February 18-20, 2015
Montreal, Canada

Top 20 sessions

Architecture A lot of Web Services today claim to be RESTful APIs. But are they really? Do the URLs accurately identify resources? Are the powers of HTTP leveraged properly? What is "Hypermedia", what is the Uniform Interface, and what is the secret behind the HATEOAS acronym that is so essential to the REST architectural style? This talk gives answers, guidelines and examples that show what REST really is about and why Hypermedia matters.
JavaScriptSecurity Cookies have been around for decades and have served us well. Nobody questions their usefulness. However, modern apps demand a better approach. This session is all about the natural successor to cookies: using a token-based design. Tokens help build apps that are assembled on multiple stacks, that use your own and 3rd party APIs. They help easily “flow” user identity across all layers and security contexts , regardless of how they authenticated.
JavaScript Long gone are the days when your Javascript functions were cluttered with HTML or when you injected AJAX responses into DIVs. Meet AngularJS, the framework that brings you clean separation between application logic and templates, does the heavy lifting for backend communications, helps with multilingual support and much more. I will help you build better applications with less effort.
HTML/CSSPerformance In the world of the Internet user's experience is in many cases controlled by the browser, and the browser's ability to render the page is the ultimate measure of how fast or slow a particular page and/or application is in the eyes of the user. This session will outline the tools that can be used to effectively measure the user experience in the browser as well as outline a number of approaches and performance tricks.
HTML/CSSSecurity HTML5 brings both new markup (tags, attributes) and new JavaScript APIs, both directly from the W3C/WHATWG HTML5 specifications, and within other standards documents. But what does that mean from a web application security point of view? Which new attack vectors exist, and how can we protect our web sites from them? This session will feature markup that evades filters and APIs that allow developers - and attackers - to do more than ever before.
With so many "Git how-tos" out there, where to start? This is not another one of those. Instead Adam Culp will give a practical walk through the development cycle and how to use Git as the source control. From initialization of a repository, adding, staging, cloning, and checkout, we will walk through a sample project and how most developers actually use Git to manage the workflow.
JavaScript Why, How, and What We Did Wrong.

Most of us don't have the luxury of building a new application from scratch and being able to do it "right". In this talk, I'll discuss how we integrated AngularJS into an existing round-trip application.  What we did wrong.  What we did right.  Lessons learned.  How users reacted to the changes.  What are our next steps. Finally, I'll include some tips on how to plan your own integration.
PerformancePHP One of the biggest bottlenecks in an application is the point at which data is requested from some source, be it a traditional database, web service, or something else. One method to overcome these bottlenecks is the use of caches to store pages, recordsets, objects, sessions, and more. In this talk, we'll explore a variety of caching tools and mechanisms including Memcached, Redis, reverse proxy caches, CDNs, and more.
You've decided to level up your Git skills and have heard that rebasing is where it's at. In this session we'll talk about: WHY rebasing can make it easier to untangle your project's history; WHEN you should use rebase; WHAT rebasing actually does to your repository; and HOW it actually looks when things go right (and how to recover when things go wrong).
Performance Tools like Varnish can improve scalability for static sites, but when user-specific content is needed, a hit to the backend webserver is still needed, causing scalability issues. We'll look at a new Nginx module which implements a fast and scalable solution to this problem, changing the way developers think about designing sites with user-specific content.
DevOps Haven't got time to learn all about nodes and clouds and elastics? This introductory session will give you a baseline for getting started on AWS.

In this talk, we'll cover file hosting (S3), server hosting (EC2, VPC), DNS hosting (Route53), database hosting (RDS), and some additional things like Cloudwatch, CloudFront, and ElasticCache, but we'll focus on the moving parts of EC2.
Nearly all open source projects have some form of peer review system. In this session you will learn the pros (and cons) of adopting a peer review system in-house. To illustrate how this unfolded in the real world, a case study will be used. We'll talk about the overall setup, the impact on the team, and give you tips on how to conduct a good peer review.
Architecture MVC allows you to divide responsibilities in your application but offers no help in building the most critical part: the domain logic. This talk will introduce ways that can help you to encapsulate the richness of your domain. We'll look at patterns such as Action Domain Responder and Hexagonal Architecture before introducing Domain Driven Design. Find out how to get beyond MVC and begin modelling your domains in rich, powerful and reusable ways.
HTML/CSSJavaScript Grunt makes building JavaScript, Sass, HTML and any other front end code dead simple. It is quickly becoming an indispensable tool among front end developers because it can fit into just about any build or continuous integration system. In this talk we'll bring developers up to speed on how to get Grunt running and integrated with your project. Then we'll move onto some core tasks that should appeal to every web developer.
Security Secure development has become a necessary part of any development process, there’s no way around that. Protecting the various parts of your application (and users) is also becoming more complex. Writing the code is only half the battle - it still needs to be tested. What tests do you need to worry about, though? Join me as I walk you through the most recent version of the OWASP Testing Guide and guide you with a few recommendations of my own.
Security No week passes without another successful high-profile attack against a well-known website. The reason is not only that old vulnerabilities still exist, but also that bad guys came up with new approaches to mess with a web site. We will have a look at some recent events that made the news, and dissect what went wrong, and what we can do about it for our applications. You will see old attacks with a new twist, and modern ways to mess with a site.
Quality Assurance Automated developer testing is part of the foundation of agile software projects, but for many teams testing is something we do without question, not something we think critically about. Its time to put strategy back into developer testing. In this presentation we will look at understanding quality requirements, identifying risk and problem areas in software and planning developer testing efforts.
PHPSecurity If your web application exists on the public Internet, someone *will* try to exploit it.
Many of these are un-targeted & scripted, their authors hoping that their target will fall to one of the hundreds of un-patched vulnerabilities in frameworks, blog engines or storefronts. Let's go through some common and uncommon exploits in the wild, starting from their traces in server logs, and see how we can detect them and better protect ourselves.
JavaScript Single page web applications have been all the rage recently. We created our own JS MVC framework and used it to rebuild our admin. Less than a year later we changed course. What fuelled this decision? What lessons have we learned? What worked and what didn’t? This talk will share our experiences, as well as our new hybrid approach: a modified version of Turbolinks combined with a lightweight binding system.
JavaScript A new version of JavaScript is on the horizon, with features include built-in class support, iterators, templates, destructuring assignment, promises, just to name a few. We don't need to wait to use it! Google's Traceur compiler "transpiles" these new ES6 features, so you can write future compatible code, today!

This talk will cover new features of JavaScript, demonstrating how they can be used to write more maintainable OO JS code.

Explore all 141 sessions

Montreal 2015 sponsored by