About the Author
John Hoestje

John Hoestje

Twitter

John Hoestje is an experienced Software Architect and Developer with 10+ years in IT. His area of expertise is the architecture and development of applications and systems utilizing Java, .NET and JavaScript technologies.

OWASP Dependency Check for Vulnerability Reporting

John Hoestje Java, Security, Technology Snapshot, Tutorial Leave a Comment

TL;DR: Add OWASP Dependency-Check to your build process to get insight into your dependency vulnerabilities.

Recent major data losses and security vulnerabilities in open source frameworks *(and the applications that use them)* have caused the companies that use those frameworks to have elevated concerns regarding vulnerabilities. The elevated awareness is for good reason, too. After all, no one wants to be the next one to lose sensitive data, be the punching bag of others, or be the example of what *not* to do security-wise.

If you happen to be in a group that doesn’t have any open source vulnerability reporting, OWASP Dependency-Check may be your short-term answer to get at least something in place. Adding OWASP Dependency-Check into your build process takes a relatively low effort. Other than not having the technology that stack Dependency-Check can help you with, there isn’t a reason not to at least add Dependency-Check to give a little insight into your open source dependencies.

The following parts will help you get Dependency-Check integrated into your Java project’s build process. The instructions will be adaptable to the other technologies Dependency-Check supports, like Gradle or JavaScript. Dependency-Check is also available as a command line tool for your favorite OS. In this example, I’ll use a Java project with Maven….



Event Storming For Rapid Domain Learning

John Hoestje Agile, Consulting, Dev Methodologies 1 Comment

Tl:dr: Use Event Storming to rapidly gain group understanding of complex business domains while having a more enjoyable time.

While I was browsing tech news sites looking for articles, a headline caught my eye talking about domain-driven design (DDD). Its main idea was to implement Event Storming to drive the understanding of the business domain. The more I read about it, the more I saw the value in what Event Storming offered.

On a recent consulting project, we were piloting Agile in a Waterfall environment, so in reality, any requirement gathering process used would have been new. We chose to compare Event Storming to User Story Mapping, allotting just one hour to work with each process. The process that the pilot Agile team favored would then be used going forward.

In this blog, I will share the main takeaways and benefits that became apparent while implementing Event Storming sessions, especially as compared to User Story Mapping. I will first explain the project we worked on and underlying opinions that drove our trial, what key aspects of Event Storming stood out to us, and then tips I picked up along the way for effective Event Storming sessions….



Rethinkdb

Real-Time Applications With RethinkDB

John Hoestje Databases, JavaScript, Microservices, Node.js, Technology Snapshot 1 Comment

In the last several years, there have been new requirements and expectations placed on enterprise applications that have dramatically increased application code complexity. Users want dynamic websites that provide instant data feedback or to have multiple users work on the same document concurrently. New frameworks and ideas have also evolved along with the requirements to help cope with the new …



The Journey From Java EE to SPA

John Hoestje Java, JavaScript, Single-Page Application 2 Comments

While pulling down an existing Backbone.js project that I was helping with, I felt confident enough with JavaScript that I figured I could start cranking out JavaScript fairly quickly. What could have changed since I rolled my own AJAX framework in the mid-2000s? Sure, there have been some changes to the Ecma specification, but JavaScript is still JavaScript, right? I’m …