tdd

Holistic Info-Sec for Web Developers

A three part book series focused on lifting the security knowledge of Software Developers, Engineers, and their teams, so that they can continuously deliver secure technical solutions on time and within budget, without nasty surprises. First book is complete, second book is content complete and currently in technical review.

Talk - Secrets of a High Performance Security Focussed Agile Team

At BSides Wellington: Kim discusses that Quality (security included) does not have to be neglected when you’re planning, building and running a high performance development team. He discusses how we fail and how to succeed.

Talk - Secrets of a High Performance Security Focussed Agile Team

Kim discusses how and why Agile Development Teams fail at security, and how to stop failing.

Workshop - Developing a high-performance security focussed Agile Team

DevSecCon, Singapore: Quality (security included) does not have to be neglected when you’re planning, building and running a high-performance development team. Kim will set the stage with how and why Agile development teams fail, explained with a familiar anecdote taken from his new book “Holistic Info-Sec for Web Developers”, coupled with how you can change this.

Consuming Free and Open Source

Redirects to legacy blog post. This is where A9 (Using Components with Known Vulnerabilities) of the 2013 OWASP Top 10 comes in. We are consuming far more free and open source libraries than we have ever before. Much of the code we are pulling into our projects is never intentionally used, but is still adding surface area for attack. In this post we address the risks and countermeasures.

Node.js Asynchronicity and Callback Nesting

Redirects to legacy blog post. AKA callback hell, temple of doom, often the functions that are nested are anonymous and often they are implicit closures. When it comes to asynchronicity in JavaScript, callbacks are our bread and butter. In saying that, often the best way to use them is by abstracting them behind more elegant APIs.

Automating Specification by Example for .NET Web Applications

Redirects to legacy blog post. It’s my intention that the following details will help you create a system that automates “Specification by Example”.

Software Engineer Interview Process and Questions

Redirects to legacy blog post. A short time ago, I was tasked with finding the right software engineer/s for the organisation I was working for. I settled on a process, a set of background questions, a set of practical programming exercises and a set of verbal questions. Later on I cut the set of verbal questions down to a quicker set. In this post, I’ll be going over the process and the full set of verbal questions. In a subsequent post I’ll go over the quicker set.

Talk - Moving to test and behaviour-driven development

At Canterbury Software Cluster: In this session Kim went over the benefits of introducing TDD and BDD: How to introduce them, their differences, how to deal with push back from team members and upper management.

How to Increase Software Developer Productivity

Redirects to legacy blog post. Is your organisation: * Wanting to get more out of your Software Developers? * Wanting to increase RoI? * Spending too much money fixing bugs? * Development team not releasing business value fast enough? * Maybe your a software developer and you want to lift your game to the next level? If any of these points are of concern to you… read on.