Recently (yes, I say recently even though it happened last year!) I attended the very first edition of DDDAdelaide. It’s awesome finally seeing Adelaide getting a software development conference. It was really well put together, and I had a great time. I would highly recommend anyone going to the next one!
This article covers my key takeaways from some of the talks I saw. I’ve also included each presenter’s Twitter and a link to the slides where possible.
Shifting Left: DevSecOps as an Approach to Building Secure Products
Fantastic talk about moving security testing from near/after the release stage, to the development stage. As a programmer by trade, I know security is important but it sometimes feels like it is left behind a bit in the engineering process. The suggestion to add security testing as part of automated CI/CD is definitely something I want to explore doing.
- Recommendation to have a separate environment for security testing
- Security tools: Burp Suite (expensive!), Owasp Zap (free!)
- Tools to help manage dependencies: Snyk, Dependabot
- ‘Sans Appsec’ as a resource for application security
- Guidelines: Security shouldn’t get in devs way and track security defects tracked as tickets
GraphQL, gRPC or REST? Resolving the API Developer’s Dilemma
Rob initially goes into the history of API technology, with some funny commentary on how we think the newest thing that comes out is the ‘best’ (‘SOAP is dead, long live REST’ to ‘REST is dead long live GraphQL’)
- REST is generally a good choice for starting an API
- GraphQL is not the best choice for server to server communication
- There exists some challenges regarding caching with GraphQL
- The speed of a GraphQL response is limited by the slowest field
- GraphQL eliminates the need for versioning - we didn’t need versioning in
other API types either!
- We should strive for ‘Graceful Evolution’. (e.g. Don’t add required inputs/don’t remove outputs/don’t change type of field/follow Robustness Principle)
- Deprecations are still hard, even with GraphQL
- Integration Pattern - Martin Fowler
- REST: Most of your API is CRUD
- GraphQL: Excels with multiple clients with Heterogeneous data requirements
- GRPC: Good for synchronous comms between microservices
- Need to look into GRPC more!
Main takeaway: There is no universal best API style, but there is always a best API style for you problem.
Modern Authentication 101
A nice overview of how to handle authentication. Dasith provided an in-depth description on the problems with the classic model of authentication, and described modern alternatives.
- Really nice flow chart on what OAuth flow you should use, depending on the device, what type of app it is, etc.
- Can see myself going back to the slides for reference!
TypeScript: Beyond 101
As a Java guy, TypeScript is something that really resonates with me. I’m always eager to hear more about it!
Jaime showed some cool things that are achievable in TypeScript. The
feature was something that found immediate use for me for a project I have at
Making React Apps Accessible: It’s easier than you think
Like security, I feel like accessibility is one of those things that are an after thought in web dev. Jess brings some stats to show that things shouldn’t be that way!
What I like about this talk, is while there was a focus on React, the techniques shown can be applied to any front end framework. Also, I’ll always love a web dev talk that promotes the use of semantic HTML!