Improving software development security at CodeMash 2014

I will be delivering two lightning talks at CodeMash 2014 titled “Maximizing Technology Adoption ROI” and “Data Breach Lessons from 2013”.┬á Even those who have not attended the talk can view the talks here.

 

Enhancing quality assurance with virtualization

Virtualization shines in quality assurance, development, and testing. Backups or virtual machines can be restored to another environment and operate just like the original. This allows an organization to better test their backups or their business continuity plan without interrupting production systems. Similar to the hot, warm, or cold site, virtual machines can be deployed in an alternate location just as they would in a disaster thereby allowing the organization to determine the length of time needed to make systems available in an emergency. As a result, team members will be more familiar with the process and less likely to make mistakes that could cause delays in making the organization operational again.

Regardless if you have a virtual environment or not, it is important to test your backups and business continuity plan as part of your information security risk management strategy. In this way you will be able to proactively identify any flaws in the plan prior to an actual emergency. It is much better to correct an error before it results in lost data or profits.

Code Camp Diary

Ian and I left for Code Camp in Pittsburgh early this morning. We
were on the road by 5:30 AM. We drove to Independence to pick up
Richard but then I got a call saying that he could not make it. We
stopped by Panera for breakfast and arrived at the University of
Pittsburgh with plenty of time to spare. The event started at 9:00
AM.

When I picked up my badges, Ian found out he was presenting. He had
to think of something to talk about. He started looking up slides to
download for his presentation. Once I found my badge, I wandered
around the facilities to get my bearings. Ian ended up working on
his presentation during two other presentations. He was able to
download some slides from someone else and then he had to screenshot
some things because he did not have Visual Studio on his laptop.

The first presentation I went to was on using attributes and property
grids to manage system configuration. These property grids (list
views) allow you to create classes and then utilize an input method
similar to the one use on the property sheet in the Visual Studio IDE.
The grids are very customizable and easy to use once you get the hang
of the classes used. I understood most of what the presenter showed
us but there were a few things I missed because it was early in the
morning and because I am more familiar with VB.NET than I am with C#.

The next presentation I went to was on SSIS (SQL Server Integration
Services). This one seemed interesting but I was dissapointed when
my presenter just read
from a piece of paper. I was surprised that they would have a
Microsoft sponsored event with such a low caliber presenter. I read
about SSIS online and learned more in a few minutes than I did in his
entire presentation. Our presenter tried to show us
what he was talking about but he simply followed an online guide or
lab manual. He was always staring down at his paper as he tried to
create the data he wanted to transform.

We had pizza for lunch. I was expecting a little more from Microsoft.
In the past, they have served some nicer meals. Still, I did not
pay for this event so it was nice to receive food and it was on site
so I did not have to lose time trying to find a place to eat. I
guess I am like the cat who comes to a house every day to get a bowl
of milk. If the milk is not there one day, the cat would meow. I am
not ungrateful for what Microsoft provided. I am simply used to
getting ÔÇ£milkÔÇØ. We chatted with a few other developers over lunch and
then headed to the next session. A number of them were mac users so
I got along nicely. They talked about a Macintosh development
environment but I forgot the name. Ian reminded me laterr that it is
called X-code. I would like to try it out. I never really considered
the Macintosh as a development platform but I guess I should.

The session I attended after lunch was on unit and web testing. The
presentation was interesting but I had a seat way in the back. The
presenter used blue text on a blue background so it was very difficult
to read in the back. I mostly just listened to what he had to say and
then watched his examples. It is nice to know about the tools
available in Visual Studio 2005 for testing. Much of it is automated.
Also, for testing web services, you can walk through tests and have
those tests recorded so that they can be performed on other code
modules as well. Reports can be generated to show whcih parts of your
code have been tested and which parts passed or failed. If one part
fails, you can go to the part of the code that failed. Also, the
code in Visual Studio 2005 is highlighted in blue or red to show if it
passed or failed testing. I imagine that this highlighting can be
removed much like tracking changes in a word document. I am eager to
try out the testing tools on my flashcard application. I want to see
if the testing tools are available in Visual Studio Express 2005 because I do not own a copy of Visual Studio 2005. It would also be nice to teach how to use these tools in the classroom.

The next presentation at 2:00 was on the Windows workflow foundation architecture. This allows us to separate application code from workflow logic. It is a download that is part of the .NET framework 3.0 expected in January 2007. I learned a lot in the presentation because I came in knowing nothing. I asked Ian ÔÇ£What the heck is the
workflow foundation?ÔÇØ right before the presentation started. Workflows are a set of activities. The activities can do almost any application or Windows task. The foundation integrates with the shell, Sharepoint, Office, and other apps as well. You must run a script against your SQL server database inorder for the workflows to be properly integrated into the database. Workflows can be tracked and reports can be generated from it. We can create logic for when an
activity starts, when events occur, or when the event finishes. To liken this to something everyone understands, think of how custom animations are designed in Powerpoint. This is an extremely simplistic example. Activities that have been sitting in a queue waiting for some action like management approval can be flagged, terminated, or some other action can be taken.

Workflows could be set up for a technical support center as users request service, technicians are assigned, the problem is raised to a higher level if necessary, and finally the issue is resolved. A visual studio template is used to create a new workflow. This template is a C# project. Once you create a workflow, it appears as a diagram much like those designed in Visio. The familiar toolbox exists on the left hand side of the screen. The toolbox allows you to add C# code to the workflow, events, policies, timers, delays, and other things such as specifying whether or not workflows operate in parallel or sequence. The entire thing is very visual with blocks that can be drilled down into for further detail and customization. Most commonly you would set each state to end starting another state. A GUI can be created for the workflow so that it can be used.

After the workflow event, I went to see IanÔÇÖs event. Ian spoke on code security. He asked everyone the size and complexity of their passwords which did not relate into code security but oh well. Everyone deserves a chance to rant a little when they get their spot on their soapbox. (hehe. No offense Ian.) Ian was having quite a few problems with his computer during his speech. His powerpoint did not display properly and he spent about 10 minutes up front trying to fix it before giving up.

Let me share just a few finishing thoughts. While at code camp I had the odd thought of what Remington College is teaching for programming at some of my other campuses. When I taught the class I had to fight to get us to teach .NET instead of Visual Studio 6.0. Now I have Visual Studio 2005 but I have not seen any copies around at Remington
so it makes me wonder if many campuses are still teaching using Visual Studio 6.0.

It was a very fun event and I look forward to attending another event in the future. It was also nice to spend time with Ian too. I wish Richard could have attended too.

CodeCamp5

CodeCamp4

CodeCamp3

CodeCamp2

CodeCamp1

Southwest PA Code Camp

I signed up for Southwest PA Code Camp on Saturday, April 8, 2006. I
have taught a programming class but I still do not consider myself an
accomplished programmer. This event should help me boost my .NET
skills. I enjoyed teaching the programming class and I would happily
do it again. This is a 1 day event. So far, Ian and I are going but
a few others might go as well. It will be nice to carpool to the
destination.

Here is the location:
Department of Computer Science
Sennott Square
University of Pittsburgh
Pittsburgh, PA 15260

To be called a code camp, a facility must follow these protocols.

1. By and For the Developer Community – Code Camps are about the
developer community at large. They are meant to be a place for
developers to come and learn from their peers. Topics are always based
on community interest and never determined by anyone other than the
community.
2. Always Free – Code Camps are always free for attendees.
3. Community Developed Material – The success of the Code Camps is
that they are based on community content. All content that is
delivered is original. All presentation content must be provided
completely (including code) without any restriction. If you have
content you don’t want to share or provide to attendees then the Code
Camp is not the place for you.
4. No Fluff ÔÇô only Code – Code Camps are about showing the code.
Refer to rule # if you have any questions on this.
5. Community Ownership – The most important element of the Code Camp
is always the developer community. All are welcome to attend and speak
and do so without expectation of payment or any other compensation
other than their participation in the community.
6. Never occur during work hours – We need to understand that many
times people can’t leave work for a day or two to attend training or
even seminars. The beauty of the Code Camp is that they always occur
on weekends.

(information taken from the code camp site)