You may find following tips useful when setting up continuous integration infrastructure. Security Use VPN or reverse proxy provider like cloudflare.com to secure your CI infrastructure. Never make your real IPs publicly available, otherwise you increase a risk of being hacked. Jenkins Use master node and build agents. Master node acts only as web console. Nodes are for compiling and testing. Notifications If you’re using google apps for domain, you may use Google’s restricted SMTP server to send notifications.

Selenide is nice wrapper around selenium web driver allowing to simplify writting UI tests with Selenium.

Some of the cook features are:

  1. jquery-like selector syntax, e.g. $("div.myclass").is(Condition.visible)
  2. Automatic screenshots on assertion failure
  3. Easy starting Selenium WebDriver
  4. And others

So, let’s write some tests on selenide and make it run from maven in a normal browser or in headless mode.

I’m going to start a series of posts covering different aspects of DevOps.

Let’s start today with branching strategy called «dirty trunk». Actually, this is an attempt to avoid branching at all. The idea is that:

Making your web application flawless against security attacks is a challenge for every java developer. In this article I will briefly describe common practical development techniques that can help you to achieve it.

OWASP Top 10, a list of the 10 Most Critical Web Application Security Risks, includes following risks:

  • A1 - Injection
  • A2 - Broken Authentication & Session Management
  • A3 - Cross-Site Scripting (XSS)
  • A4 - Insecure Direct Object References
  • A5 - Security Misconfiguration
  • A6 - Sensitive Data Exposure
  • A7 - Missing Function Level Access Control
  • A8 - Cross-Site Request Forgery (CSRF)
  • A9 - Using Components with Known Vulnerabilities
  • A10 - Unvalidated Redirects and Forwards

In this article I will highlight most important java coding techniques for building secure web applications.

Deploying application into secure environment adds some restrictions on logging and log management. OWASP community gives some useful recommendations. OWASP Security Testing Guide Recommendations OWASP Security Testing Guide defines a number of questions to be answered when reviewing applciaiton logging configuration (see OTG-CONFIG-002): 1. Do the logs contain sensitive information? Log files should not contain any sensitive data. Anyway, log file access must be restricted: Event log information should never be visible to end users.

One of the first requirement of Netty ISO8588 client connector was the support for automatic reconnect.

One of the first receipts I came across was Thomas Termin’s one. He suggests adding a ChannelHandler which will schedule the calling of client’s connect() method once a Channel becomes inactive. Plus adding ChannelFutureListener which will re-create a bootstrap and re-connect if initial connection was failed.

Although this is a working solution, I had a feeling that something is not optimal. Namely, the new Bootstrap is being created on every connection attempt.

So, I created a FutureListener which should be registered once a Channel is closed.

I’ve been meaning to write a small tutorial for building web applications. Now it’s time! Let’s define the steps and choose some solutions for developing back-end java web application.

I will give my design recommendations and list a technologies I would use. You may have your own opinion and you may share it in comment. Over time, this post may change since my favourites are also changing over time.

There are situations when you need to analyze user’s experience but can’t use a third-party web analytics solutions like Google Analytics or Yandex Metrika. For example, if your production environment is PCI DSS compliant. In this case you have to deploy self-hosted analytics engine and inside your environment and configure user actions tracking in your application. One of the possible solutions is the piwik as analytics engine + Angulartics or angular-piwik for tracking events inside AngularJS application.