User Story Analysis

The Problem There is a very common interaction that I’ve seen repeated in pretty much every project in every company I have ever worked for. It’s when a tester logs a bug and the developer argues that, actually, it’s working how it is supposed to work. The result of this is often a passive aggressive … Continued

Protocol Breaks

Little Bobby Tables Back in the day – and even today – one of the most common security flaws in websites was a “SQL Injection”. It’s where an attacker uses especially crafted data and puts it into innocent-looking fields within a form that are then used to construct a database query. Or, as XKCD readers … Continued

DRY principle with docker-compose

An oft-repeated and sensible principle in software engineering is DRY, or “don’t repeat yourself”. Here we will apply this principle to Docker compose files.

Building Docker images with Maven

To package our application, we’re going to be using Docker. The natural build language for Docker images are Dockerfiles, so we will use Spotify’s Dockerfile Maven plugin. This post is part of the “Spring Boot Primer” series. To make packaging as simple as possible, we will bind the Maven plugin’s build phases to the default build phases, so … Continued

Spring Boot 2.0 primer

Spring Boot is a very popular Java framework for creating standalone, production ready web applications. In this series of blog posts, we are going to walk through using Spring Boot 2.0 to build and deploy a simple CRUD REST application.

Keeping an eye on your website

I recently got embroiled in a discussion about NHS IT, and commented how people in the NHS need simple, cheap tools to help keep their head above water on maintaining systems, not necessarily complex security tooling. One practical example raised was website security, with a quick Google search revealing a number of websites under the … Continued

A Problem Shared

By the end of Friday, the first wave of the WannaCry Ransomware attack was over – a researcher (MalwareTechLab) had, in trying to gain further insight into the attack, inadvertently disabled its worst damage, preventing it “detonating”. The researcher wasn’t working alone – in fact, he was working alongside researchers all across the UK and … Continued

Asymmetric Information in Cyber Communities

What do Points mean? All of our engineering team take part in our sales activity, and I’m unashamedly enthusiastic about this. It gives us real visibility of the market. It establishes a connection with our customers that’s hard to beat. Most critically, it forces engineers like me to keep thinking about the technology we build … Continued

Debugging with Bacon

Debugging is the method for finding and fixing bugs. Bugs are behaviours in a software system which are undesirable and counter to the programmer’s intent. You’d think, given the obvious importance of debugging in providing and maintaining quality software, that it’d be easy to find hundreds of good quality tutorials on the web to guide … Continued