give attendees a hands on introduction into the mobile features of ColdFusion 11. Using their own equipment attendees will go through the mobile development process and have a working application at the end of the session.
This session will cover the basics of setting up a mobile project. Attendees will learn to use some of the available mobile APIs that are available. Using multiple forms of local data storage will also be covered. We will also go over remote debugging using Weinre and line debugging.
Note: It is not necessary to attend the Day 1 session to attend the Day 2 session and vice versa. Both sessions will cover different material but the Day 1 session will explain project setup in more detail.
- Project Setup
- Contacts API
- Local Storage Database
- Weinre and Testing
This session will be presented by Dave Ferguson and Simon Free jointly.
Caching is a fundamental method of removing performance bottlenecks and improving the performance of an application. ColdFusion provides various caches for increasing the performance of components ranging from SQL queries to CFML pages. Also, ColdFusion provides a programmatic cache which can be controlled by application code. In this session we will talk about how to increase the performance of CF web applications using these various caches (Query cache, Auth cache, template cache etc.) and its internals. Also we will look at how to scale and monitor these caches in a distributed environment using some of the tools.
Amazon Web Services provide a wide array of highly scalable tools which solve common problems in modern Web application development. ColdFusion 11 fits right into the AWS ecosystem, and this session will show you just how easy it is to start using AWS in your ColdFusion applications.
We'll look at:
- Cheap, fast, and easy content storage thanks to ColdFusion's integration with AWS Simple Storage Service (S3)
- Creating ColdFusion servers in AWS using the new ColdFusion 11 Amazon Machine Image
- Options for creating your own ColdFusion 11 machine images
- Plug-in points for other AWS services in your ColdFusion applications including on-demand databases and a global content delivery network
- A reference architecture for running scalable ColdFusion applications in AWS
- Some hard-earned lessons about running Web apps in AWS
We've been building and maintaining high performance, high availability ColdFusion systems since our days at Allaire Corporation. In this talk, we'll share the following:
=>Our latest recommendations for building such systems in modern server environments, including:
** Optimizing memory for maximum performance.
** Optimizing thread settings for maximum concurrency.
** Planning and optimizing server infrastructures for maximum performance and scalability (including some cloud-specific planning leveraging Amazon Web Services).
** Load balancing and failover planning to support maximum performance, uptime and scalability.
=>Live load tests that demonstrate the capabilities of ColdFusion systems tuned according to the best practices above.
=>Some real-world success stories, including one featured in an Adobe.com case study about the world's largest auto race, whose websites were powered by ColdFusion.
How is Adobe planning to craft the future of ColdFusion? What is in store in the future versions of the product? How is Adobe promoting ColdFusion? If any of these questions linger in your mind, then this session is for you. Learn how Adobe is committed to ColdFusion – both now and in the future to make ColdFusion more successful than ever. Gain insight into the plans that Adobe has for the all-around improvement of ColdFusion and the eco system around it. Learn about product improvements that Adobe has in store for the future versions of ColdFusion. Get an update on various initiatives from Adobe. Also understand how ColdFusion has made some of the ColdFusion shops very successful. As a bonus, the session also has live audience participation where you can let Adobe know your opinion on some of the product improvements planned.
Survey Link http://www.surveymonkey.com/s/cfsummitsurvey
Are you still running that CF 4 application that your company paid some contractor ridiculous amounts of cash for 15 years ago? You know the one, that monster 5,000 template mash of two dozen sub-apps that all got thrown together in 5 minutes with bubblegum and bailing wire, and now take your server down every other day. Now you're seriously considering your options. Do you toss out this huge investment of money and man hours, and start over from scratch? Do you even write that in the same language?
Don't throw away that investment. Revive it, learn from it, and continue to capitalize on it. There have been some huge revisions to ColdFusion in these last 6 versions of the server, and with well thought out planning, refactor, and testing, your app can continue to thrive, grow, and succeed. In this topic, we'll discuss some of the steps to take, hurdles you may encounter, and key benefits and takeaways from saving that app.
Sure, we hear all about the big, new features, or some that wow certain developers (or disappoint others), but in every release of CF there are always lots of little things that go unheralded and that may be just what you've been waiting for or may delight you, and this is just as true in CF11.
Many of the programs and applications that we are making today are being applied to a family of diverse environments: desktop, tablet, and the wild, wild world of mobile. REST-based applications are the industry’s leading answer in generating programs that can interact with any or all of these environments. The ColdFusion community has a variety of options to harness REST including the native REST features in ACF, the open-source project Taffy, and ColdBox’s REST/RELAX features. I will introduce and analyze each option and present the pros and cons of each so that you can better choose the best tool for the needs of your next project.
ColdFusion Builder 3 is a 'written from scratch' up to the ColdFusion Builder line. If you have tried ColdFusion Builder in the past and skipped on it, or if you've never tried it, this session will introduce you to the newest version and provide tips and tricks on how to use it best.
Please join us for a panel discussion with Adobe and ColdFusion customers where we highlight ColdFusion use, its benefits, and challenges. The panel discussion will be facilitated by Elishia Dvorak and chaired by Tridib Roy Chowdhury of Adobe. They will be joined by several of Adobe's ColdFusion customers for insight and opinions on the topics. Attendees are invited to not only quiz the panelists about their experience but are also welcome to share their own perspective on the topics. The focus of the discussion will be to understand the benefits of successful ColdFusion deployments and architectures, as well as some of the challenges that can be addressed by Adobe and the community to further advance the ColdFusion platform.
This session will begin with a brief introduction to MVC (Model-View-Controller) frameworks, and the advantages of developing applications using MVC frameworks. After that the rest of the session will be spent on:
- Going through the procedural code for a small ColdFusion application
- Refactoring the procedural code to use Framework One
- Refactoring the procedural code to use ColdBox.
CFML has been around for over 18 years. However, many projects are still failing. A pile of code no one understands and everyone is scared to touch. Developers are still seen and treated as resources and companies are still outsourcing software development to cheaper places, disregarding software quality. So, what developers can do about that? How can we turn this situation around? In this talk we will be discussing what Software Craftsmanship is and how it addresses these problems. Are we really professional software developers? Do we act like professionals? Come along if you are interested to know what is to be a real software craftsman.
- What it means to be a software craftsman
- What you can do to better yourself
- What you can do to better your team
- How simple changes can make the biggest difference to your development life
- How to ensure you still have a Job in 5/10/20+ years