DISC is a one-day conference dedicated to all avenues of cloud business software.
Registration is free and food & beverage will be provided.
Saturday 23 April 2016
7:30 – 18:00
Faculty of Informatics
602 00 Brno
Developers, security specialists, backend, XD and UI enthusiasts.
|Technology & Techniques track||Security track||Hands on track|
|7.45 – 9.05|
|9.05 – 9.10|
|9.15 – 9.55||Test driven development
Test Driven Development (TDD) is a programming technique where a test is always written prior to writing the production code. This helps to find bugs early in the development process and reduces or even eliminates the need for debugging, which ultimately speeds up the development. Having the production code covered by tests makes it possible for the developers to do code changes without the fear of breaking existing functionality. We will talk about our experience with using TDD and demonstrate the technique on practical examples.
Secure Software Development Training
In the mindset of a developer, security is done by people in a different department who are mainly in the way of getting stuff done. However, as a developer you control a critical piece of the security puzzle which is the code your produce. Writing code in such a way that it does not contain security related bugs or problems is very important to improve the overall security posture of the company.
|10.00 – 10.45||Design Thinking Process
Methodology originated from Stanford Design School. The presentation will cover basics of Design Thinking process and how you could apply it to your work to build better products for people.
Test. Code. Refactor. Win.
|10.50 – 11.35|| Open Source Marketing
This talk will discuss marketing an open source developer product to both the developer community and the enterprise world. We will review how to run a marketing organization in the open to maintain transparency to the open source community. We’ll also discuss how to market an open source developer product to the enterprise.
|Abusing Java deserialization for fun and profit
The hidden danger of Java Deserialization vulnerabilities – often leading to remote code execution – has gained extended visibility in the past year. The issue is not new and it has been known for years, however it seems that the majority of developers were unaware until recent media coverage around commonly used libraries and major products. The main goal of this talk is to shed some light about how this vulnerability can be abused, how to detect it from a static and dynamic point of view and, more importantly, how to effectively protect against it.
|11.40 – 12.25||Web front-end Workflow
|Have you thought it thoroughly when moving to cloud?
Moving to or from the cloud is not an easy step. The session will describe what perspectives should one consider when planning to use cloud services and will specifically emphasise the field of security. Traditionally, companies think about cloud security aspects only in the field of data and who will have access to it. But this is not enough. Cloud security spans several domains, e.g. high availability, backup, data security and business continuity.
|12.25 – 13.30|
|13.30 – 14.15||How to make Oracle go faster
Examples of expressions which perform slowly coupled with equivalent ones which perform well. Discussion of common bad patterns to avoid. Performance reasons for using bind variables and also examples when using literals is more appropriate.
|The security rainbow
This talk is a high-level review of universal secure design principles for engineers and product managers. We will look at security, Hollywood movies, and rainbows to help gain an appreciation for avoidable catastrophic failures. At the end of the session, you should be able to speak intelligently about “the brown stripe” and to mock your coworkers when they suggest misguided security solutions.
Test. Code. Refactor. Win.
|14.20 – 15.05||Elastic Search
Introduction to Elastic Search (Providing Massive amounts of data to Operations and Development to provide near real time views of their responsibilities.)
|Find and fix security problems… wait, do not make security mistakes in the first place!
Today, companies rely on automated solutions (e.g. penetration testing) and people generally called white-hat hackers to find security problems. This approach quite often leads to an pile of small and big security problems that need to eventually be fixed. So how do organizations deal with all these issues? What is the most effective way to get issues fixed? For companies taking security serious, the question is no longer “How many problems can you find?”, but the real question is “How many security issues can you fix or prevent developers from making?” In this session, we explore different routes on how to find and fix security issues, or prevent making them in the first place.
|15.10 – 15.55|| 'Out of Step' - Redis, in a Database Driven World
The Database is ubiquitous, routinely serving as the default technology for data storage. With emerging data access patterns and technologies, the Database is no longer the de-facto solution for every situation. Redis is a powerful in-memory data structure store, capable of enhancing and off-loading functionality which was traditionally built upon the Database. This talk will explore the opportunities and risks of using Redis, in relation to traditional Database solutions and other technologies. We’ll explore the functionality provided by Redis, common use cases, situations where it should be avoided, and best practices for adoption and deployment.
|The security mindset
As the session progresses, attendees will start to pre-empt the potential flaws in the setups described, eventually finding would-be "0-day flaws” in the software described with minimal prompting. If your previous exposure was primarily the OWASP Top 10, this session will be a real eye-opener into the rich and diverse range of creative hacks out there, many of which have little to do with the Top 10 and will drastically improve your creative and destructive thinking when developing your own applications.
|16.00 – 16.45||Engineering "Good" Services on the JVM - A Story of Scala and Akka
This talk will explore how Scala and Akka can unlock the true power of the JVM in order to deliver the most important features of high quality cloud applications.
|Better Living Through Engineering : Making Operations a Day Job
In any large production operations environment, the problem of balancing quick issue response and remediation with good quality of life for the engineers carrying pagers is one that often is solved at the expense of one or the other. This talk will primarily address the technical solution that NetSuite has developed to solve this problem, along with a discussion of the philosophy that led us to that design.
|16.50 – 17.35||Optimizing Content Distribution in E-Commerce
This talk introduces content delivery networks in a context of large multi-national E-Commerce solutions. It discusses its various aspects, challenges and related topics.
|How to Motivate Teams to Fix Vulnerabilities
Technical geniuses master sophisticated software problems with ease, but for people with these unique skills, interpersonal communication does not typically rank as a strong area. In computer security, one result of this is that discoverers often get frustrated understanding how to communicate the vulnerability in a way that it can become fixed. The pattern is similar whether confined within the walls of the workplace, or in the open news media. The talk aims to simplify the task of communicating about vulnerabilities, and how to motivate others to do the right thing.
|17.45 – 18.15||
CIO of NetSuite, Co-Founder of Fortify & SVP of Infrastructure and Security of NetSuite
|18.15 – 22.00||
Faculty of Informatics, Masaryk University
Ted Rice is a seasoned innovator with over two decades of experience designing, building and scaling distributed systems. He currently holds the position of Architect in the Core Services group at NetSuite, where he co-invented the Patent "Phased rollout of version upgrades in web-based business information systems”. In his spare time, he can be found riding bikes in the Colorado Rocky Mountains or rummaging though records at a local music shop.
Bryan Washer is the Principal Site Reliability Engineer and Manager of the Engineering Operations Architecture group at Netsuite. He has over 20 years experience in supporting production environments across several fortune 500 companies. He specializes in designing solutions easy to maintain, quick to deploy and the flexibility to scale. Currently, he is developing an Elasticsearch implementation enabling extensive mining of data to provide world class event and data correlation.
Roman works as a database performance specialist in Netsuite and as such he is focused on tuning SQL statements and PLSQL procedures for faster performance. He has been working with Oracle for more than 15 years as both a developer and an administrator.
Jan is a Principal Software Engineer in the Payments team at NetSuite. Before joining NetSuite, he has worked as a NLP researcher at the Masaryk University where he focused on collecting and processing large text data. He enjoys solving complex algorithmic problems as well as puzzles and regularly participates in puzzle-hunt games, such as TMOU.
Jiri manages the Commerce Platform team at NetSuite based in Brno. He has over ten year experience in designing and building large software systems. Before joining NetSuite, he worked on various projects for Mazda and Ford in the UK and for the Ministry of Labour and Social Affairs in Prague. He graduated at the Faculty of Informatics, Masaryk University and started his career at the Institute of Computer Science working on an information system which manages data about university students and their studies in the Czech Republic. In his spare time, he enjoys riding his four bicycles and one kick scooter and spending time with his family.
Chris has been focused on cloud security since before the term existed. He began his data protection career overseeing healthcare database systems for claims, payroll, and financials for several major California HMOs. His passion for database technology and security led him to join Oracle as an engineer and eventually mBED Software, where Evan Goldberg hired him to create ground-breaking website technology. In 1998, Chris co-founded NetSuite, where he has implemented, among other things, a comprehensive ISO 27001 certified information security management system now powering more than 18,000 organizations.
Jiri is a Senior Manager in the Advisory Services of Deloitte Czech Republic. He has more than 10 years of experience in the ICT industry. Jiri held many positions within the life-cycle of IT projects. During studies he was playing with lots of technologies discovering the big world of IT. He established a small IT company and as a lead architect designed and co-developed several information systems. Then joined bigger IT companies to continue his journey with complete pre-sale and sales activities, application/system/enterprise architecture and design of big systems and industry solutions.
His primary ability is to see tasks at hand from distance and finding the best solution under specified constraints. Jiri´s technical expertise spans wide range of technologies, e.g. SQL, Hadoop, PHP, Python, HTML/CSS, Linux, IBM tools and platforms, continues with methodologies and frameworks, e.g. TOGAF, UMF, RUP, UML, ArchiMate and ends with business domains, e.g. IT Security, BigData ,eCommerce, marketing, application integration, enterprise architecture and data analysis.
Currently Jiri acts as a head of Security & Privacy consulting group in Deloitte Czech Republic, which primarily deals with security audits, IDM, security monitoring, penetration testing and mobile security topics.
Marcus Pinto is a director at MDSec Consulting and author of the “Web Application Hacker’s Handbook” series. He will share with you the highlights of the last 10 years, including the most interesting and thought-provoking of the high profile public domain hacks. As the session progresses, attendees will start to pre-empt the potential flaws in the setups described, eventually finding would-be "0-day flaws” in the software described with minimal prompting. If your previous exposure was primarily the OWASP Top 10, this session will be a real eye-opener into the rich and diverse range of creative hacks out there, many of which have little to do with the Top 10 and will drastically improve your creative and destructive thinking when developing your own applications.
Matias is the founder of Sensei Security, a software security startup building solutions to effectively fix security problems in software or even better, prevent security problems from being introduced into the software in the first place. Matias has over a decade of hands-on software security experience. From the research to improve existing solutions to scoping and providing the vision for new solutions. A dozen patents and a bunch of papers are the result of the fundamental research that eventually led to a hand full of commercial products.
Ashley's background in engineering has allowed her to excel in marketing developer products. She got her start at Twilio and then led marketing at Parse, which was then acquired by Facebook. After an awesome but short stint at Google Maps, she is so happy living the startup life at GitLab.
Tomas is User Experience designer with 10 years of experience in digital design industry. For many years he worked as freelance designer and consultant for clients ranging from agencies to corporations. Currently he leads NetSuite UX team in Brno and he is also involved in educating and mentoring next generation of designers in UX Well. Tom is passionate evangelist of good design and user experience, proud owner of 2 cats and he wants to go to outer space.
Passionate front-end evangelist, focused on computer human interaction, with more than 5 years of experience in cloud application development such as NetSuite, GoodData and OpenAir. Currently works on products next generation front-end experience in NetSuite UI Brno team. Life hacker, fascinated by graphics, psychology and optimization loves to create tools to allow rapid prototyping of designs to make programming fun again. In his spare time, he’s always in the move on his kick scooter in the city, running around the trails, cruising the slopes, riding bike or dancing.
Kurt Wubbels is the Manager of the Operations Tools and Automation group at NetSuite. In over a decade with the company he’s been designing systems and solving problems in roles ranging from Systems Engineer to Infrastructure Developer. Prior to his career in technology, Kurt spent his weekends traveling the US as a Pokemon master.
Douglas Held has been working in technology since 1998 and has been working exclusively in security for the past eight years. In 2008, Doug used Fortify SCA, a commercial static analyzer, to find a buffer overflow in Ron Rivest's MD6 hashing algorithm, contributing to its withdrawal from the US National Institutes of Standards and Technology's Secure Hash Algorithm (NIST SHA-3) competition. He continued to advise industry on application security best practices until joining NetSuite in March 2015 to consult internally full-time. His role at NetSuite is to guide and evangelize security, and owns the company's security design review practice.
Alvaro Muñoz (@pwntester) works as Principal Software Security Researcher with HP Security Research (HPSR). His research focuses on different programming languages and web application frameworks searching for vulnerabilities or unsafe uses of APIs. Before joining the HPSR team, he worked as an Application Security Consultant helping enterprises to deploy their application security programs. Muñoz holds several infosec certifications, including CISSP, GWAPT and OSCP, and is a proud member of int3pids CTF team. He blogs at http://www.pwntester.com.
Brian Chess has more than two decades of experience in Silicon Valley software development and computer security. Brian was among the first software developers to join NetSuite in 1999. He left in 2003 to found Fortify Software, which provided products and services to identify, remediate and protect against security vulnerabilities in software. Fortify was acquired by Hewlett-Packard in 2010. Brian returned to NetSuite in 2012 to lead the infrastructure and security teams. He holds a Ph.D. in Computer Engineering from the University of California, where he studied computer security and methods for identifying vulnerabilities in source code. Brian has written numerous articles and technical publications and a book titled “Secure Programming with Static Analysis,” published by Addison Wesley. He holds more than a dozen patents related to integrated circuit design, web-based applications, and computer security.
Douglas A. Brown is the Chief Information Officer (CIO) and SVP Engineering Operations at NetSuite Inc. (NYSE: N). In his current role, Doug is responsible for uptime, performance, security, and compliance of the NetSuite service as well as worldwide corporate Information Technologies Departments. Doug has worked for NetSuite for over 13 years, with previous experience as a Research Chemist at Henkel Corporation, and holds several patents in the field of anti-corrosive coatings for ferrous substrates. He holds a Bachelor of Arts in Chemistry from Indiana University and a Masters in Science in Chemistry from the University of Detroit-Mercy.