Performance & Security

Ajax-based development brings efficiencies and benefits from a user perspective – and new security, performance and testing issues from YOUR perspective. Hear about current and emerging tools for developing secure Ajax applications and monitoring, optimizing and debugging Ajax-based apps. Select a title, or browse by topic: Testing, Debugging & Optimizing | Security.

• Advanced Web Application Security
  Ajax Performance Analysis: Employing the Latest Tools to Get the Job Done
• Ajax Security
  Performance Analysis with YSlow for Firebug
• Strategies for Testing Ajax with Selenium
• Tooling for Ajax Based Development
  Virtual Earth: A Real-World Performance Exercise

Testing, Debugging and Optimizing

•Ajax Performance Analysis: Employing the Latest Tools to Get the Job Done with Ryan Breen, Vice President of Technology, Gomez

Ajax continues to raise user expectations for interactivity and performance, and developers are increasingly treating Ajax as a must-have component of their web applications. As more code is moved client-side and the network model changes, the community is responding by building open source and commercial tools to address the unique performance challenges of Ajax . In this talk, Ryan discusses tools and techniques for managing the performance of Ajax applications along the lifecycle of the product: at development time using tools such as Selenium and Firebug and once the application is in production via JavaScript instrumentation (such as Firebug or Dojo profile calls) to pinpoint bottlenecks in code running within the end user's browser.

•Performance Analysis with YSlow for Firebug with Steve Souders, Yahoo!

Through a series of research studies, Yahoo!'s Exceptional Performance Team has identified 14 best practices for making web pages faster. These best practices have proven to reduce response times of Yahoo! properties by 25-50%, and focus on the front-end - for example, you’ll hear why it's bad to use "@import" for including stylesheets and why ETags disable browser caching.

This session will go in-depth on these best practices with the research team that discovered them. This talk also demonstrates Yahoo! performance tools developed in Firefox, namely a new internal tool called YSlow, which was developed as an extension to Firebug and analyzes web pages according to the performance best practices. Steve does a live debugging session to evaluate the performance of popular web sites using YSlow. In this session, you will hear performance benchmarks and best practices that will allow you to:

• • Build faster web pages;
  • Reduce your end-user response times;
  • Get the most potential for improvement by focusing on the front-end.

•Strategies for Testing Ajax with Selenium with Patrick Lightbody, QA Solutions Product Manager & Chief Open Source Evangelist, Gomez Inc.

Selenium and related tools are important because they provide a simple yet powerful mechanism to test developing application functionality across virtually any web browser.

This session will cover testing methodologies for common Ajax toolkits, such as Dojo and Scriptaculous. Speaker Patrick Lightbody dissects how automated testing of Web applications has gone from a "page-centric" approach to a much more granular one, where every testing event can now potentially cause large amounts of logic and data to be processed in the background. You’ll also learn how testers and developers can change their habits to make automated testing of Ajax applications easier - no matter what testing tool you use. This session explains:

• • Why testing in the browser is so important;
  • Strategies for using Selenium with various JavaScript frameworks;
  • Strategies for building Web applications to be easily testable;
  • Techniques for re-factoring tests as product code evolves;
  • How automated tests in Web 2.0 is very different from Web 1.0.

•Tooling for Ajax-Based Developlment with Craig McClanahan, co-leader, JSF project, Sun Microsystems

Early adopters of Ajax programming techniques, by necessity, had to get down to the "bare metal" of JavaScript in the browser, because there were no frameworks available. Today, we have a wealth of client side frameworks to choose from, with rich capabilities and functionality - but often coupled with a complexity barrier that makes it difficult for beginners to become adept practitioners. In this session, JSF project co-leader Craig McClanahan describes a variety of techniques by which development tools can assist application developers, including:

• • Examples with many frameworks, used directly or wrapped with abstraction layers like jMaki and JavaServer Faces;
  • Server-side implementation languages like Java, Javascript, PHP, and Ruby;
  • End-to-end application architecture issues.

In addition, Craig describes best practices for client and server-side frameworks to enable a high productivity development experience for your users.

Virtual Earth: A Real-World Performance Exercise with David Stewart, Senior Development Lead, Microsoft's Virtual Earth Project

Studies show that users will abandon websites that don’t load within 4 to 8 seconds, and that number is shrinking all the time. Yet many of today’s Web 2.0 sites are client-heavy, meaning that they must download more code to the client, taking longer to give that all-important first experience. Performance is about measuring, testing, and measuring again – not guessing. In this session, Senior Development Lead for Microsoft’s Virtual Earth project Dave Stewart looks at the actual processes and changes that went into cutting the initial page load time of the Microsoft Virtual Earth website in half during its previous release. From measuring performance, to unexpected successes, to even more unexpected failures, you’ll see how you can use similar techniques to decrease the time it takes to get into your Ajax site. In this session you will learn:

• • How to measure performance of your current applications;
  • Ways to achieve faster page load times;
  • Lessons learned from Microsoft’s Virtual Earth project and more.
  

Back to Top

Security

•Advanced Web Application Security with Joe Walker, creator, DWR and Jeremiah Grossman, founder and CTO, WhiteHat Security

Web application security is hard, and many developers and architects mistakenly assume that they understand all the issues. The security landscape has changed dramatically in the past 12 months. Attackers used to concentrate on ActiveX, but now JavaScript, CSS and even simple HTML elements have are used against websites. Unless you are aware of CSRF, Javascript Highjacking, and the many ways to fool an XSS filter, it's likely that your web application are not be secure. In this session, you will learn:

• • Security challenges specific to the Web 2.0 World;
  • Available protection tools for both site owners and web users;
  • The effects XSS, CSRF and JavaScript Hijacking can have on your application.

•Ajax Security with Douglas Crockford, creator of JavaScript Object Notation (JSON)

Security design is an important, but often neglected, component of system design. In this session, Douglas Crockford, creator of Javascript Object Notation, and Yahoo’s Chip Morningstar of Yahoo! outline the security issues that must be considered in the architecture of Ajax applications. During this session, attendees will:

• • Learn why effective security is an inherent feature of good design;
  • Experience a real-time demo of a Ajax client/server system based on sound security principles;
  • See how to apply secure design to rich web applications.
  

Back to Top