Development. Infrastructure. Security. Cloud.

Registration

Welcome speech

Intelligent eCommerce Merchandising with Elasticsearch

How can we apply intelligence to search to allow merchants to provide optimised results to shoppers? This talk looks at the fundamentals of product search, the process of applying real-time scoring factors to produce personalised search results, and the business processes involved in setting up, tuning and evaluating an intelligent product search system.

GraalVM: High-Performance Polyglot Runtime

GraalVM is a universal virtual machine for running applications written in JVM-based languages like Java, or written in JavaScript, Python, Ruby, R, and LLVM-based languages such as C and C++. GraalVM removes the isolation between programming languages and enables interoperability in a shared runtime. It can run either standalone or in the context of OpenJDK, Node.js, Oracle Database, or MySQL.

Workshop: NetSuite - the way you want it

Bitemporal Modeling: Patterns for building data models that, literally, stand the test of time

Talking about a decades-old technology may seem like an odd choice for a tech conference but the bitter truth is that the last application you designed probably does not handle the concept of time very well. Worse still, the next one will not be any better because the shortcomings are not obviously linked to the same root cause. In this presentation we will build a visual intuition of dealing with time in an information system that segues into an implementation pattern that does satisfy even advanced requirements. We will wrap up with some difficulties you may encounter in the real world and how to mitigate them. In future, you may build the solution yourself, use an off-the-shelf product or, this time knowingly, ignore the issue altogether but you will find it difficult to not think about the possibilities at stake.

Machine Learning and the Autonomous Database

We live in a world of over-hyped technologies, where “the next big thing” is always just around the corner. The greatest expectations today center on AI technologies. How are machine learning, AI, and autonomy going to change how we understand and deliver “big data”? This session gives a peek at new approaches, and attempts to weigh the promise of “new solutions to old problems” against the power of “old solutions to new problems”.

Petabyte-scale cloud services data processing with Splunk

Have confidence in your machine data platform at scale and remove the blind spots from your cloud journey, allowing you to focus on availability and security of mission-critical services. In this session, we'll cover processing and analyzing popular Cloud data sources at scale from sources such as Kafka, Kubernetes, and AWS Kinesis Firehose using the Splunk HTTP Event Collector (HEC), and Metrics indexes. Make sense of the data with the over 1700 free Splunkbase apps including Splunk Security Essentials and Splunk Essentials for Application Analytics. Customer success is at the heart of everything we do at Splunk. We help empower data-driven business transformation at the world’s largest companies, and help build the skills and careers of our passionate community advocates in SOCs, NOCs and datacenters around the world.

Moving to the cloud: modernizing for the transition to IaaS

Lots of good advice and technology exists for designing new applications for the cloud. So-called "cloud-native" designs can produce applications that are well-suited to both the advantages and disadvantages of abstraction over the compute layer. But when it comes to moving older applications to the cloud, changing the fundamental architecture is often a non-starter. This talk will explore approaches to modernizing legacy applications to make them cloud-ready, and the tradeoffs of mixing components of the modern cloud technology stack with legacy architectures.

Lunch

GraalVM: Polyglot Languages on the JVM

GraalVM can execute a multitude of language runtimes. This presentation will dive deeper into some of them, explain how GraalVM reaches compatibility with e.g. Node.js or Ruby, how programs can interact with each other, and how tooling can utilize this multi-language environment.

Security Champions: Increase Efficiency Without Compromising Effectivity

Let’s think about some of the challenges brought about by vulnerable technology/ software. Cybercrime is growing at a faster rate than traditional crimes. It is now more lucrative to steal data (i.e credit card numbers) than it is to rob a bank. And the world is responding – legislation and industry practices are changing to make software secure. Companies are investing in security programs, but what limits the effectiveness is the lack of participation, ownership, understanding, and accountability from the business.

Workshop: NetSuite - the way you want it

Accelerate Scaling through Tighter Security

Common-sense secure design principles say that adding more security forces a trade-off with efficiency. This talk with explore some tightly controlled environments that are capable of greater speed and scale than free and open environments.

Database Multi-tenant using Oracle Database

Multi-tenancy reminds one of living in shared space and somehow manage to get most out of it. Let’s explore how Oracle multi-tenant architecture makes this possible in database world. We will connect dots between sharing a living space to how you can share database using Oracle database.

A Decade of Building Security In and the BSIMM

The Building Security In Maturity Model (BSIMM, pronounced “bee simm”) is a study of existing software security initiatives. Starting a decade ago, the BSIMM authors began quantifying the software security practices of different organizations in order to describe the common ground they share, and to identify the variations that make each unique. In this talk, Jacob West describes the BSIMM, shares his experiences developing the model, and highlights ways the software security practice has evolved over his 15 year career.

Micro segmentation in a Cloud context

This talk discusses the relevance and applicability of micro segmentation in a cloud context. The talk will provide a perspective on the technology and process aspects, building a case for using a logical multi-dimensional label-based policy model and workload / host based enforcement.

Mind your binders

Mass assignment vulnerabilities, also known as over-posting or auto-binding vulnerabilities, are a well know issue to the application security community since 2011. Mass assignment has not been as popular as other vulnerability categories appearing in Top 10 lists, making them less understood in the developer community. The truth is that these kinds of vulnerabilities are more common than many people think and may allow attackers to overcome the application logic.
In this talk we will present mass assignment as a vulnerability type. We will show how it works, how it can be abused and more importantly, how it can be prevented. Although this vulnerability may affect different frameworks and languages, we will focus on the Spring framework, especially on Spring MVC and Spring WebFlow applications. We will wrap-up showing some live examples and reviewing how it affects other frameworks and languages.

Czechitas

The tech world is facing lack of qualified people. Many tech newcomers are self-taught and need help and support before being ready to join tech talent pool. Czechitas is a non-profit organization that aims at promoting tech knowledge among kids, youth and women of any age. With the help of hundreds of tech professionals, who teach with us, we have built an education platform where thousands of attendees have been able to find support with tech learning. In this talk, we will give an overview of our activities and the most successful projects.

Closing speech

Afterparty