March 9-11, 2011
Montreal, Canada

Top 20 sessions

Security As web applications become the norm for application delivery mechanisms,
there is more and more demand for managing access control at the
application framework level. As is immediately obvious, managing this
access control becomes an overwhelming overhead for the actual
application, and should be handled by the underlying framework used for
application delivery.

In this presentation I will discuss how the OpenAM authN and AuthZ
layers can be simply and easily integrated into an enterprise
application, allowing fine grained access control to be enforced at the
application layer, while allowing the administration and management of
the policies to be handled by the service provider.

Web Services Although browser apps replace more and more desktop application, a tight integration of both is often desirable, not only when it comes to data manegement. The HTTP based WebDAV protocol allows you to integrate your web applications with users favorized desktop environment. This talk gives you an introduction to WebDAV, its beauty & pitfalls and shows you how to integrate it easily into your applications.
PHPSecurity OWASP Enterprise Security API Toolkits help software developers guard against security-related design and implementation flaws. Because it's an API, it can be easely be add to applications and services to protect themselves from attackers. In this talk, I'll present the project, it's PHP implantation and how to add it to your projects.
One of my favourite things about meeting up with other developers to hack on
a project is that they'll see how I'm doing things and chime in "hey, did
you know that you could use ($someTool) to do that better?" I've been doing
this web thing for a long time, and thus have built up a significant bag of
tricks, such as Screen, OpenVPN, RRDTool, SSH tunnels, and git hooks to deploy code on push. In this talk, I'll share as many of these tips, tricks and tools as
I can, as quickly as possible. The goal: leave with new ideas.
Python FormAlchemy est une librairie de génération de formulaire bas niveau.
FormAlchemy déduis des formulaire depuis les données et permets ainsi
d'éviter la duplication de description de schémas de données et un
développement rapide.

FormAlchemy est dors et déjà compatible avec Pyramid, le futur Pylons
2 et peut être utilisé avec n'importe quel framework web.
FormAlchemy permet de générer des interfaces CRUD basiques pour pylons
et pyramid.

Dans un futur proche, FormAlchemy devrait supporter le html5,
permettre d'utiliser des templates chameleon et fournir un squelette
d'application pyramid.
Security The OWASP foundation recently published the 2010 version of its reference document describing the top 10 web application security risks.

During this talk, ten intrusion techniques will be shown to the audience, to have a better understanding of the risks described in the OWASP Top 10 2010 document.

Agenda:
- Basic theory on risks, threats and software vulnerabilities
- Presentation of the 10 intrusion techniques
- Best practices when working with the OWASP Top 10 2010
- Discussion, questions


Note: due to the reduced time available, the talk will focus on explaining the intrusion techniques on web applications. Developers interested in working on the defensive coding aspects should also participate in the secure development training.
Startups Ben Yoskovitz discusses his most recent startup experience, founding and selling Standout Jobs. The company started in 2007 and raised $1.8 million in venture and angel capital. The company was sold in 2010 (although it was not a financial success story.)

Ben discusses his 3 years at Standout Jobs, along with past experience and more recent experience founding Year One Labs, an early stage seed accelerator that helps startups get started in the first critical year of existence.

During the talk, Ben will give the audience an inside look into the roller coaster ride of startups. Topics covered include: fundraising, hiring, product/market fit, product management, board management, marketing, and more.

Although a great deal of Ben's experience was challenging, his goal is to encourage people (technical people especially!) to start companies. It's essential that more engineers and programmers launch startups. Consider this presentation a motivational speech (based in reality)!
Front-end jQuery is one of the global players in the world of JavaScript frameworks. It's
small. It's fast. It's concise. It changes the way you write JavaScript. But
how does this library accomplish all this?

Its developers concentrate on the main aspects of any JavaScript application:
Document traversing, document manipulation, event handling, animation and AJAX
interactions. Only these components are part of the core library. Everything
else needs to be added using so called plugins.

Whole applications can be built creating and combining plugins to bring into
being a fully featured user experience.

In this session I will give a short overview about the different possible plugin
types, before presenting the most common ones in detail. During the talk a reusable
base structure will be created which can be easily adapted to any personal
developmental needs. This skeleton will allow you to start writing your own
jQuery extensions in no time.
Web Services 25 years later, domains are still the way most of us envision the web, but for how much longer?

Authorization standards (such as OAuth) are becoming more and more popular. Bookmarklets and web browsers add-ons are rising. APIs aren’t scary anymore. We have found ways to bypass cross-domain policies (with JSONP for example), and JavaScript frameworks are already taking advantage of it all.

Not only the technology is evolving but, as equally important, Internet users expectations are growing too. The simple fact that more and more people are willing to use their Facebook or Twitter credentials to sign in to a 3rd-party application is an early indication that frontiers between domains are fading away.

During the talk, we’ll go over technical aspects of cross-domain web development and highlight new opportunities for designers, developers, and managers. We’ll use concrete examples from Facebook, Twitter, Hunch, and readon.ly to imagine the web of tomorrow.
PHP Although PHP has many different methods for creating graphics, there aren't many currently for interpreting them. By using the OpenCV image processing library, it is possible to let PHP be able to detect features in images, such as people's faces and other objects, and process them further. This presentation will show how.
PHP PHP expose dans son espace utilisateur un large éventail de classes et de fonctions regroupées sous forme d'extensions (mysql, pdo, json, date, etc.). Il existe deux principales raisons qui généralement poussent un développeur à écrire une extension : permettre l'utilisation d'une libraire externe ou la performance. Toutefois, un tel développement peut s'avérer difficile dû au manque de documentation sur le sujet. Nous aborderons différents concepts de base sur le fonctionnement interne de PHP. Puis, nous discuterons de certains outils (GDB, Valgrind, etc.) et des ressources (Opengrok, Mailing list) qui vous permettrons de mieux comprendre le fonctionnement des extensions.
PHP L'analyse de code PHP se fait le plus souvent manuellement : il faut lire le code pour le comprendre.

L'analyse statique permet d'aller plus vite, et dans tous les recoins de l'application : elle travaille sans se lasser, exhaustivement, mais sous direction.

Durant la session, nous mettrons en place un analyseur statique pour PHP, pour détecter automatiquement l'arbre des inclusions, les arguments jamais utilisés, les affectations de GPC, et produire un inventaire à la Prévert du code.
Security Being the good developer that you are, all the applications you create are being designed with security in mind. So of course you are following all the known best practices, you know you did your job well. You did, didn't you? In this session we will take a look at various common security myths and why quite many approaches, tutorials and common solutions just don't quite cut it. Find out what your options are to really get the job done and what you might have been missing in your current implementation!
Java Le développement Web Java a subit une forte évolution depuis les 6 dernières année. On retrouve dans ce langage énormément de framework Web, qui ont tous leurs contraintes et leurs avantages, mais dont le but commun est d'essayer de faciliter et accélérer le développement en fournissant un certain cadre.

Mais avec l'arrivée de nouveaux concepts comme Cometd (push Ajax), l'événementiel, les architectures Web distribuées telles que Amazon, Linked'In, Facebook, Twitter et avec les nouveau besoins en expérience utilisateur, un écart se creuse avec le monde des frameworks Web.

Nous allons voir à travers une expérience vécue sur une architecture Web de haute disponibilité les contraintes que nous avons eues et pourquoi nous avons choisi d'écrire notre propre framewok.
Testing / QAJava Testatoo est un ensemble de librairies qui facilitent l'écriture de tests d'interface graphique.

L'objectif principal de Testatoo est de mettre en pratique une approche TDD au niveau de la
création des interfaces graphiques.

Les créateurs de Testatoo pensent qu'un test de UI doit être écrit avant son implémentation et qu'il doit être :
- écrit dans un format lisible
- écrit dans un language de programmation proche du développeur
- le plus abstrait possible pour mieux resister aux changements des besoins et des technologies.

Nous verrons au travers d'exemples concrets comment un même jeu de tests permet d'adresser des interfaces graphiques dans différentes technologies (Flex, Html4/4, ExtJs).
.NET “The best reason to learn a new programming language is to learn to think differently.” --Chad Fowler

Il n’y a pas si longtemps je me suis lancé un défi d’apprendre un nouveau langage. F# m’a semblé tout indiqué car ce langage propose une façon différente de réfléchir aux problèmes que nous essayons de résoudre dans notre quotidien d’informaticien tout en restant arrimer à la plateforme .Net. Je propose de partager avec vous mes découvertes sur les fondements de la programmation fonctionnelle, le style de programmation déclaratif, les fonctions d’ordre supérieur (higher order functions) et plein d’autres concepts que j’illustrerai par du code simple et concis. Nous terminerons par une utilisation de ces concepts dans un exemple complet afin d’illustrer comment ils peuvent être mis à profit dans nos solutions.

FrameworksRuby With the Sinatra's light clean syntax, many web developers have delighted in its its unencumbered approach. However, there is often a need for something a more than what Sinatra provides. Enter Padrino. It aims to offer a set of standard tools usable within Sinatra, which can be picked to exactly suit your requirements. With Padrino, you can currently pick and choose from the following modules:

Generators: Create applications, models, controllers
Routing: URL named routes, named params
Tag & Asset Helpers: Easy to add tags, css, and javascript
Form Helpers: Creation of forms for models
Mailer: Simple delivery support for sending emails
Admin: Built-in admin interface (akin to Django)
Localization: Full support for I18n
Caching: Support for fragment & page caching with a variety of backing stores

This talk will provide a whirlwind tour of these features. We will also compare the speed and memory usage of Padrino vs other frameworks. Have it your own way!
Ruby Programming programs is fun! Programming programs to program other programs is even more fun! Sounds confusing? It doesn't have to be. With Ruby, metaprogramming becomes a thing of joy. In this talk we'll investigate:

* blocks, lambdas & yield
* eval, instance_eval, module_eval, class_eval
* const_set, const_get
* Class.new
* define_method
* method_added
* include, extend, and callbacks
* arity, parameters (1.9)
* ParseTree & ruby2ruby

We'll explore the capabilities and limitations of these techniques, exploring ways to create programs not typically possible. We'll use lots of practical examples so that you can follow along and learn how to use these techniques yourself!
Frameworks.NET Manos de Mono is a new web application framework that targets the Mono runtime. It is a completely fresh take on web application development with C#. Taking nothing at all from ASP.NET.

Manos is inspired by the Unix philosophy of application development. Things are small, simple and reusable.

This session will be an introduction to development with Manos by the creator of the project.
CMS L'année 2010, peut être considérée comme une année charnière pour les CMS. Les différents outils de gestion de contenus ont vus apparaître une nouvelle version majeure, provoquant un large choix pour les développeurs et les utilisateurs.

Chacun de ces outils possèdent leurs avantages, aux yeux des programmeurs PHP / Python / Ruby / Perl, mais est-ce qu'ils vont répondre au final, au besoin souhaité ?

La définition du besoin et le choix des acteurs du projet seront des critères importants et donc présentés à cette session.

Montreal 2011 sponsored by