The meet up comprises of two talks by guest speakers and an initial slot for some lightening talks.
We are reading code for the most part of our days. Surprisingly, when a new feature needs to be implemented we sometimes forget that our code will be read lots of times in the future (by us or someone else). Dozens of books, articles, posts, etc have been written about improving our software. I've found useful to embrace some of the ideas expressed in these sources as mantras, and have them present at all times. In this talk we'll review them, and hopefully we'll discover new ones proposed by the audience.
Raúl is Software Engineer with a strong focus on code quality and readability. He thinks that, if the code you wrote one year ago doesn't make you feel a bit embarrassed when you review it today, you're doing something wrong.
Don't mock internal functions and methods, mock external dependencies. How to do that? This presentation will present a framework and practical example of creating Surrogate dependencies (think custom proxies, similar to WireMock). They are based on data collected from Integration tests to create environments where target applications can be executed offline and be subject to advanced security, quality and performance testing. All data is stored natively (JSON, XML) and Git is used for content versioning and simulation.
Dinis is focused on creating Application Security teams and providing Application Security assurance across the SDL (from development, to operations, to business processes, to board-level decisions). His focus is in the alignment of the business’s risk appetite with the reality created by Applications developed internally, outsourced or purchased. He is also an active Developer and Application Security Engineer focused on how to develop secure applications. A key drive is on 'Automating Application Security Knowledge and Workflows' which is the main concept behind the OWASP O2 Platform.