Sessions on Quality

Explore Ajax testing/debugging tools, get proven techniques for boosting performance, understand how to protect your apps from the latest security threats and take home methods for building scalability into your applications.

View all Quality sessions or click a title below to read its abstract.

 

Advanced Web Application Security

with Joe Walker, Creator, Direct Web Remoting (DWR); Director, Support & Development, SitePen

The security landscape is changing dramatically from month to month. Unless you are aware of CSRF, Anti-DNS Pinning, Javascript highjacking, and the many ways to fool an XSS filter, it's likely that your Web application is not secure. Attackers used to concentrate on ActiveX, but now Javascript, CSS and even simple HTML elements have are used against Web sites.

In this session, we reveal:

  • Security challenges particular to a Web 2.0 world;
  • Details of CSRF, Anti-DNS Pinning, JavaScript hijacking, fooling an XSS filter and more;
  • How you can protect yourself, from both the point of view of site owners and users.

 

Ajax Testing Tool Review

with Ted Husted, Apache Struts group; Author, Struts in Action

Not long ago, testing Ajax components meant play-testing a page by hand. Today, there are a growing number of tools we can use to simplify and automate Ajax testing.

In this session we will cover when to test, what to test and how to test Ajax components. You learn how to create automatic tests with various tools, including YUI Test, OpenQA Selenium and TIBCO Test Automation Kit, and how to use Ajax testing tools with IDEs and Continuous Integration systems.

Additional session benefits include:

  • When, where and how to test Ajax components;
  • How to create automatic tests with various tools;
  • How to use Ajax testing tools with IDEs and Continuous Integration systems.

 

Analyzing the AJAX Application Performance

with Gaurav Seth, Program Manager, JScript Product Unit, Microsoft

Modern Ajax applications rely on a variety of factors to deliver great user experiences. While a fast and powerful scripting engine does impact the performance of an Ajax application, many other sub-systems of the browser contribute to the overall performance of the application.

This session analyzes the various browser components that contribute to Ajax performance, the methodology to measure the performance of end-user scenarios and finally the changes we have made across the IE sub-systems to improve Ajax performance in IE8. We will take examples of real world scenarios to discuss some of these concepts.

In this session, you will learn:

  • The key factors that impact the performance of an Ajax application;
  • How to go beyond the micro-benchmarks to measure the Ajax application performance;
  • Various enhancements done to IE8 and JScript engine to deliver better Ajax performance.

 

Comet Overview

with Greg Wilkins, CTO, Webtide; Creator, Jetty Web container; Co-founder, Apache Geronimo; Contributor, Dojo cometd

This lightening talk on Comet provides an introduction to this technique for Ajax push asynchronous message delivery from the server to the client. The current state-of-the art is discussed with regards to available implementations and efforts to standardize transports, APIs and browser support.

 

Deploying and Scaling Ajax Comet Applications

with Greg Wilkins, CTO, Webtide; Creator, Jetty Web container; Co-founder, Apache Geronimo; Contributor, Dojo cometd

Ajax Comet is being used as the communication technique at the core of many new and upgraded Web applications. Ajax Comet applications are moderately easy to get working in proof of concept form. However, the issues that need to be addressed include scalability of users, throughput, security, clustering, availability, load balancing and maintainability. This tutorial looks at how these issues have been addressed with Cometd Bayeux and Jetty, and provides specific insight into these tools as well as generic experience that is relevant to all Comet infrastructures. The talk covers both architectural and design concerns.

Attend and discover:

  • Issues faced when deploying Ajax Comet applications;
  • Architectural approaches that can be used to address them;
  • Tools and techniques that can be used to address them;
  • Real world case studies of deploying Ajax Comet.

 

Enterprise JavaScript Error Handling

with Nicholas Zakas, Senior Front-end Engineer, Yahoo!

A lot of focus goes into error handling and error management on the back-end, this session brings the same eye to the front-end. This session teaches you how to prepare your JavaScript code for errors. Topics include usage of wondow.onerror, try/catch, throwing your own errors, logging error messages, identifying commonly error-prone code, how to discern between fatal and non-fatal errors, and how to deal with each.

Attend and find out how to:

  • Develop error handling strategies for JavaScript;
  • Identify common patterns that cause errors;
  • Determine whether an error is fatal or not;
  • Recover from errors;
  • Plus the importance of logging errors for tracking purposes and more.

 

Episodes - For Timing Web Pages

with Steve Souders, Web Performance & Open Source Initiatives, Google; Creator, YSlow

Interest in Web performance is growing rapidly. Web companies are trying to use speed as a distinguishing feature. At the same time, Web pages have more content than ever before, which makes for a slower page. Ajax helps reduce the number of roundtrips required for a Web application, but today's alternatives for measuring Web performance don't work well for Web 2.0 apps. What's needed is a way to measure Web page load times that works for Web 2.0, is easy for Web developers to adopt and maintain, can be leveraged by Web metrics service providers, generates data usable by Web development tools, and provides context to browsers so they can give better feedback to users about their experience.

This session explores Episodes, which is a proposed framework to do just this. Episodes has the following features:

  • Supports measuring Web 2.0 applications by having the timing instrumentation integrated with the application's client code;
  • Separates the instrumentation from the data collection, which reduces the work for the application developer, allows multiple services to consume and report the information, and results in a lighter weight implementation;
  • Is Open Source, gathering the best practices from across the industry without bias to any company or organization;
  • Provides a single framework that can be used by Web developers, tool developers, browser developers, and Web metrics service providers.

 

Even Faster Web Sites

with Steve Souders, Web Performance & Open Source Initiatives, Google; Creator, YSlow

Steve's book, High Performance Web Sites, describes the 14 best practices he developed while working as the Chief Performance Architect at Yahoo!. YSlow, the Firebug extension he created, codified those best practices. Now working at Google, Steve discusses the next set of  best practices he's discovered, including the impact of iframes and where to place (and where not to place) inline script blocks.

In this session you learn:

  • How to make your Web sites 25-50% faster;
  • The impact of iframes on your Web site, including blank iframes;
  • How inline scripts block rendering in the entire page and downloads;
  • What you might be doing with stylesheets that make your pages twice as slow;
  • The various techniques for dynamically loading JavaScript, and how they vary in how they affect the browser.

 

Highly Interactive Websites: Implementing Comet

with Joe Walker, Creator, Direct Web Remoting (DWR); Director, Support & Development, SitePen

As the Web becomes more social, things change faster. And as we implement more Ajax functionality, people stay on our pages longer. Clearly there is a growing need for a way to automatically update Web pages as they are being viewed. This session goes in-depth on how to integrate Comet into your Web sites.

In this session you learn:

  • Your options for creating highly interactive Web sites;
  • What Comet is and how it updates Web pages as they are being viewed;
  • How to add Comet functionality to your Web site with minimum pain.

 

Image Optimization - How Many of These 7 Mistakes Are You Making?

with Stoyan Stefanov, Performance Engineer, Yahoo!

Do you want to speed up your Web pages and lower you hosting bills? Do you want to do this with little or no code changes while keeping the same beautiful UI? Come learn about 7 simple steps to put your Web images on a diet. Take off (and keep off) all the bytes you put on under the stress of chasing that next killer feature.

You start your new Web site with a blank page. And it's fast! Then you start adding stuff to the page only to make it slower. Optimizing the size of the images you put on the page and send over the network sounds like a no-brainer. Yet, you'd be surprised how many of the world's most visited sites and not following this simple advice and sent way over than they need to. Are you making the same mistakes?

In this session you learn how to:

  • Speed up your Web pages and lower hosting bills;
  • Optimize the size of your images;
  • Make your pages much leaner with no code changes and no human intervention, automatically.

 

Interoperable Ajax Tools and Mashups

with Jon Ferraiolo, Web Architect, IBM; Head, OpenAjax Alliance

This session describes current work at OpenAjax Alliance around Ajax tooling and Ajax mashups. Ajax developer tools have been hampered by lack of interoperability among various IDEs and Ajax toolkits. This session introduces a new XML industry standard, OpenAjax Metadata for Ajax Libraries, designed at OpenAjax Alliance's IDE committee by representatives from Adobe, Aptana, Eclipse/ATF, and Microsoft Visual Studio. This standard will result in plug &play between Ajax IDEs and toolkits.

The second major topic in this session focuses on mashups. Mashups have the potential for revolutionizing the way Web applications are developed where users create their own applications, but there are interoperability challenges and security risks. In order to unleash the industry, OpenAjax Alliance has developed an open source secure mashup framework as part of OpenAjax Hub 1.1 (leveraging a set of techniques called "SMash" that were originally developed by IBM Research and allows for secure mashups that run in today's browsers) and a companion set of widget standards (OpenAjax Metadata for Widgets).

This session introduces you to:

  • A new XML industry standard, OpenAjax Metadata for Ajax Libraries, that allows interoperability between Ajax IDEs and toolkits;
  • An open source secure mashup framework as part of OpenAjax Hub 1.1 and a companion set of widget standards.

 

Not Your Grandfather’s Dreamweaver

with Kevin Hoyt, Platform Evangelist, Adobe

Dreamweaver CS4 is set to offer a number of amazing features to the Ajax workflow. Inspect the browser DOM in real-time with paused JavaScript execution, change CSS styles without losing visual context, and more thanks to Live View and an integrated WebKit rendering engine. Get JavaScript code intelligence from custom and commercial JavaScript libraries. Check out the first implementation of the Open Ajax Alliance’s proposed XML widget definition syntax. All these sneak peaks and more in just five minutes!

 

Test Driven Development with YUI Test

with Nicholas Zakas, Senior Front-end Engineer, Yahoo!

Learn how to apply the fundamental concepts of Test Driven Development (TDD) to JavaScript using YUI's unit testing framework, YUI Test. The session explores the capabilities of YUI Test in achieving good TDD practices, including the use of assertions, organizing test suites and test cases, and testing JavaScript-specific features (such as XHR and DOM events).

This session shows you how to:

  • Create test cases and test suites for testing your code;
  • Test DOM events using YUI Test event simulation;
  • Split tests into a series of pages that can be run sequentially;
  • Gather the results of the tests for posting to a server;
  • Use YUI Test on projects that don't use YUI.

 

The 7 Habits for Exceptional Performance

with Stoyan Stefanov, Performance Engineer, Yahoo! and Nicole Sullivan, Performance Engineer, Yahoo!

Improvements in Web site performance are similar to improvements in energy or fuel efficiency: We make great progress, yet we end up consuming more. Learn how to balance design and features with the need for speed.

This session highlights Yahoo!'s latest research results and performance breakthroughs. Apple's iPhone has changed the game for Web browsing on mobile devices. While the iPhone presents new and exciting opportunities for Web developers, it also provides a unique set of performance challenges. Solutions that reduce the number of components improve the user experience greatly by making pages load faster.

In this session, we explore case studies that demonstrate how these solutions have accelerated the user experience on Yahoo!'s most prominent Web pages.

In this session you learn:

  • Performance optimizations that give you the biggest bang for your buck;
  • Latest research results and performance breakthroughs discovered at Yahoo!;
  • Apple iPhone's cache characteristics;
  • How to balance features with speed.

 

What's Happening With Firebug?

with John Resig, Creator/Lead Developer, jQuery

This session takes a quick look at the new features that are coming in the eminent Web developer tool: Firebug. See how the revitalized Firebug Working Group is trying to improve the quality of the popular Firefox extension and what you can expect from these efforts in the future.