February 29 - March 2, 2012
Montreal, Canada


Top 20 Wish List
Testing / QAJava S'adonner au développement itératif et incrémental sans automatiser les tests, c'est s'engager sur la voie du Scrum Flasque (Flaccid Scrum pour reprendre l'expression de Martin Fowler). C'est voir petit à petit la vélocité de l'équipe diminuer, la dette technique s'accumuler, la livraison de valeur d'affaires cesser. La base de code devient progressivement intravaillable. Bref, la qualité se détériore et les coûts de maintenance de l'application explosent. L'automatisation des tests à tous les niveaux est essentielle pour livrer itération après itération du logiciel de qualité qui enchantera vos clients. Plus facile à dire qu'à faire, à priori. Et quelle couverture de code devrait-on viser ? Seulement le chemin nominal ? 70% ? ... ou bien 100% ! Certains diront déjà, 100% c'est irréaliste ! Au contraire, cette session vous présentera comment viser ... et atteindre une couverture de test de 100% en tirant profit des différents types de tests et en construisant vos propres outils de test
Web ServicesData Persistance Where? As location becomes increasingly important, and as more and more data is geotagged, this may be the most important question your app needs to answer. How do you determine what city and country your users are coming from? Figure out which neighborhood a place is in? Keep a location history for a physical object? Group people together based on proximity? One of these days you'll need to reach into your knapsack of geo-tools to solve problems like these and this talk aims to make you ready. We'll cover using location-aware storage like MongoDB and ElasticSearch, GeoIP, reverse geocoding, third-party location web services, geo-hashing, and more. Warning: words like Euclidean may be used during the course of this talk.
PHPCMS FLOW3 est le framework qui fera fonctionner TYPO3 5.0. Cependant, FLOW3 ne se réduit pas à la création d’un SGC. FLOW3 à pour ambition de concurrencer des frameworks réputés comme Symfony ou CodeIgniter dans le développement d’applications PHP.
Cette présentation sera un aperçu de ce nouveau framework et elle est donc destinée aux personnes qui ne connaissent pas du tout le framework FLOW3.
Javascript Anyone who runs a website needs to at some point analyse how that site behaves. Who's visiting the site, where do they come from and what do they do when they're there.

This talk will cover a bunch of NodeJS modules that help analyse your web traffic to get insights into your user behaviour.
Testing / QAStartups Songkick is a web based music startup which operates in a new market place full of unknowns, developing a free service. Focusing on user experience as one of the most critical features of the product. Continuously iterating and experimenting with features based on user observations and metrics. Unusually we adopted Acceptance tests (with Cucumber) and BDD while still in the early startup phase. Having spent more than 2 years growing our system and learning the pain points both technically and culturally we have lots of interesting lessons we would like to share about startups and Acceptance testing.

The session will start out by highlighting what makes acceptance testing different in a startup environment, setting the scene for the world Songkick operates in. Then the session will work through an example of a real feature passing through our development workflow. Using photos from Songkick of the cards, the people/roles and the tools involved.
Mobile Actionscript. Language de programmation utilisé pour le développement de jeux, d'applications web, de lecteurs vidéo et de sites web.

Il est maintenant possible de l'utiliser pour le développement pour les mobiles et les tablettes. Que ça soit pour la plate-forme Android, iOS ou pour la tablette Blackberry Playbook, un projet en actionscript peut être utilisé pour tous.

Une code pour les développer tous.

Cette présentation montrera la situation réel de l'actionscript dans l'éco-système du développement mobile actuel.

Ce qui sera couvert:

Quels sont les avantages et les désavantages de cette technologie?

Un exemple réel svp!

Mon équipe web peut-il développer mon application? Oui, mais... voici mes conseils.
Java In this session attendees will learn about the different levels of concern within SOA and where to implement different frameworks within enterprise architectures. Tips and tricks that can only be learn through the school of hard knocks are presented here to give the attendee a big leap ahead in architected their systems. It will also point out commons trouble spots often encountered in large-scale systems. These are advanced system integration concepts with a focus on high availability using open source frameworks in a service-orientated architecture. It will cover best practice tips for implementing/architecting ESB, mediation router, and messaging in infrastructures needing large scale, high transaction capabilities.
Python Python is well known for coming "batteries included", with a very rich and helpful standard library.

Some usages of it are not well understood (Metaclasses, descriptors), and some others just unknown (co-routines). The goal is to go trough most of them, with examples of when they can simplify your life as a developer.

This session will try to go trough some of the most amazing and useful python features I found by asking long-time python users for the best unknown features they can think about.

Let's dive into python and its advanced techniques that can change your everyday life!
Startups “Artisan développeur”, c’est comme cela que je définis mon activité. Faire du “sur-mesure”, conseiller, former, auditer... sans être dans l’industrie du logiciel. Ne pas être salarié, ne pas avoir d’équipe à diriger, ne rendre des comptes qu’à ses clients et à soi même est aussi un choix de vie. Ce choix n’est pas forcément facile à vivre, pour soi, et pour son entourage. J’aborderai, au-delà du statut juridique, les obstacles et les plaisirs qui font notre quotidien, et les grandes questions récurrentes qui me sont régulièrement posées : comment s’organiser, comment trouver des missions, quels types de mission, etc.
Ruby You've been asked to write a fancy new service and you love your Ruby but you know you can't write a server nearly performant enough.

Or... can you? Enter EventMachine. EventMachine makes writing fast network applications easy. It leverages epoll in Linux or kqueue on your Mac, the same juice that powers node.js and Twisted. Using this you can write performant IO-based applications.

In this talk we'll cover the following:

* Write your first "Hello world" line server
* Writing a key/value store
* Get to know your API
* Testing
* Threads and EM.defer
* Network clients
* The EM ecosystem

This talk will be highly participatory, so, be ready to pull out your laptops and explore along with me as we get to know our Ruby speed-demon friend better, EventMachine.
Testing / QAJava Automatiser les tests à tous les niveaux est essentiel au développement itératif et incrémental. Néanmoins, c'est plus facile à dire qu'à faire. La plupart des IDEs modernes permettent de se lancer rapidement dans les test unitaires mais il faut souvent retrousser nos manches pour automatiser les tests d'intégration ou les tests systèmes (lire: de bout en bout).

Cette session, sous forme de Kata, présente comment piloter le développement d'une application par les tests clients automatisés (tests d'acceptance et tests systèmes). Pendant la session, les présentateurs enrichiront une application existante pour démontrer comment tirer profit des différents types de tests pour produire du code de qualité. La démonstration sera suivie d'une présentation sur les concepts abordés ainsi qu'une session de questions/réponses
Ruby This is a cautionary tale on what can happen to the overly inquisitive mind. It is the story on how a deadly sin led me to become a committer on Ruby and spend way too much time hunting demons in C code.

This will be an excursion through dark corners and back alleys of Ruby, a language so dynamic it is difficult to know what its actual specs are. You'll witness adventures with recursion, battles against floats and other forays into details that we luckily hardly ever encounter as mere mortals.

I should have listened to my mother.
PHPSecurity Somehow you met the impossible deadline, your project is on-line and you now deserve some time to relax. Other than you and me though, the internet does not sleep and your application is under constant attack having hackers have their ways to break into applications and steal or modify private information. Switch sides for an hour and attack the demo blackbox application! Learn how attackers gather information, exploit vulnerabilities and hijack servers - and what to do to stop them.
Front-end Ever thought how much better CSS would be if you only had variables or expressions or "x" or "y". Tired of remembering all of the browser prefixes for the new CSS3 features? Enter LESS CSS. LESS CSS is a CSS pre-processor that offers variables, mixins, expressions and much more. This is how everyone dreamed CSS would be ran. In this session, you will learn how to fully harness all the functionality of LESS while avoiding some of the pitfalls many new users face. CSS3 will never seem easier!
Over a six month period, I lead the project to rewrite a top 100 website using a new software stack. Doing so, we used HAProxy, Varnish, Nginx, PHP-FPM, Symfony2, Syslog-ng, Redis and MySQL to create a platform that handles 100 million page views per day and has room to grow.

In this presentation, I’ll cover what we did, the challenges we faced and the solutions we found.
Mobile In this modern world, mobility is everywhere. Everybody wants to have a mobile application, but it's not sufficient. To be the next Angry Birds or Instagram, you need to create an awesome experience for your customer. Tips, tricks and guidelines based on experience that will help you make a success of your next exciting mobile application idea.
Project Management / AgileStartups When you're building a team, we normally think of the roles as Senior Developer or Web Designer and then search and filter accordingly. While these roles are important, they miss the question: "who's your Murdock?". There are a number of more subtle roles that balance a team making it effective. This presentation will identify the more common roles and how to detect and recruit appropriately.
Data Persistance MySQL is the heart of many LAMP based sites but do you know how to take care of your instances? Do you know why ext2/3 is not a good file system to use or what files to monitor for operation health? When is a query in the slow query log a good thing? When should you index columns and when you should not? This session covers common mistakes to avoid and how to build MySQL servers that will not cause your environment to balk.
SecurityWeb Services The case for online identity has been present for as long as there has been a need to customize a web experience for an individual person. From OpenID to BrowserID, there are open solutions for solving the issue of having different logins for all of the sites and services we use. The problem with open identity systems in the Ecommerce world is that the identifying characteristics of a user in current implementations is shallow, providing basically a “yes, this person has an account” answer to “who is this user?”.

This is where new X.commerce identity is trying to change identity. By leveraging off of the massive user Ecommerce information of PayPal and eBay, open Ecommerce identity is now a valuable source of real user data. Using buying and selling history, user ratings, profile identifiers and a vast array of different user data, X.commerce identity is able to define “trust levels” for a user who signs in to your site and provide solutions for easy, secure identity and payment.
CMS Content Management Systems are one of the oldest application categories on the internet. This presentation will briefly look back on their history -- from the original release of the PHP language itself through Slashcode and innumerable subsequent open source systems -- and will then examine some trends in CMS architecture, and suggest some challenges for the future of this application category.

This presentation will take a high level view of things and won't dwell on technical details, so it should be interesting to decision makers who want some perspective on what "CMS" really means. It should also be interesting to developers of CMS systems and modules, who want to reflect on the nature of their work in a broader context.
Javascript Avec jQuery 1.5, une nouvelle méthode plus propre, plus élégante et plus sécurisée de créer des plugins a été mise en place. Beaucoup continuent pourtant d'être construits selon l'ancienne méthode. Nous verrons donc les avantages de la nouvelle méthode et bien entendu, nous construirons ensemble un plugin selon celle-ci.
PythonCMS Lorsque vient le temps de construire un site web, nous sommes souvent confrontés aux même défis.

Django-cms offre une collection d'outil qui permet de construire rapidement des sites web de qualités.

Je propose de faire un survol des mécanismes qui sont en place pour éviter de se répéter (DRY). Nous aborderons les plugins, les app hooks et les menus personalisés.

Une des grandes qualités de django-cms est sa facilité d'intégration avec une application django existante. Nous verrons comment intégrer ce cms à un projet déjà en branle.

Je pourrai montrer plusieurs exemples de plugins qui m'ont été utiles.

On pourra aussi démontrer le "Front-end editing". (edition à même le contenu)

En terminant, on pourra voir des exemples concret de sites utilisant ce CMS.

Site web de django-cms
RubyStartups Continuous Delivery done at speed is a little like driving a Ferrari with your foot flat on the peddle. Fun but you cannot help but feel a little bit concerned you might die. Thats what fast Continuous delivery feels like when you start it at least. What do we mean by Continuous Delivery? What we are really taking about is Continuous integration and Continuous deployment. A developer pushes some half finished feature to a branch, tests are run, code is integrated and deployed to production. This talk will look at what it takes for a startup to implement continuous delivery at speed. Looking at how we have approached these problems at Songkick.com. We will examine all the complications/fun of having a complex system with multiple components, libraries and interdependencies. Songkick.com is a Ruby shop and we will be focusing on how to achieve continuous delivery at speed in the Ruby world. Looking at the existing tools, the ones we had to write and the ones we stole from other languages
Testing / QAMobile The default tooling for Android development (Android SDK along with its companion, the ADT plugin for Eclipse), provided by Google, is focused on providing ease of use to the developer; but what about the continuous integration (automatic build on commit, automatic execution of the units tests and integration tests, automatic analysis of the code quality, releasing, etc..) with tools such as Maven and Jenkins/Hudson ?
This talk will introduce the attendee to the Maven Android plugin, a nice alternative to the default ant tooling (and a great way to re use existing Maven artifacts), and to the Jenkins/Hudson continuous integration server, for Android development, focusing on the difficulty of executing an headless Android SDK.
Javascript Le Web est un système complexe. Certaines erreurs d'implémentations se propagent vite. Les développeurs les utilisent. Les implémenteurs de clients Web (navigateurs inclus) doivent hacker pour se coller à la réalité du Web tel que pratiquée.

Nous verrons ensemble pourquoi les navigateurs implémentent parfois différement de ce que préconisent le standard. Comment les standards ont évolué pour être plus proches de la réalité. Et ce que les développeurs peuvent faire pour éviter que les bugs se propagent avec quelques techniques de développement.
Mobile With the proliferation of Apple iPhone, iPad and iPod Touch, its impetrative that any mobile app development for iOS platform, should consider creating a universal app. This talk focuses on, what is a universal app, how much code is really reusable, and how to avoid common pit falls. This talk would also include the demonstration of universal app incorporating some of the latest iOS features.
JavaMobile In this presentation, I will cover how to create your own View (a custom visual component, with or without interaction) for Android. I will demonstrate the basic guidelines, and build the example in front of the audience. This presentation will not be about slides, it will be the witnessing of someone building his own View and using it in a user experience afterwards.

In the last 6 years I have specialized in user interfaces, first with flash, building hundreds of custom visual components for applications built with flash, and in the last 2 years I have concentrated on Android.
PHPSecurity La cryptographie n'est pas facile à comprendre et encore moins la mettre en place.

Cette présentation se veut une introduction à la cryptographie par la définition, des exemples (php) et la mise en place.
PHPScaling / Performance At Smith Electric Vehicles we process billions of pieces of data every week into our telematics system, all coming from remote collection devices continually sending us data. With that data, we need to be able to continually add it to our database, report against it, display recent data, maintain it, and most importantly - ensure we receive every byte of data. No easy challenge!

This talk will discuss some of the concepts, tools and technologies available to help deal with continually processing and managing data through heavily de-coupled systems. From the services needed to ensure you can safely perform maintenance without loosing data, to reporting, storing, managing, displaying and reacting upon this data from within your web application, your database systems while keeping your hair in the process.
.NET Your team was working intensely on your company’s flagship product for past several months. The product was successfully deployed and most customers are pleased. However this one high-profile customer is experiencing issues such as slow performance, application hangs & crashes. These are the issues that you haven’t seen before and cannot re-produce in-house. Your team is under severe pressure to resolve these problems ASAP with challenging constraints like limited physical access to the customer data centre. In this presentation, Kamran will introduce some tools & techniques based on proven practices that can be helpful in tackling this type of situation.
Java Scala est actuellement le langage connaissant la plus forte progression parmi les langages alternatifs tournant sur la JVM. Langage orienté objet, statiquement typé, et parfaitement interopérable avec Java, Scala propose de nombreuses fonctionnalités très intéressantes qui en font un langage unique : citons notamment l'inférence de type, les traits, la programmation fonctionnelle ou encore les acteurs. Venez donc découvrir les possibilités de ce langage, ainsi que quelques libraries et frameworks l'exploitant : Lift et Play! pour le MVC, Akka pour les architectures concurrentes, SBT pour le build et Squeryl pour l'ORM.
Web Services From Mozilla’s new BrowserID to OpenID and the Facebook Graph API, determining user identity has become a simple matter of leveraging a profile. The problem, and the source of many heated debates, arises when trying to determine whether to identify a user by their true, real life, identity and whether that should be forced on them when interacting online. Social powerhouses like Facebook and Google+ are throwing their weight behind forcing users to be directly tied to their real life identity, but what does this mean for privacy, anonymity, and online social interactions? In this talk we’ll explore the concepts behind identity models, how online and real life social graphs are used for defining identity and relationships, and how using real identity and social graph models have led to real life issues of security and privacy worldwide. Through these models, we’ll explore how services like BrowserID, OpenID and the Facebook Graph API are used to construct user identity online.
PHP Composer is a new PHP dependency manager. It resolves and downloads the packages your project requires.

In this session you will learn how to use Composer to easily manage the libraries and other packages you use. We will go through the basics of dependency management and then move on towards publishing your own packages, be it open source ones or closed company code that is used by multiple projects.
Web Services A lot of Web Services today claim to be RESTful APIs. But are they really? Do the URLs accurately identify resources? Are the powers of HTTP leveraged properly? What is "hypermedia", what is the Uniform Interface, and what is the secret behind the HATEOAS acronym that is so essential to the REST architectural style? This talk gives answers and guidelines using real-life examples.
PHPCloud Computing Most developers choose a single cloud solution when choosing a production platform. Nowadays The Hybrid Cloud is the best way to go: combining a stable hosting solution with distributed and burstable unmanaged Cloud platforms.

This talk will combine standard server hosting with cloud platforms such as Azure and AWS for computing, storage & CDN. Besides the technical aspect, there will be a strong focus on best practices from an infrastructure point of view.
SecurityTesting / QAJava In this session, we will discuss how to assure the security and quality of code through the use of static analysis and the application of software code governance. Attendees will learn how static analysis can be used to find and address defects that could become security vulnerabilities while the code is still in development. We will also discuss how to assess the security of code coming from the open source. We’ll look at some specific issues which could become security vulnerabilities that we found in some of the leading open source projects through the Scan initiative.

Finally we’ll present some case studies of customers who have implemented static analysis with software code governance. We’ll discuss how to establish and enforce quality and security thresholds for managing the software assurance of internally developed code and third-party code.
Cloud Computing.NET L'info-nuagique est la voie du futur. Avec l'offre Office 365 en ligne, Microsoft se positionne comme un des leaders dans les fournisseurs de services en nuages pour les compagnies de tous genres. Le marché Office 365 (Marketplace) offre une perspective intéressante pour les développeurs désirant vendre leurs services et produits hébergé dans le nuage. Durant cette session, les participants apprendront comment développer des solutions d'affaires visant la plate-forme SharePoint en ligne d'Office 365 en utilisant des solutions « sandboxed ». Un vrai projet sera développé et déployé sur un site Office 365.
Security You've been hacked, and you're both the web developer and the sysadmin. It was probably through that sketchy plugin you just added to your third-party PHP application. You removed it, but they're back. Now what? In this presentation we will walk through the steps of dealing with security incidents, from identifying that the compromise occurred, how it happened, and what they did after they got in. We'll go through several very real post-compromise scenarios that we hope are never useful
Cloud ComputingSystem Administration As a progressive devops practitioner you really want to take advantage of modern practices like continuous delivery and automated/on-demand scale-out; however, it could take months or years before that behemoth of an enterprise you call your 9-5 has its lawyers figure out if the public cloud gets the green-light.

In the meantime, this session will help you get your head around the potential benefits of building your own private cloud solution. We will explore a simple scenario using VirtualBox and Chef to compose and provision your environments. You will learn how to store your infrastructural metadata under version control using Git and provision environments via your continuous integration server.

Even if you decide that the public cloud is what you need, learning to do-it-yourself can give you much-needed insight into how elastic provisioning works.
PHPData Persistance Doctrine is an enterprise object persistence layer for PHP 5.3.2+ that supports persisting PHP objects to relational databases like MySQL, Oracle, etc. and document based storage systems like MongoDB as well. Dive in head first and learn the Doctrine way in this talk.
Python In this session I'll show you how you can take Flask, a so-called "microframework", and write readable, usable, testable and intelligent code for all of your macro-scale applications. We'll go through basic project structure, API design, ORM integration (including some popular non-relational databases), modular design with blueprints, and testing. By the end of this talk, you'll understand why Flask is the little framework that lets you do a lot, and be armed with the tools & knowledge to write applications of all sizes.
PHPCMS Drupal is a content management system and a web development platform. With a small set of core modules and a large ecosystem of community contributed modules, it can be used fro a variety of use cases including corporate intranets, social web applications, online publishing, and education or government websites. In this talk, we’ll cover the benefits of using Drupal for developers, and how to use and extend Drupal as a web development framework.

Besides being open source and having an active development-driven community, Drupal has many architectural advantages. We’ll discuss these benefits including the hook system, separation of theme and module layers, the emphasis on flexible content architecture, the database integration layer, and Drupal’s coding standards. We’ll also introduce some tools to get you started on the right track, improve the performance of your Drupal projects, and avoid mistakes.
Front-end The value of keeping all code D.R.Y (Don't Repeat Yourself) is universally accepted and demanded in the world of programming, but when it comes to CSS it can seem like the limitations of the language offer no way to achieve proper DRYness without becoming dependent on external pseudo-CSS-parsing tools like LESS or SASS. Don't believe the grief, we've just all been doing_it_wrong()!

This talk will go over how you can use thematic and structural CSS definitions to cut down on wasted code, simplify maintenance and unify your site styles just by DRYing out your standard CSS. I'll explain how tools like Firebug enable a whole new way of understanding complex style interrelationships and give examples of the particular patterns that let me cut one stylesheet from ~4200 to ~2400 lines without losing anything but wasted code!

I'll also cover how DRY CSS principles simplify cross-browser compatibility and Right-To-Left (RTL) language support by grouping workarounds into structural sets.
Front-endMobile Le développement web actuel a atteint un niveau de maturité digne des autres division de l'informatique. Avec l'arrivé du mobile, le web doit s'adapter au format et à la mobilité imposé.

Cette présentation à pour but de démontrer que le "web-mobile" n'est pas qu'une extension du web vers un autre média, mais bien un outil complémentaire. Cet outil répond à des besoins commun au web traditionnel, mais répond aussi à de nouveaux besoins.

Ces besoins je vais vous les démontrer avec des exemples bien réels et nous allons voir pourquoi certains projets sont une réussite et d'autres non.

En résumé, cette présentation vous amènera à voir un projet mobile non pas comme une copie de la version web, mais bien comme un outil qui exploite les qualités du média.
Startups In this highly entertaining, extremely educational presentation Mike Michalowicz will show you the 8 strategies that will have your business out marketing, out selling and out performing the competition before you even leave the event.

You will discover the two must influential words in any language, that draws customers every single time. You will learn a simple "label" technique used by a small security company to double it's revenue in 3 months. You will discover a secret method that a national online retailer used to have customers flock to them... and so much more.

Mike Michalowicz is the author of the perennial best selling, business cult classic "The Toilet Paper Entrepreneur". He is a small business columnist for The Wall Street Journal, and is the host of MSNBC's Your Business make over segments.

Mike has launched and sold 2 multi-million dollar companies and currently operates his third company which provides behavioral web optimization.
Project Management / Agile Teams face many challenges during a Sprint. Some of them, such as requests that seemingly come out of the blue or getting
timely answers to questions from the Product Owner, are common to both collocated and distributed teams. Others such as
communication and time zone challenges are more often found with distributed teams.

In this talk, Steffan Surdek discusses different challenges teams may face during a Sprint and presents suggestions teams can use to help make their Sprints run more smoothly.

Content high-level overview:
- Handling language differences
- Handling cultural differences
- Handling teleconferences
- Using documentation to communicate better
- Valuing the whole team
- Promoting Transparency
- Effective Daily Scrums
- Handling new requests
- Handling maintenance issues
- Getting timely answers
Data Persistance ElasticSearch is quickly becoming one of the primary contenders in the search space: it is distributed, highly available, fast, RESTful, and ready to be plugged into Web applications. Its developers have been busy in the last year; this talk will do a quick introduction to ElasticSearch and cover some of the most interesting and exciting new features. We might even take down a live server or two to illustrate a point.
Web ServicesScaling / Performance Webapps monitoring landscape is changing. As pointed out by Garnter, IT needs simplified monitoring and Google Analytics can now measure page load times.
As more and more businesses rely on them, techniques such as real time user monitoring, incident detection and root cause analysis have become critical. While been the Holy Grail to users, webapps are a nightmare for engineers as ensuring quality of service becomes more difficult.
More and more companies are starting to realize that they are losing significant revenue, growth and productivity due to down time, high latency and scaling issues with their web applications. Quality of Service guarantees with built-in penalties are becoming the norm, bringing a downside into the equation.
We will present these new problems in detail, followed by a short history of techniques used to measure and estimate the quality of web-based applications. We will review the most popular monitoring technologies, pointing out their pros and cons.
Project Management / Agile Clients need to know how much a project will cost. Waterfall development is always late and over-budget. Agile development is done when it's done. You're left with estimates that you know are too low and then you squeeze them anyway. It shouldn't be this way. We'll look at how this happens, early warning signs, ways out and ways of avoiding it in the first place.
SecurityTesting / QA Vega is a cross-platform, open-source toolkit for testing the security of web applications, developed by Montreal-based Subgraph. Vega includes an automated vulnerability scanner and an intercepting proxy. The Vega vulnerability checks are implemented as Javascript modules. While Vega comes with a set of modules comprising the standard checks, a rich API makes it possible to extend the functionality of Vega. In this talk we will explain how some of the standard modules work, and then introduce the API for the development of new ones.
Project Management / Agile Comment faire pour aligner une équipe, un département ou une organisation toute entière dans la même direction? Bien que les entreprises se dotent de valeurs et principes honorables, n’y aurait-il pas une façon plus concrète permettant à tous les employés de ramer dans la même direction? À l’aide de la pensée système, le conférencier présentera des entreprises qui se démarquent dans leur industrie respective. Celles-ci ont toutes la même façon de penser : faire face à la demande.

On fera alors la transposition de cette pensée système en développement logiciel. Alors que la philosophie Agile gagne en popularité, est-ce que nos manières de faire actuelle en T.I font, elles-aussi, face à la demande.
Accessibility This session is the perfect place people new to web accessibility, from managers to web developers. This session will introduce the fundamental concepts, best practices and crisis points of web accessibility.

At the end of this session, you will have the foundations for the important work of making inclusive websites and be familiar with the relevant issues of accessibility legislation.
In this session I will give a brief overview of the essential functionality required to interact with a Git repository. I'll explain the Git design and how it differs from other version control systems, how to submit patches to open-source projects using Git, why it is a better tool than other centralised version control systems and recommend a basic setup of a project using Github so you can share your work with others.

I'll assume a basic understanding of version control as a concept and the importance of using it for developer projects. I'll also be working mostly using command-line tools rather the GUIs to try and better explain the underlying concepts.
Python Facebook figures out people that you might already know, LinkedIn tells you how many degrees of separation there are between you and the CEO of Nokia, and LastFM suggests music based on your current listening habits. We’ll take a look at the basic theory behind how some of these features work (no comp. sci. degree required!), and show how you can implement some of these features in your application.
PHP Discover the power and flexibility of Hierarchical MVC (HMVC) and how you can use it in your next project. Learn what HMVC is, why it is an important and helpful architectural concept, and how to use it most effectively in real-world situations to save time and encourage code re-use within your website or application. If you have ever built separate "widget" or "block" systems to re-use certain parts of your layout or code modules when using traditional MVC frameworks, this talk is for you.
Scaling / Performance Companies often wrestle with how to implement site search on a website. Many times, this feature is very critical to the success of the website. Users, who are accustomed to superb search results from search engines such as Google, expect the same level of relevancy, speed and accuracy in any search result. Apache Solr provides an excellent match to many of the most common site search requirements. This talk will focus on how Solr would fit these site search tool requirements. Apache Solr, an open source, Lucene Java-based search server that can be easily incorporated into Web applications. Solr offers faceted searching, hit highlighting, and support for multiple output formats, including XML/XSLT and JSON. It is easy to install and configure and comes with an HTTP-based administration interface.
System Administration In this session I will discuss the brief history of Homebrew, why it was created (instead of just using Fink or MacPorts) and how to use it. I'll mention the technologies used (Git/Github/Ruby) and the project structure. Finally, I'll encourage people to get involved and show how to create new packages (known as formulae), how to submit new packages for inclusion, how to create binary packages (known as bottles) and where to find help with any Homebrew issues.
This presentation should be a useful and entertaining overview of the core elements of Homebrew and introduce people to the tool. It should be useful to anyone using OSX (or considering helping with the Linux port) to provide them with quick and easy package management. I'll assume a technical audience but no in-depth knowledge of any particular technology. There should be new and useful information in here from complete novices to Homebrew contributors.
CMS There are many different kinds of content management systems out there, and from the outside, they might look similar, but under the hood, their architectures are often quite different.

What effect does this difference have on their communities? This presentation will argue that the effect is quite large.

We will examine the architecture of three different CMSs: Drupal, ImpressCMS/XOOPS, and TikiWiki. They represent three very different architectural approaches, from highly modular (Drupal) to monolithic (TikiWiki). Arguably, the nature of the communities around each CMS can be attributed largely to their architecture, and the kind of participation it encourages.

This presentation will include a detailed technical examination of how the CMSs function, some knowledge of PHP will be an asset but not required. The balance of the discussion will be around the communities, and will not require technical knowledge.
Mobile Designing a web API is hard, designing a mobile API is even harder. With heavy constraints such as bandwidth, latency and CPU power, developing a mobile API is a challenge for the service provider and the application developer. As mobile devices become ubiquitous and connected, offering the best user experience in mobile application is crucial; optimizing the network is an important part of it.

In this talk we'll cover the challenges of designing a mobile API as well as innovative solutions and best practices that can be used by the service provider. We'll share our broad experience in developing connected mobile apps.
Data PersistanceJavascript Les nouvelles APIs HTML5 ouvrent aux développeurs web des horizons nouveaux. Le stockage en local, tout d'abord, permet aujourd'hui de concevoir des applications pouvant fonctionner sans connexion. Vous découvrirez les différents types de stockage disponibles et l'état actuel de leur implémentation dans les différents navigateurs, ainsi que des techniques de synchronisation client-serveur. Les WebSockets permettent quant à eux, grâce à la communication bidirectionnelle, de pousser des données depuis le serveur et ainsi d'envisager le développement de meilleures applications de travail collaboratif. Je vous présenterais à l'aide d'un exemple d'application le fonctionnement de cette technologie.
MobileJavascript Michal will talk about game development with Open Web Technologies such as JavaScript, HTML5 and CSS3, it’s history, creating crossplatform games for desktops, mobiles, tablets and other devices Javascript could run on. During the talk he will present couple methods of animations, implementation of game’s logic and different ways to communicate between players.
Java Depuis quelques années, plusieurs entreprises ont introduit de l'AOP dans leurs projets pour les bénéfices architecturaux et techniques offerts. Malheureusement l'AOP vient également avec son lot de pièges. Pour ces raisons, plusieurs délaissent l'AOP à cause de la complexité indue qui pourrait toutefois être réduite en suivant de simples bonnes pratiques et en préparant adéquatement son intégration.

Cette présentation a pour but d'aider une équipe à embrasser l'AOP tout en évitant les pièges. On y traitera de diverses bonnes et mauvaises pratiques avec l'AOP (architecture, IDE, refactoring, tests...). L'accent sera placé sur des conseils pratiques comme le choix de frameworks (ex.: AspectJ ou Spring-AOP), du mode de tissage approprié à votre contexte, des conflits avec d'autres technologies Java, etc.

Cette présentation est tirée d'une formation ayant une forte appréciation depuis 3 ans et s'appuie sur une publication scientifique internationale.
PHPTesting / QA Most web applications are changed and adapted quite frequently and quickly. Their environment, for example the size and the behavior of the user base, are constantly changing. What was sufficient yesterday can be insufficient today. Especially in a web environment it is important to monitor and continuously improve the internal quality not only when developing, but also when maintaining the software.

Jenkins is the leading open-source continuous integration server. Thanks to its thriving plugin ecosystem, it supports building and testing virtually any project. This session explains how you can leverage Jenkins to monitor the various aspects of software quality in a PHP software project.
PHPScaling / Performance This is a beginner level talk about making your PHP based websites perform better. I'll discuss finding low hanging fruit, opcode caches, memcached, and other tricks to get your page loading faster.
PHP PHP 5.4 is the next up and coming version of PHP. This talk will talk about what this new PHP release brings to the table interms of new functionalities that are available, general improvements and the changes that may impact your existing code.
Python Lors de la présentation d'un langage, on se focalise trop souvent sur sa syntaxe, et un peu sur sa sémantique. Mais c'est bien plus que cela : c'est une vision du développement logiciel. C'est un ensemble de choix technique, d'une philosophie, d'une sémantique et enfin d'une syntaxe. Cette session à un double objectif, d'une part présenter simplement les caractéristiques d'un langage dynamique et de fournir des exemples à travers le langage Python. Et d'autre part, de pousser les participants à réléchir sur leur relation avec la programmation et de donner envie d'approfondir un peu la théorie des langages.
PHPData Persistance The following session will be an introduction to PostgreSQL and how to
work with it from PHP. The session will identify the key
advantages of Postgres as a database system, it's specific
functionality's that can simplify work-loads for developers and DBAs
This portion of the presentation will be done through practical code
examples and demonstrate how to work with Postgres from PHP using
both PDO and Pgsql extension. There will be also something for people
looking to migrate from MySQL to PostgreSQL identifying some key
differences between these
two database system.
Security Code injection into web apps is not a new phenomenon. It's been a constant on the web even longer than IE6. It's been around since the very first .cgi scripts were chmod +x'ed, resulting in a chroot 0wn3d.

Code injection is mainly brought about by web programmers not making sure that the input received from users is what was expected.

This talk, will concentrate mainly on XSS injection, but will also talk a little about SQLi and CSRF. We'll go over the kinds of programming mistakes that result in code injection, and how to change your mindset to prevent these issues.
PHP PHP iterators have been around since PHP 5, but are heavily under utilized. With all the built-in iterators there is no reason you shouldn't be leveraging it's power and flexibility. In this session you will learn about all the built-in PHP iterators and be guided on how to extend and/or create your own iterators.
JavaJavascript Il est possible d’associer le langage Java et le langage de script JavaScript. Bien que cette fonctionnalité soit présente depuis Java 5, peu de développeurs semble l’utiliser. Cette conférence permettra de présenter les modes d'interaction entre les deux langages. Nous pourrons voir comment utiliser JavaScript pour implémenter des interfaces Java. Une autre utilisation intéressante est d’exposer des objets Java à Javascript pour scripter une application Java.
Javascript jQuery est sans conteste la librairie Javascript la plus utilisée au monde principalement grâce à sa facilité d'apprentissage. Ce qui vient par contre avec quelques défauts, Trop souvent jQuery nous fait oublier que le Javascript n'est pas seulement une suite d'évènements ajoutés dans une même fonction après que le DOM soit initialisé.

Dans cette présentation je démontrerai de simples trucs pour améliorer votre code tout en gardant la simplicité de jQuery intacte. Un entre deux pour ceux qui ne sont pas prêts à se lancer dans Backbone.js et autres frameworks plus complexes.
RubyJava You probably know Ruby. You may even know about JRuby. But do you know why JRuby should interest you, or how it can make your life as a Ruby developer a happy one?

In this talk, Charles Oliver Nutter, co-lead of the JRuby project, presents all the reasons why you should try JRuby for your next Ruby project. We'll explore the wonder that is the JVM, play with tools built for Java that now work great with Ruby, and cover the long list of features that make JRuby a standout Ruby implementation as well as a standout JVM language. Most of all, we'll have fun!

Whether you're a Rubyist or not, you'll learn something new...and maybe become the newest JRubyist on the block.
Java Now that you're an expert in Java or Scala or some other JVM language, master of JVM bytecode, and tamer of classloaders, concurrency, and collectors, what's left to know about the JVM? Here's one: what happens to JVM bytecode after you give it to the JVM? How does it optimize, how can you monitor that process, and why would you want to do so?

This talk will introduce you to the basics of how the JVM (OpenJDK, in this case) optimizes code. We'll explore various JVM flags for monitoring optimizations and compilation to native code, learn how to tweak both the JVM and our code to get along, and learn to read the assembly code the JVM eventually hands off to the machine. By the end of this talk, you'll be able to show off assembly dumps and inlining graphs to your co-workers, and the world will be a more beautiful place.
Project Management / AgileTesting / QA Les cycles de développement des applications raccourcissent de plus en plus. La pression se fait plus forte sur les équipes de développement qui sont poussées à développer en mode mercenaire, où seul le résultat immédiat compte. Cette vision est généralement contre-productive sur le long-terme car on passe beaucoup plus de temps à maintenir une application qu'à la développer. Il est donc primordial de s'assurer de sa qualité au delà de l'adéquation avec le besoin fonctionnel.

Cela passe par de nombreux éléments dont bien entendu la qualité du code source mais pas seulement. La présence de documentations pertinentes et à jour, les types et l'étendue des tests mis en place, l'architecture de l'application ou encore sa portabilité sont autant de facteurs clés du succès d'un projet.
Cloud ComputingScaling / Performance The MapReduce framework promises to make computing of large sets of data very easy. The approach offers excellent scalability across many computing nodes, and can easily be integrated with existing systems. This session will give an introduction to the basic techniques and ideas behind MapReduce, followed by a live demo using Apache Hadoop, a major implementation of MapReduce, and Hadoop's streaming functionality that allows users to write processing jobs not just in Java, but in any programming language, including PHP.
Startups Tout entrepreneur est en partie développeur d’affaires. Or, les nouveaux médias du web changent complètement la donne pour les développeurs d’affaires en 2012. D’une part, leurs clients sont mieux informés (exit, donc, les stratégies habituellement associées aux vendeurs d’automobiles usagées), d’autre part, les entrepreneurs ont maintenant en main des outils particulièrement bien adaptés au développement des affaires. Mais encore faut-il savoir les utiliser le plus efficacement possible…

Je propose lors de cette conférence de couvrir les points suivants :

1- Principes de base de la vente (éléments psychologiques, processus de vente, pipeline…);

2- Techniques de “cold-call” revisitées pour 2012 (courriels, suivis, etc.);

3- Comment tirer le meilleur parti des médias sociaux dans une stratégie de développement des affaires;

4- Pourquoi avoir un blogue et comment en tirer le maximum;

5- Un aperçu de ce qui est à venir en terme de développement des affaires en ligne.
Project Management / Agile Le partenariat en projet informatique tient parfois du casse-tête, mais peut s'avérer LA formule gagnante dans bien des cas. Le partenariat vous permet de bénéficier d'une expertise supplémentaire, de délais de production réduits, en plus de permettre des relations d'affaires à long terme. Afin qu'un projet en partenariat se déroule bien, une planification claire et un suivi serré sont essentiels. Comment préparer un projet en partenariat qui sera bénéfique pour tous?

Cette conférence s'adresse principalement aux Chargés de Projet en informatique et aux Programmeurs ayant un rôle décisionnaire dans l'évaluation et la gestion des mandats.
Front-endJavascript jQuery is known to many developers. It is an extremely compact yet very
powerful JavaScript library which facilitates our daily work.

jQuery focusses on essentials which results in its small size. You do not find
unnecessary animations, widgets or rarely needed features. But what can you do
if you actually need all these things? Write them yourself? Install from
different plugins?

The correct answer is jQuery-UI. jQuery-UI is a collection of additional
effects, features and widgets based on the jQuery library ready to be
used. But there is even more to it. The components are based on a framework
which facilitates the creation of widgets.

Get to know jQuery-UI in this session! Get an overview of the features and
widgets which are at your disposal without much effort. Learn furthermore how
to create your own widgets conveniently with the jQuery-UI framework which
obeys your every word.
SecurityMobile Les smartphones sont aujourdhui partie prenante de toutes les entreprises (on ne parle plus que de iPhone, iPad, Android, ....)

Malheureusement ces outils sont actuellement la cible de toutes les attaques pour entrer dans l'entreprise.

Nous détaillerons dans cette présentatino les dix risques les plus courants s'appliquant aux smartphones ainsi que les remédiations possibles.

Security Plusieurs nouvelles technologies et nouveaux protocoles pour aider la sécurité, votre identité et votre vie privé ont été ajoutés au niveau des navigateurs. Plusieurs doivent être ajoutés ou activés à partir de votre serveur web.

Dans cette présentation nous allons explorer ces technologies et nous apprendrons comment nous en servir.
Python Le monde Python possède quelques outils trés intéressants mais souvent méconnus par beaucoup par manque d'investissement. Pourtant un bon outillage peut nous rendre plus efficace et rapide dans notre développement. L'objectif de la session est de mettre "le pied à l'étrier" en présentant les outils que je trouve indispensable : outils système, d'intégration continue, de test, de packaging... Chaque outil sera qualifié selon plusieurs critères : courbe d'apprentissage, simplicité, cas d'utilisation et bénéfices attendus.
Web ServicesFront-end This talk will go through the Linked Data life-cycle; awareness, data modeling, publishing, discovery, integration, and use cases. Linked Data principles, and the Linking Open Data cloud will also be covered for understanding the potentials of mass amounts of Linked Data that's already out there. That's billions of heterogeneous structured data from governments, life sciences, social networks, and media organisations. If you are a programmer, or an architect, this presentation is for you.
PHP Legacy code is a burden that few developers are lucky enough to avoid in their professional lives. We'll look at how legacy code develops and some of the early warning signs to watch out for. Where it's already a problem, we'll explore the strategies that can be used to replace, isolate or integrate that code and some practical methods for achieving it. This talk will weigh these ideas up in terms of time and cost to help you take a pragmatic approach to taming or slaying your monster.
PHP Even if PHP is by far the most popular language to develop websites, it's not the only one. What can we learn from Java, Python, and Ruby? Which best practices and tools can we borrow and/or adapt from these languages? Open-Source, cross-pollination and sharing are the keys to open your mind and benefit from the work of other communities.
Scaling / PerformanceSystem Administration Have you ever wondered what is happening in the inner core of your operating system?
Did you spend countless hours to find an elusive timing problem?

The LTTng 2.0 project provides an easy to use tracing capability for Linux. Its tools can trace either the kernel and your userspace applications, allowing you to link operation in your application to the action of the operating system. An unified control tool allow for an easy control of the data gathering. Powerful visualization tools can give you a quick summary of the state of your system or a detailed timeline of each significant operation with a nanosecond precision.

If you are a sysadmin wanting to get a better understanding of the load of your server or an application developer with a latency problem, this presentation can help find and solve your problems.
PHP The 5 SOLID principles incarnate the essence of good object oriented design and programming. Sadly, only few people know about them and even fewer obey to them in their daily work. In this session we will not only explain the principles without lots of theory, but also show you how to realize them in your everyday work, using practical examples from real world projects.
SecurityWeb ServicesJavascript Nowadays many modern web applications are solely relying on JavaScript to render their frontend and only provide an API endpoint at their backend, resulting in a much more fluent and desktop-application-like user experience. But if you want to create mashups, load data from many different places or include external widgets into your site, you are quickly running into boundaries because of browser and security restrictions. In this presentation I will talk about techniques, some older, some brand new which will help you to:

* create rich JavaScript based Web Applications
* make API calls to external domains
* authenticate these calls through OAuth2 without compromising your secrets
* load external content and JavaScript widgets safely
* send JavaScript messages between frames on different domains
* get real-time notifications from your backendand use the browser to store the some of the user's data.
Security Présentation de la SDL et du modèle simplifié de la SDL
- Adapter la SDL à un processus existant de développement Web; comment s'y prendre
=> Modélisation de menaces/attaques
=> Développement sécurisé, principes et concepts
=> Test/Fuzzing
- Utilisation des outils open-source existants
Front-end Microsoft Silverlight is a cross-browser, cross-platform and cross-device add-on for delivering compelling Rich Internet Applications. Even though a web site user will not care if contents are delivered via Silverlight or something else, however, programmers have a little different way of judging these technologies. For them with Silverlight, Microsoft has provided a powerful development platform that combines firepower of XAML’s rendering engine with the flexibility of standard development technologies. In this presentation Kamran will take you through introduction to Silverlight and demonstrate some applications that go beyond just displaying Hello World, rather do something more useful.
Python Many programmers cut their teeth with PHP before getting interested in Python. However, while the languages seem similar at first, there are many new concepts to grasp and new ecosystem of tools to master. This isn't easy, but with the right advice, a strong PHP developer can become an excellent Python developer very quickly.

Based on the experience of migrating a 20-person development team from PHP to Python and Django, this talk will examine how to tackle this journey. While the fundamental languages differences will be touched upon, this talk will focus on more interesting topics such as common python gotchas, tips for grokking Django, awesome tools and applications from the community, and how to manage such a migration for a large team of developers.
Front-endJavascript Planbox is a single-page web application for Agile project management. It was built using the traditional MVC stack with CodeIgniter (PHP) and jQuery (Javascript). AJAX was heavily used to update DOM elements to offer a dynamic user experience. UX logic code quickly became spread across Javascript and PHP. The application code base quickly became unmanageable and scaling functionality became difficult. Things had to change.

A decision was made to change architecture: bring all the UX logic in the front-end, and turn the back-end into an engine in charge of business logic.

This talk is about this experience. How we moved the MVC stack from the back-end to the front-end. How we used Backbone JS as the foundation of our front-end framework and built on top. How the backend became a black-box with a Restful API. What lessons we learned, what benefits we gained, and what reflections we made about the future of MVC in Javascript.

PHP Modularity is one of the most desired non-functional aspects in software development: Every product wants to be extensible by plug-ins! But beside high quality code, you need extension points so you can easily plug in additional custom modules. This talk will show and compare theory and real life approaches from the PHP world in this direction.
Ruby Your Ruby/Rails application is up and running, you’ve got users, and better still, they’re ready to pay to for the fruits of your genius. Okay, genius: how do they pay? The answer is ActiveMerchant, the de facto standard for handling payments in Ruby. ActiveMerchant gives you a single, simple API that supports many payment gateways and lets you authorize a payment and capture the money, all with only a screenful’s worth of code. In this session, we’ll walk you through a simple payment, work up to a full Rails-based shopping cart with payment authorization and capture and show you what the industry standards are and the security precautions you should take.
Scaling / PerformanceData Persistance EXPLAIN is a misunderstood tool for optimizing SQL queries. But not all full table scans are bad and not all indexes speed access. This session is an introduction to using EXPLAIN to improve MySQL performance and help you write better SQL queries.
Cloud ComputingJavascript Node.js is becoming more and more popular every day, and Joyent is working hard to keep the community stimulated, and engaged.

In this talk James presents the state of the world of compute - in the cloud, and out of it, a vision of the future of the internet, and an introduction to the ideas behind node, and the reasons why Joyent thinks the technology is so important.

While the talk does present a brief introduction to Node.js as an enabling technology, the primary goal is to get the audience looking at the web, and perhaps the world in a slightly different way.

Java Multi dimensional data analysis and other OLAP related technology remained the black ducks of the Java platform for years. A few Java Community Process initiatives attempted to resolve the problem in vain. Numerous factors contributed to the slow penetration of OLAP in the Java ecosystem. In the end, much was learned. A standard could only come from a genuine community process. Olap4j emerged as the secret love child of these attempts. Much was learned indeed. Today, olap4j is the de-facto standard for all that is OLAP in the Java world. This talk is aimed at seasoned developers who wish to architect and implement Business Intelligence software. Olap4j is a full toolset of OLAP tools for Java, from driver management to what-if analysis.
Cloud ComputingStartups Open Data and Open Government movements are rapidly gaining ground in Canada and the World. They bring together the power of Open Source, Cloud and Mobile to create the future of break-through innovations. They connect citizens and governments, drive more transparency, efficiency and civic engagement. This session explores how Open Data creates new opportunities for developers and start-ups to help governments and us (citizens) to transition to this future, faster, and looks at what technologies will serve as the building blocks for an Open Government Platform of the future. We’ll look at some examples of Canadian Open Data and Open Gov projects, and how they use web, mobile and cloud to connect government and the citizens, capture the knowledge of "the people" and make Open Government “real” to citizens and developers.
Web Services When OpenSocial was first introduced, the main goal was to create an open and distributed alternative to the closed off Facebook platform for social apps. Since then much has happened: The specification has majored and powerful new features have been introduced. More and more social networks are implementing OpenSocial containers, allowing developers to reach over 900 million users with one social app. Additionally education organizations and enterprise companies like IBM, SAP, SurfNET or Atlassian are seeing the benefits of an open standard to open them up to other developers. In this presentation I will introduce you to OpenSocial, and walk you through an example to show you how easy it is to connect an existing web application to enterprise products and social networks alike. I will especially highlight some of the new OpenSocial 2.0 features, such as Embedded Experiences or OpenSearch, that help you with a tight integration into your user's existing tools and workflows.
Scaling / Performance The MapReduce programming model lets developers without experience with parallel and distributed
systems utilize the resources of a large, multi-CPU system. The Oracle RDBMS has had support for the MapReduce paradigm for years through SQL analytics, user defined pipelined table functions and aggregation objects. The Apache Hadoop implements the MapReduce model.

In this session, we describe a prototype of Oracle in-database Hadoop implementation that lets you
write and execute Hadoop compatible applications written in Java directly in the database.
The major advantages of our implementation include:
(1) source compatibility with Hadoop,
(2) minimal dependency on the Apache Hadoop infrastructure,
(3) seamless integration of MapReduce functionality in Oracle SQL
(4) better parallelism and efficiency due to data pipelining (i.e., table functions) and no intermediate materialization.
PHPScaling / PerformanceData Persistance As soon as you decide to use an ORM tool, one of the biggest factors is Rapid Application Development.
Everything is wonderful during development phase, but when it hits production, performance doesn't work like you expect.
You may think it's ORM's fault, your expected it to write as efficient queries as you manually do, but like guns, ORMs don't kill your database, developers do!
This talk will go deep into Doctrine 2 ORM by exploring performance tips that can save your application from its deepest nightmare.
Data Persistance Emailing *.sql files to the in-house DBA before each release used to work for your single-node, single-environment website. You have recently been tasked with building a multi-environment application architecture when you realize that you need to come up with a more professional process which is less error-prone. You also see the benefits of having your schema versioned along-side your code.

You've read a few blog posts by some fairly enterprising developers on the subject but you still can't quite get your head wrapped around how to start or even what tools to use or how to integrate the tools into your project. You now have that sinking feeling in your stomach as you think that maybe you are in over your head.

In this session, we walk through real-world refactoring scenarios using a tool called Liquibase. Liquibase is an open-source and cross-platform database refactoring tool which allows changes to be tracked and automated across environments.
Scaling / PerformanceFront-end The performance of a web site is one of the criteria used by Google and other search engines to determine the site's ranking. This should be reason enough to make performance optimization a mandatory step in your development process. We will cover several aspects of optimizing a site from a performance perspective: we try to minimize markup and client-site code, intelligently distribute HTTP requests, reduce bandwith and connections overall, and will also have a look at server-side code. Talking about code: as usual, the session will also feature code and demos.
PHPSecurity To ensure the high quality of your source code, you of course write (unit) tests and do regular code reviews. Judging the state of security though may seem a lot harder than it is - if you don't know what to look for and where to get started. This talk will introduce you to security audits, why and how tools can assist a manual review and why a mere scanner based approach doesn't work.
Startups By knowing your personal brand (and communicating that message to others) you can help advance your career as a software developer. If your personal brand communicates value and is recognized easily, people will turn to you to work on more exciting projects. This will result in more exposure at your organization and within your industry to help you advance your career or initiate new business opportunities. Learn about how you can position your skills to really communicate what you do.
PHPCMS The PHPCR specification defines an API that combines the power of NoSQL databases with hierarchical data structures and versioning, powerful search and other features. Content repositories, like Midgard2 or Jackrabbit, can implement the API to provide generic access to their content. Using PHPCR, applications can focus on the application logic and use the API to quickly implement CMS functionality and choose from the solution that best fits their server requirements and scalability needs to handle final persistence.
PHPScaling / Performance The RDBMS is often the weakest link of PHP performance. PHP applications also face a second evil: database node failure.
This demo-packed session covers Oracle database mechanisms for PHP performance and high-availability.
Need to sustain 100s of thousands of PHP users with database access? See how Database Resident Connection Pool allows scaling database connectivity without the overhead of connection creation/destruction. The fastest database access is NO db access: see how OCI8 can use Client-side ResultSet caching while maintaining consistence with the database. HTTP is not inherently transactional, see how OCI8 can implement transactions across HTTP requests. Your Database server may fail; see how OCI8 can use Fast Application Notification (FAN) to fail-over database connections to surviving RAC node. Need to upgrade 24 x 7 PHP applications (including database schema)? See how OCI8 use Edition based Redefinition to allow upgrading or patching in use PHP applications.
PHPSystem Administration Most PHP talks are given from the point of view of developers, managers and other obvious stakeholders. The story of the hoster is often untold, but the importance of the hoster is in a lot of cases underestimated. Hosters have a huge responsibility and deal as much with PHP related issues as as the developers of the project. Keywords: security, performance, setup, configuration, scalability, ...
Front-endJavascript Notion de classe, création d'objets, propriétés et méthodes statiques, héritage... Beaucoup de termes qu'on retrouve dans tous les langages orientés objet mais qui sont souvent incompris avec Javascript. Sa conception de base étant trop souvent inconnue. Je vous propose donc d'en faire un tour complet.
Scaling / PerformanceData Persistance This talk is designed for advanced PostgreSQL users who want to know how to maximize PostgreSQL performance. It covers every aspect of performance: server settings, caching, sizing operating system resources, optimizer processing, problem queries, storage efficiency, and some hardware selection details. It includes how to size shared memory, how to understand the output of the optimizer, when to restructure queries, and how to configure storage for optimal performance.
PHPScaling / Performance The web is full of advice focussed on improving performance. Before you can
optimise however, you need to find out if your code is actually slow; then you
need to understand the code; and then you need to find out what you can

This talk introduces various tools and concepts to optimise the optimisation
of your PHP applications.
Data Persistance SQL is a declarative language, meaning the user submits an SQL command and the database determines the optimal execution. Common Table Expressions (CTEs) allow queries to be more imperative, allowing looping and processing hierarchical structures that are normally associated only with imperative languages. This talk will help developers use implement CTE queries in their applications and allow operations that normally could only be done in application code to be done via SQL queries.
Testing / QAJava Les processus Agiles sont de plus en plus répandus. Plusieurs ténors du développement Agile recommandent la réalisation intensive de tests en TDD. Afin de bénéficier pleinement des tests unitaires, il est souhaitable d'utiliser des mocks afin d'assurer une réelle isolation.

Comment peut-on piloter son architecture grâce à des mocks? Qu'est-ce que ceux-ci peuvent nous apprendre sur notre code? Nous verrons comment le fait de changer légèrement la structure d'un test peut faciliter l'émergence de l'architecture et comment les mocks peuvent nous aider à concevoir une architecture ayant une meilleure conception orientée objet. On y présentera également certaines astuces servant à faire ressortir l'essentiel de ses propres tests.

La séance prendra la forme d'un tutoriel en réalisant pas à pas un design simple parsemé de trucs et astuces. Malgré l'utilisation de Java et Mockito, d'autres utilisateurs pourront aisément retenir les concepts.
Python Pyramid est un framework web minimaliste qui offre des possibilités et combinaisons tout à fait surprenantes. Pyramid ne fait pas de compromis sur le choix de ses composantes, il n'utilise que ce qu'il se fait de mieux: sqlalchemy, mako, jinja2, redis, mongodb, ... à vous de choisir. Pour les nouveaux venus la flexibilité et l'indépendance offertes par Pyramid est pour le moins déconcertante. Dans cette présentation nous explorerons les composantes et mécanismes fréquemment utilisés avec Pyramid et nous aborderons sommairement les projets développés par Pylons Project.
Ruby Another new version of Rails. Delightful. And terrifying. What's changed this time? Fear Not!

We'll be reviewing the changes and additions to Rails 3.1, giving you a walk-through of what it all means (asset pipeline, what?), in the context of a brand new app, and an older app that will need to be upgraded.
Web ServicesFront-end In this presentation we will dive into the wonderful world of RDF and SPARQL technologies: a universal data model and a query language for the Semantic Web. We will go through the whys and hows of authoring and collecting information from the Web of Data. This presentation is for programmers and analysts.
PythonJavascript While node.js gets all the glory around non-blocking real time apps, there are Python solutions too.

This talk is a demo of how to build a real time app using Python, gevent, Socket.io, redis and possibly a whole lot more. Few slides, lots of code starting from nothing to a real time web app in an hour.

For bonus points at the end, we'll show how this web app can be integrated into Mozilla's open web app infrastructure.
PHPWeb Services Until recently, the only way to provide integration between a website and a voice-call and a website was with expensive enterprise software. With new services such as Tropo and Twilio, any web developer can integrate a web application with telephone services. We will walk through using these services to initiate phone calls with our users, automatically ask questions and store answers, verify users phone numbers, and allow users to access web services, their account and data by picking up their phone, calling your web service and requesting data.

This talk will walk through real world examples showing how you can quickly and easily integrate with real time voice calls with your users - pushing the boundaries of the web!
Front-end Pushing data from the server to the client as events happen has not really been possible in the web so far. While there have been some workarounds for this issue, most commonly referred to as "Comet", most of these were hacks. Luckily, there is an upcoming W3C WebSockets standard. This talk will discuss use cases for WebSockets, show you compatibility issues/fallbacks and different ways of dispatching your events. You will learn about fully-asynchronous stateful applications, but also about how to enhance existing apps with realtime capabilities.
Data Persistance Most of the NoSQL movement and buzz happened around the Map/Reduce type of storage like CouchDB and MongoDB, while Redis, mostly unknown, shines by it's simplicity. It is an in-memory database that (unlike Memcached) actually persists the data to disk to survive restarts and failures. It can help scale up write-heavy applications, but also serves as a great tool to understand how most databases work and learn to think in lower level storage terms, and can be fun to play with for small scale projects.
Testing / QASystem Administration Que se soit suite à une attaque, une défaillance matérielle ou un bogue applicatif, et malgré toute les précautions prises en amont, aucune application en production n'est à l'abri d'une catastrophe.

L'important est d'avoir un plan de reprise sur incident efficace pour limiter le plus possible l'impact d'un tel incident sur la qualité de service.

Cela passe par une phase de préparation (mise en place de logs, sauvegardes régulière, etc) et par un plan d'action pour le jour J (Communication de crise, diagnostiques, priorisation des tâches, etc.)
PythonWeb Services The trend today is that more and more projects are exposing their functionality via RESTful APIs. It's an awesome trend, allowing different projects to interact and mashups being born. However it's quite rare to find good examples on how to create good APIs in Python. This talk discusses various tools and libraries you could use to build one and shows practical real-life examples of how it was done by others.
Ruby Speak you Ruby surely like native? Have you a grip on using the rectified idioms for coding in the language? But seriously: like human languages, programming languages are also about clear communication, and the best way to speak a language is to understand it idioms. In this session, we’ll look at Ruby turns of phrase and other patterns that the best-written Ruby code uses to communicate clearly and that best take advantage of the Ruby language.
PHPScaling / Performance Today, large-scale PHP platforms like Facebook demonstrate strikingly that it is quite possible to build scalable, high-performance web applications with PHP. It does not work out to just use an MVC framework as architecture, though. This session allows a peek into web architectures and technologies that large-scale PHP platforms use, and demonstrates how you can use them in your own projects.
Cloud ComputingScaling / Performance Making your web application scalable is always a tricky task. This talk will center around how you can do this more easily on the
cloud, specifically using Amazon Web Services such as EC2, RDS, S3 and
more features. Amazon has a very rich feature set that makes having a scalable application easier than ever before.
Data Persistance MongoDB's architecture features built-in support for horizontal scalability, and high availability through replica sets. Auto-sharding allows users to easily distribute data across many nodes. Replica sets enable automatic failover and recovery of database nodes within or across data centers. This session will provide an introduction to scaling with MongoDB by one of the developers working on the project.
SecurityRuby Nous présenterons des bonnes pratiques autour de Ruby on Rails pour éviter :

- La mauvaise gestion des sessions
- Les problèmes de XSS/CSRF
- Les injections SQL,
En parallèle nous aborderons le Top10 2010 OWASP autour de Ruby on Rails

Front-end Even though search engine optimization (SEO) has gone mainstream, many developers are still unaware of important modifications that can and should be done to a website to optimize it. This session will provide an overview of some of the key areas that developers should be aware of when working on a website. Topics such as the need for appropriate URLs, page and website redirects, HTML tags, and others will be covered.
PHP This talk will bring you closer to the Symfony2 based Silex microframework, explain use cases, go into internals, such as the Pimple service container, and show you how to use it. After this talk you will know more about Symfony components, PHP 5.3 closures, functional testing, and get a taste of simplicity, minimalism and perfectionism combined.
Python If you ever heard that building a community is like herding cats, it's
true. This presentation is an attempt to control the uncontrollable forces
of the community by nourishing your code a healthy dose of testing,
by grooming it with syntax checking utilities, by cleaning its litter
box with various profiling techniques, and by taking its temperature
with logging. You'll need to attend to see the type of thermometer.

A community project is not only about the code, it is also about enabling
participation by letting the project go outdoors with distributed revision
control systems, by letting it back indoors with a regular review process,
by feeding it catnip with demos to play with, and by letting the vet
check it for bugs regularly. In the end, there may still be hairballs
but some people will hopefully fall in love with your project.
PHPCMS Stackbox is an ambitious new open source, BSD-licensed content management system aimed to end the "backend" editing paradigm for good. All content editing is done directly in-place and on-page through drag-and-drop JavaScript and AJAX methods. Page content is template-driven with regions defined by CSS classes. Content modules are dropped into regions and sorted live by the user.

The page model in WordPress, Drupal, and most other common CMSes are deeply flawed. Learn the reasons why the Stackbox approach is best and the thinking process that led up to the architecture decisions in Stackbox. Presentation will be followed by a demo, feature overview, and short Q&A.
Project Management / Agile Survivre a Agile: Ce qu'on ne vous dis pas dans les livres!

Agile, quel beau concept! Vous lisez les livres, suivez des formation et vous vous sentez prêt à l'implanter dans votre environnement de travail. Malheureusement, il y a un grand apprentissage à avoir lors de la mise en place dans l'environement de travail.:
- Organisation du travail
- Effets psychologiques sur les participants
- Courbe d'apprentissage et de collaboration
- Coopération réelle des patrons, employés et collaborateurs

Cette présentation met en lumière des expériences réelles et vécues de pièges à éviter de l'implantation et du management selon Agile.
PHP This sessions is essentially a tour through real life Symfony2 code. No bullet points, only code. During the talk the general architecture and philosophy of Symfony2 will be illustrated. Key design concepts will be shown with practical examples and popular so called "Bundles" that extend the functionality of Symfony2 will be introduced. The audience is encouraged to checkout and setup the code beforehand: https://github.com/lsmith77/symfony-standard/tree/techtalk
CMS Une discussion à la fois technique et sur les modèles d'affaires sur le futur de l'industrie des CMS. Modéré par Guy Vigneault, de guidecms.com, le panel d'expert inclut des vétérans de l'industrie, tels que Omar Bickell, Marc-André Lanciault et Marc Laporte.
SecurityPython La cyber-archéologie, ou l'art d'essayer de découvrir des fichiers et des répertoires non-exposés sur un domaine donné est depuis très longtemps un sujet connu et surtout outillé. Cependant, les outils déjà sur le marché comme Nikto, Dirbuster, Vega, skipfish ou autres couvrent mal la problématique. Alors que certains sont simplement des détecteurs de vulnérabilités très complet avec une extension pour ce type d'opération, d'autre sont mal maintenu, prompt à de faux positifs ou carrément trop lent pour la tâche. Tachyon se positionne comme un outil de cyber-archéologie dédié. Avec son architecture de plugin, son exécution parallèle optimisée, son approche novatrice pour la détection de faux positifs et son support pour le réseau Tor, l'outil se démarque lors des situations réelles. La session présentera l'outil, les raisons de son existence, sa technique de détection de faux-positifs ainsi que son architecture de plugins. Si nous avons le temps, nous écrirons un petit plugin en exemple
PHPTesting / QA Test-driven development is generally regarded as a good move: it should result in simple decoupled design, your tests tend to cover behaviour not methods, and far fewer bugs. However, just getting unit tests in on a real, commercial project is hard - switching to TDD is even harder. We'll examine how we can make small but permanent steps towards full TDD, without losing that progress when deadlines hit. We'll also cover a few methods for learning on your own time and how the whole process can actually be made quite enjoyable.
Testing / QAMobile Developing an Android app is easy. But what about testing it ? Why do Android developers still think their environment is so special when it comes to unit-testing ? After a brief introduction to TDD, Francis will give an overview of how an Android app can be tested and will give some tricks learned from the trenches. This talk will mainly focus on trade-offs that have to be considered when developing Android apps in a TDD way compared to more classical Java web-app development. It will cover topics such as Mocking, Development patterns, Unit Testing, Acceptance Tests, and continuous integration.
RubyTesting / QA Manual testing is an important part of SDLC. Testing an application before production deployment used to be nightmare for both testers and developers, as most of the bugs were caught in QA. With the invent of terms like TDD(Test Driven Development), BDD(Behavior Driven Development) and DDD(Design Driven Development), it started a new era, where both developers and testers can have a sound sleep nights before production roll-out. Ruby is very powerful language and has many tools and libraries to write tests easily for automated unit and functional testing, so that manual testing efforts can be minimized, thus less chance of failure.

In this talk, I would like to share how TDD, BDD and DDD together with Ruby can be helpful to build robust applications, with better design and good automated test coverage. I will also share some tools, which can show the code coverage for unit and functional test suites.
Project Management / Agile This talk is what happens when you combine the knowledge in Patrick Lencioni's book "The Five Dysfunction of a Team" with some of the ideas presented in the book "A Practical Guide to Distributed Scrum" and the experiences Steffan Surdek acquired working with distributed teams in the last five years.

Last fall, Steffan read Lencioni's book and quickly realized that he could now give a better explanation to many situations he faced when working with distributed teams. In this talk, participants will learn to relate these dysfunctions to the challenges that come with being part of a distributed Scrum team. They will also come out with some suggestions and ideas on how they can address theses issues to make their distributed teams work more smoothly together.
Front-end With the advent of modern desktop and mobile browsers supporting some or all of HTML5 the time to learn about this spec is now. Learn the basics of the additional functionality available to you with HTML5 from Canvas and Video to Geolocation and the Storage API’s. Walk through some examples and gain a deeper understanding of how you can take advantage of what HTML5 has to offer and begin the migration from black box plugins to the open standard in HTML5.
PHPTesting / QA Various testing tools exist to test the different aspects and layers of PHP applications. There is PHPUnit for Unit Testing (and Test-Driven Development), Behat for Acceptance Testing (and Behaviour-Driven Development), Selenium for System Testing, and a plethora of tools for testing non-functional aspects such as performance and security.

This presentation provides an overview of the goals of each of these tools and shows the first steps to leveraging them in your daily routine.
RubyData Persistance Tired of writing slow boring SQL queries full of joins when you implement a social network web application?

This talk will show a little introduction about noSQL and the benefits of using a graph database. It will be presented some Neo4j features, use cases and some code examples (using Java and JRuby).
Front-endJavascript Much web development today entails editing HTML, CSS and Javascript, in addition to working on the backend using different web frameworks.

Recent technologies makes this development more fun, concise and simply a whole lot better. CoffeeScript instead of Javascript, Sass over CSS and Haml replacing HTML.

Stop writing in assembly language! You will be convinced after this short overview of these three technologies, originating from the Ruby community but available today on all web development platforms.
PythonCMS Weakly held opinions, minimal complexity, and a strong philosophy combine to produce an extremely light-weight, efficient, and flexible web framework. WebCore features authentication and authorization that makes no assumptions about your application model, pluggable template and serialization engine API, self-organizing WSGI middleware, trivially simple multi-DB support, and first-class support for filesystem-like object dispatch, routes, XML-RPC, and Flash AMF.

WebCore scales from the trivial 5-line application through multi-component enterprise-scale applications and powers the Contentment CMS.

Contentment is a pluggable object-based CMF/CMS utilizing MongoDB as the storage engine built on top of WebCore and designed for extremely flexible integration as pure-CMS, hybrid, or contained within an existing application.

This 45-minute presentation will cover philosophy, features, and examples for both WebCore and Contentment.
SecurityCloud Computing Vous êtes sur le point de signer un contrat avec un éditeur d'applications web. Tous les éléments du cahier des charges ont été pris en compte dans l'offre, même la sécurité: le contrôle d'accès, la disponibilité, et...et c'est tout! Où est le reste? Pirates informatiques? Fraudeurs? Revendeurs d'informations? Concurrence? Lois? Qui s'en occupe? Y a-t-on pensé?

Lors de cette séance, nous simulerons l'intervention d'un spécialiste en modélisation de menaces (threat modeling) au tout début du projet de développement d'une application web mobile hébergée en cloud.

Son rôle sera de recenser les menaces spécifiques auxquelles votre application est exposée, techniques et/ou fonctionnels, puis de formuler des recommandations pour les architectes et développeurs.

En quoi cette activité consiste-t-elle? Qui la réalise? Comment trouve-t-on les menaces? Avec quelles techniques? Que doit-on insérer dans le cahier des charges destiné à l'éditeur de l'application?
Security 45 minutes pour parcourir une série d'exemples de code source, tirés d'applications web ou moins web, toutes technologies confondues, et présentant une faille de sécurité de plus ou moins grande gravité.

La séance se veut ludique et organisée sous la forme d'un quizz: nous disposeront de quelques minutes pour tenter de trouver les failles de sécurité dans chaque exemple de code affiché à l'écran. La faille et ses impacts potentiels seront ensuite expliqués.
Regular expressions seem to be some kind of dark magic for many developers.
Although easy to understand, they consist of strange characters like brackets,
dots, asterisks and questions marks. However, as soon as you have understood
what is going on behind the curtain, you do not want to miss regular
expressions in many areas.

This session does not only allow you to lift the veil and read as well as write
the seemingly magic regular expressions, but also demonstrates how and where
you can employ them by working with examples in step with actual praxis.
Project Management / Agile Depuis quelques années, la philosophie Lean intéresse de plus en plus les professionnels en T.I. Avec l’adoption des méthodes Agile que notre industrie a vécu depuis les 10 dernières années, qu’est-ce que la philosophie Lean peut apporter de plus à notre industrie?

Cette présentation magistrale se veut une introduction au Lean Software Development. Les participants y apprendront l’historique du Lean, ses deux piliers ainsi que les 7 gaspillages lors du développement logiciel. Ces bases de la philosophie Lean permettront aux participants d’identifier le gaspillage dans leur travail pour ainsi aider leur équipe à ne livrer que de la valeur. Nous regarderons aussi des exemples Lean dans d’autres industries pour faciliter la compréhension de la philosophie Lean ainsi que des exemples concrets à l’intérieur d’un projet Agile pour que le participant soit en mesure de mettre en pratique ce qu’il a appris lors de cette présentation.
PythonTesting / QA An introduction on how to unit test in Python. This talk is for Python developers who want to make sure their apps are tested correctly. It steps you through the libraries to user, how to do testing, mocking of external libraries, an overview of testing web apps and how to integrate with continuous integration.

This will be a detailed talk going through all the steps and pointing out common pitfalls.
Ruby As we code for an increasingly resource-centric Web, our tools
need to keep pace. Sadly, Rails conceptually has remained largely
unchanged since the before the advent of REST. Though Sinatra attempts
to make writing APIs simple, at it's core, it continues to use the
Rails model for routing and responding to requests.

Renee is a new approach to creating web applications build on top of
Rack. It's simplicity in implementation and design makes it ideal for
expressing yourself in the new resourceful web.

Through this talk we'll learn how the request/response model differs
from Sinatra or Rails, and how we can use this to create clean
beautiful web applications without repeating ourselves. We will also
dive into the internals, and look at real-world applications written
in Renee. Finally, we'll understand how to write extensions to Renee
to handle any need that arises.
MobileJavascript It's no secret that the iOS platform has completely changed the mobile landscape.  The App Store is approaching its 10 billionth download, and up until several open source projects showed up, the only possibility for building an application used on an iOS device was either learn Objective-C, or serve up a non-native web application. 

Enter Appcelerator Titanium, a framework for building native applications using web technologies.  If you know how to build a website using Javascript, you can build a native application using the Titanium API.  This session will take you through the basics of Titanium.  We'll set up a project together and pull in native iOS functions such as the camera, geolocation, and compass.  and all from a few simple lines of Javascript.
Scaling / Performance Based on the HTTP specification, Varnish Cache is able to speed up all your websites, independently of the language you are using to develop them. This session will focus on how you can easily benefit from installing it, and it will give you hints on how to get the most out of it with unique features like ESI support.
System Administration Maintaining a consistent development environment is hard—especially for
junior developers and designers with no interest in system administration.

In this talk, I'll show you how my team develops locally, in VPN (Virtual
Private Network) connected Virtual Machines, and how we make a team distributed in 5 cities feel a little like we're all working in the same

We'll touch on VirtualBox, Puppet, Vagrant, dpkg/APT, Amazon AWS (EC2, especially), IRC, HTTP Proxies, and lots of other fun tech.
PHPCMS We are building a highly innovative framework to integrate Drupal sites with touchtone phones and Internet-telephony systems to provide Drupal users with the ability to, among other things:

* Record, send and receive audio messages
* Organize phone-based polls
* Send meeting reminders
* Broadcast emergency announcements
* And much more!

VoIP Drupal will change the way you interact with Drupal, your phone and the web!
Accessibility This session will provide an overview of free tools for web developers to use in the development of accessible web content, such as the FireFox Accessiblity Toolbar, Fangs, WAVE and others. Participants are encouraged to bring laptops and websites to try the tools we will be covering during this session.

At the end of this session, you will have an experienced-based familiarity with the leading free web development accessibility tools. If you bring your laptop, you will have had a chance to try these tools on your own websites.
Security According to a study, nine out of ten web applications have security vulnerabilities. Recent events proved that not only old legacy sites were successfully attacked, but also new and recent applications, built with the best intentions and also with security in mind. We will have a look at common attacks, new attacks, and new twists to old attacks that demonstrate why so many websites may be compromised. We will have a look at recent attacks that made mainstream media, analyze some aspects of them, and will provide guidelines and best practices to become website ten out of ten. This session, as usual, comes with code and demos.
Security Almost every day now, we are told in the news about some huge hacking incident resulting from a vulnerable application in some organization. Unfortunately, we are rarely told about less sensational intrusions. Who are the guys behind those incidents and what suddenly brings their attention to a particular victim?

During this presentation, the audience will discover the "who", "what" and "why" of application security. We will not only talk about the "bad guys" but also about what is being done on the bright side of the picture, by developers, and by other people also involved in software defense.
Security This talk will focus on XSS, CSRF, Session Hijacking, SQL Injection, and other security issues need addressed in Website Development, and how to close them. This talk will delve into some specific code examples showing where vulnerabilities exist, and how to prevent them.
Python Django is well-suited for e-commerce, and there are currently several nascent django e-commerce frameworks in development. This talk is about the development of django-oscar, a framework designed to leverage Django's core functionality to allow domain-driven e-commerce applications to be built. This is a very powerful approach.

Writing django apps which are flexible enough to be adapted to a wide variety of scenarios is a non-trivial problem which will be explored. The talk will also cover a range of e-commerce best practices and how they can be implemented in Django.
Testing / QAJava Do you sometime feel that your code could be simpler? Or maybe you think that your test code is a mess and is just slowing you down?

This talk will discuss some design principles that will help you write simple testable code. It will also present some techniques and tools that will make your test code easier to write and maintain.

Be ready to read Java code!
PHP This session teaches you how to detect and debug PHP scripts with the free
open source tool Xdebug, which is an extension to PHP. The first part will
quickly show how to get started with Xdebug. The second part of the session
will cover detecting problems in your scripts by showing how Xdebug provides
debugging aides in the form of stack/function traces, dumps of variables,
modified PHP functions. In the last part I will show the remote debugger
capabilities of Xdebug with different IDEs, where you can: set breakpoints on
functions, methods and file/line combinations and evaluating error messages.
On top of this you will also see how you can use Xdebug's profiler to find
bottlenecks in your applications. I will be focussing on the least known
features of Xdebug.
Project Management / Agile One of the most overlooked Agile techniques may also be the most useful one.

In the context of software product development, Refactoring (improving the design of existing code) is absolutely mandatory to continuously deliver quality code in reasonable timeframes.

Teams that do not practice continuous refactoring see their quality and
velocity go down with time.

Developers should understand from this presentation:

How to practice useful refactoring?
How to explain the topic to managers?
How to make sure refactoring is done, and regularly?
What are the usual challenges when implementing refactoring? Why do so few developers actually do it?

Managers should take away from this session:

What is refactoring?
What to do to maintain a good velocity as products are being built?
What is technical debt?
What to answer developers who claim they need time to refactor? When to refactor and when not to?

Presented by

Sponsored by