devObjective 2015 Day One Notes

devObjective 2015

Notes taken from sessions attended at the devObjective 2015, day one (13th May 2015)

Web Penetration and Hacking Tools

Presented by David Epler SQL injection vulnerability checking tool (demo #1)

BeEF (Browser Exploitation Framework) running with Metasploit (demo #2)

Published Exploit Script (demo #3)

Web Application Firewalls can help protect web apps without the need to modify them.


ModeSecurity WAF

Web Vulnerability Scanners

The Web Application hacker's Handbook: Finding and Exploiting Security flaws (Second Edition) - by Dafydd Tuttard and Marcus Pinto

Building Desktop Apps with HTML & JavaScript. Node-webkit

Presented by Andy Matthews

nw.js (formerly node-Webkit)

nw.js on Github

Chromium Shell and node.js

Cross-platfrom solution for desktop applications.


npm install -g nw

Configuration of desktop app via window node in package.json file.

Test application locally without having to compile. nw command will open the app using default index page.

Init method (of sorts):



var gui = require("nw.gui");

Accessing the menu object from the gui:

var player = new gui.Menu();
player.append(new gui.menuItem({ icon: 'imgs/something.png', label: 'Play' }));

Use Grunt / Gulp to automate your build process for the application.

Node-Webkit vs Atom Shell (Electron)

Use a generator to help with it all:

npm install -g generator-node-webkit

Presented by Dan Wilson

Customer behaviour affected by site latency. Customer abandonment rate increased by 8%.

"Life is about shared resources."

You make choices every time you program and develop. They will either give you opportunities for success of avenues to dead ends.

A bottleneck simply leads to another bottleneck. That's just the way it works.

Evil #1: Making bad tradeoffs

[ missed some content here due to phone call ]

Evil #2: Database Abuse

Front-End Modernization For Mortals

Presented by Cory Gackenheimer

How do you choose which languages / frameworks to use?


codebase is not primed to accept

Current Workflow

Has been tested and proven

Next Workflow

You can either

A) adopt wholesale the processes of someone you

B) Accept that you cannot change everything

What is a monlith?

Anything that hinders the maintainability and stability of your front-end code


This is enough to make a measurable difference. Your code is immediately more manageable and maintainable. It is also minimized for the client.

Improve upon this. Concat and minimization may not be enough.

Leverage jQuery using the $.extend() method which can allow you to merge objects seamlessly.

Use AMD modules (require.js for example) to improve modularity.

Using ES6 and

comments powered by Disqus