Romulus, Java Web Development made productive. http://www.ict-romulus.eu

Similar documents
How To Write A Web Application Vulnerability Scanner And Security Auditor

Dynamic website development using the Grails Platform. Joshua Davis Senior Architect Cognizant Technology Solutions

BEST WEB PROGRAMMING LANGUAGES TO LEARN ON YOUR OWN TIME

Rapid Application Development. and Application Generation Tools. Walter Knesel

CrownPeak Java Web Hosting. Version 0.20

Portals, Portlets & Liferay Platform

Ruby on Rails in GlassFish Sun Microsystems

Pete Helgren Ruby On Rails on i

Web Frameworks. web development done right. Course of Web Technologies A.A. 2010/2011 Valerio Maggio, PhD Student Prof.

Collaborative Open Market to Place Objects at your Service

Exploring the Relationship Between Web Application Development Tools and Security

JRuby Now and Future Charles Oliver Nutter JRuby Guy Sun Microsystems

SAP NetWeaver Opens SAP ERP world. Amedeo Prodi SAP Italia

HPC Portal Development Platform with E-Business and HPC Portlets

Liferay Portal Enterprise. Open Source. For Life.

HPC PORTAL DEVELOPMENT PLATFORM

Lucy Zhang UI Developer Contact:

A Comparison of Open Source Application Development Frameworks for the Enterprise

Quick start. A project with SpagoBI 3.x

Welcome to the Force.com Developer Day

Pro<DOC/> e-commerce Technology An Introduction

Pentesting Web Frameworks (preview of next year's SEC642 update)

Web 2.0 Technology Overview. Lecture 8 GSL Peru 2014

Ruby on Rails. a high-productivity web application framework. blog.curthibbs.us/ Curt Hibbs <curt@hibbs.com>

Choosing a Content Management System (CMS)

Java/J2EE or Web Developer. Formal Education. Technical knowledge. Spoken Languages

How To Write An Ria Application

<Insert Picture Here> What's New in NetBeans IDE 7.2

OXAGILE RESUMES SUMMARY OF QUALIFICATIONS TECHNICAL SKILLS SENIOR JAVA SOFTWARE ENGINEER

FROM BANNER 8 TO BANNER XE. What s the story?

Symfony2 and Drupal. Why to talk about Symfony2 framework?

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Building and Deploying Web Applications

Developing Exceptional Mobile and Multi-Channel Applications using IBM Web Experience Factory IBM Corporation 1

This course provides students with the knowledge and skills to develop ASP.NET MVC 4 web applications.

Develop a Native App (ios and Android) for a Drupal Website without Learning Objective-C or Java. Drupaldelphia 2014 By Joe Roberts

Whitepaper. Rich Internet Applications. Frameworks Evaluation. Document reference: TSL-SES-WP0001 Januar

VISION BPM. Business Process Management.

How To Use An Informix System With A Computer System (For A Dba)

Web Application Security

NXTware Remote. Advanced Development and Maintenance Environment for OpenVMS and other Strategic Platforms

Netbeans 6.0. José Maria Silveira Neto. Sun Campus Ambassador

Ruby on Rails. Object Oriented Analysis & Design CSCI-5448 University of Colorado, Boulder. -Dheeraj Potlapally

Is Liferay Right for Your Organization? Seven Things to Consider When Choosing a Portal Platform

Developing ASP.NET MVC 4 Web Applications MOC 20486

Logicify Fact Sheet. We bring logic to the software systems and development processes. We call this process to logicify.

Standards, Tools and Web 2.0

Developing ASP.NET MVC 4 Web Applications

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

NetBeans IDE Field Guide

100% NO CODING NO DEVELOPING IMMEDIATE BUSINESS -25% -70% UNLIMITED SCALABILITY DEVELOPMENT TIME SOFTWARE STABILITY

Organise Your Business

Grails: Accelerating J2EE Application Development

DTWMS Required Software Engineers. 1. Senior Java Programmer (3 Positions) Responsibilities:

Modern Software Development Tools on OpenVMS

Web attacks and security: SQL injection and cross-site scripting (XSS)

CHOOSING THE RIGHT HTML5 FRAMEWORK To Build Your Mobile Web Application

JAVA/J2EE DEVELOPER RESUME

Automating Security Testing. Mark Fallon Senior Release Manager Oracle

Penetration Testing Corporate Collaboration Portals. Giorgio Fedon, Co-Founder at Minded Security

Interactive Application Security Testing (IAST)

Web Application Development

< IMPACT > START ACCELERATE IMPACT

IBM Script Portlet for WebSphere Portal Release 1.1

Web Cloud Architecture

Web Programming Languages Overview

Faichi Solutions. The Changing Face of Drupal with Drupal 8

Automatic vs. Manual Code Analysis

Coding in Industry. David Berry Director of Engineering Qualcomm Cambridge Ltd

Continuous Delivery for Alfresco Solutions. Satisfied customers and happy developers with!! Continuous Delivery!

iway Roadmap Michael Corcoran Sr. VP Corporate Marketing

EBA Procurement Procedure for the Supply of Website Services 2016: Annex 1 System Architecture Document SYSTEM ARCHITECTURE DOCUMENT

A benchmark approach to analyse the security of web frameworks

From Rivals to BFF: WAF & VA Unite OWASP The OWASP Foundation

YouTrack MPS case study

Braindumps.C questions

How To Protect Your Data From Attack

SOA, case Google. Faculty of technology management Information Technology Service Oriented Communications CT30A8901.

Comparing Application Security Tools

Agile Best Practices and Patterns for Success on an Agile Software development project.

Migration and Developer Productivity Solutions Retargeting IT for Emerging Business Needs

Ruby on Rails is a web application framework written in Ruby, a dynamically typed programming language The amazing productivity claims of Rails is

Open Source SOA with Service Component Architecture and Apache Tuscany. Jean-Sebastien Delfino Mario Antollini Raymond Feng

Open Source Content Management System for content development: a comparative study

Transcription:

Romulus, Java Web Development made productive Carlos A. Iglesias Luca Garulli Informática Gesfor (Spain) Asset Data (Italy) http://www.ict-romulus.eu

Agenda Romulus project First release JavaTeam Wapiti MyCocktail Janiculum - Roma JSPView Conclusions

Joe s story: The lead d. A web for managing online product information, just listing and seeing details Umm. I will ask my team and prepare a proposal Ok, nothing fancy, it is a low budget project. Keep it simple

Joe s story - Estimation ible project, a web for managing an online catalog, could you please estimate the project size? Why not? Come on guys, this is an important project And there is a new version of it, maybe we find som We will need hibernate caching, requires of expertise we do Well, itfor seems too and easy itbut this is lots not the case And we should migrate the MVC from Struts to Spring or Struts 2

Joe s story - Estimation (II) Ok I m getting scared now Hey guys, have you thought that the solut We could find problems with this new technology... So? set up the development and integration environment, design the data model, the MVC, the ORM, prog

Joe s Story - Estimation (III) Quit mywith suffering, how Imuch Oh God always the same this people! wish I effort? were a programmer again Come on, this a simple application we are talking about, isn t that way too much? Well, we could make an effort... 5 people and 3 months, but not less Overtimed again always the same with management Can 6 people 3 months And don t forget to add the cost of the s

Joe s Story Preparing the proposal Ok, 5 people and 3 months, 150000 You're insane! You are going to ruin this! I will say 100000 and pray I don t get rejected on the sp Up to you but know we are taking a huge risk

Joe s Story Possible ending 1 The customer has accepted only 75.000, so be efficient Err.. ok, we will do our best We are doomed Software like box of chocolates, you know w Software is alike bananas, they ripe atnever the custome The baring of aischild takes months, matter man Wenine cannot bendno iron with how our bare w come we lost money AND do not comply with deadlines in every supposedly small easy project you

Joe s Story Possible ending 2 We blew it. The customer has accepted another proposal. Joe, can you explain to me how can we be Err did I tell you about the box of chocolates and the nine women?

Web Java Development problems trends and issues appear all the time (rich clients, web 2.0, many tools and frameworks much hand-coding many layers much time to do anything

Along came Ruby on Rails

Lessons learnt from RoR can be easier for programmers is thought by programmers, not companies fighting in the d The magic of Scaffold Automatically generates skeleton for CRUD apps Convention over configuration Instant feedback DRY principle PROBLEM SOLVED

RoR Problems uge number of Java developers and production ready Java ocus on web applications; false sense of productivity des what happens inside upport: community, personnel, tools nterprise fear: It is a BIG change!! Too young to be in produc

Is there a better solution?

Romulus project Seventh Framework Programme for Research and Technological Development: 2007-2013 evelopment based on Open Source Java Metaframework for Pragmatic, Reliable and Joint project of Gesfor (ES), Asset Data (IT), DERI (IE), UPM (ES), Liferay (DE), IMOLA (IT) and ICI (RO).

Romulus goals opment, focused on Java, based on a metaframework, Domain Driven Developme hup oriented development. nvolving soft goals such as reliability, traceability, security and performance, as we echnologies and scripting languages

Security Vertical Demostrators Scalability Testing Mashups Romulus overview Data Enterprise Web Service Portal Methodology & Best Practices IDEs Client Server Scripting Semantic Social Notifier

Let s get real Success indicators Reducing time to market Reducing costs Improving quality Let s see how Romulus could have help J

Metaframework +DDD + MDA Metaframework: ROMA Integrates key frameworks Uses a set of behaviour interfaces instead of framework APIs directly Allows to select the targeted framework and change it without touching co But allows to exploit the strengths of underlying frameworks The aim is to cover the 80-90% of most common functionalities (the most use The other 10-20% uncovered can be used using the framework implementat Define an agile methodology for web apps based on the metaframework

Mashup Oriented Development II MASHUP ORIENTED DEVELOPMENT Library of mashable elements ready to use! IDE plugin for the mashup creation Data-level mashups Integration heterogeneous data sources Mashup web services compose and provide services such as Google Maps / Yaho Portal mashups: services for portlets (comments / ratings, attachments, CMS,...) Enterprise mashups: ESB/JBI integration Mashups Data Enterprise Web Service Portal

Romulus projects EndUser Application s Community needs Security needs Producti vity needs Java developers Mashup needs Reliabilit y needs Enterpris e needs

MyCocktail Tool for creating mashups based on Afrous Similar to Yahoo Pipes. Full client technology (JavaScript / Ext) Provides: Ability to build (and save) mashups from Amazon, Flickr, Google, Operators to manage JSON Soon: Mashup Editor.

MyCocktail

MyCocktail Case study Extend Java App functionalities... without programming Video

Test scenario: savings Huge saving compared to custom development CRM integration Amazon product info Blog, comments on products Raising widget popularity

Wapiti Wapiti. Web Application Security Scanner Project created in 2006 by Nicolas Surribas Written in Python More than 18,700 downloads in sourceforge.net Gesfor joins the project in 2008 within Romulus Refactoring of code, release Wapiti 2.0 Extensibility of attacks; check it with WebGoat Web interface and portal Reporting module Accepted as OWASP project (Open Web Ap. Project) Packaged in Romulus v.1 (JavaTeam)

Wapiti Black-box approach Method: fuzz testing Vulnerabilities that it can detect: XSS SQL Injection CRLF Injection Command Execution detection

Wapiti

Test scenario: savings Solves security issues often unknown for developers (SQL injection, XSS, ) No users access or other security concerns No costly white box / Black box tests Application expertly secured

IDE Integration Plug-in Current console functionalities Automatic generation of configuration files Navigation for related resources IDEs Navigation as class hierachy and class outline

Test scenario: savings No need to learn new IDEs for each framework Improved efficiency Improved quality (bug control)

Roma Janiculum View Roma well known POJO based Java Web Metaframework Default view: Echo2 From Romulus, new modules for Roma: Janiculum, JSPView module of Roma Alpha Liferay Enterprise Portal Server integration Jasper Reporting Tevere Workflow Eclipse plugin (Netbeans coming...)

Roma Janiculum JSPView Automatic generation of JSPs Default main-screen.jsp + css Full interface can be configured Modifying main-screen.jsp Modifying default.jsp for one POJO Modifying css Integrated templating mechanism with FreeMaker Automatization of custom JSP generation for POJOs

JavaTeam JavaTeam is a forge portal based on Liferay that integrates Romulus tools: MyCocktail (Romulus' mashup builder) Wapiti security test Blog Demo generated by Roma And it works as a collaborative platform: focused on developers (it includes SVN or JIRA portlets) with a social network approach. Developers below to different projects. Like-Facebook functionalities (Wall, Friend's activities...)d b

JavaTeam

Try it! http://www.ict-romulus.eu Install, try... and join Romulus community!!!

Summary. Romulus advantages Much less code to write, test, maintain and learn 100% POJO based: easy to understand and maintain Much less tools to learn but total freedom if you want to Secured applications Portlet development faster Mashable elements easily integrable (including portlets) Help in the testing phase, partial automatic tests.

Is Romulus the solution? Romulus is not the only effort in this direction (Grails, Dyango, RoR) There are other alternatives for each of the core components Sponsoring by big players (Sun) could change the picture This is a R&D project!

Per informazioni Coordinatore: Carlos A. Iglesias Informática Gesfor Avda. Manoteras, 32 28040 Madrid (Spain) Email: cif@germinus.com WWW: http://www.ict-romulus.eu Grazie per l'attenzione!