Categories
Software Craftsmanship

Quota System test data DSL

We use Liquibase in our project as a DB change management tool. We use it to create our DB schema with the basic configuration our application needs to run. This is, however, not enough for development or (unit) testing. Why? Because for each test case, we need to have data in the database in a […]

Categories
Events

GeeCON 2015 Moves the JAVA World in Prague

Do you want to attend the famous developer conference, GeeCON, in the Czech Republic? No problem! Y Soft and GeeCON’s organizers bring it to our capital again. We can therefore proudly announce, that Y Soft is the platinum sponsor, co-organizer and key partner of GeeCON 2015 in Prague, on October 22-23.   GeeCON focuses on […]

Categories
Security

Taint analysis added to FindBugs

After finishing hard-coded passwords detector, I have focused on improving the detection of the most serious security bugs, which could be found by static taint analysis. SQL injection, OS command injection and Cross-site scripting (XSS) are placed as top first, second and fourth in CWE Top 25 most dangerous software errors (while well-known buffer overflow, […]

Categories
Software Craftsmanship

Developer testing – effective QA against the rules

Yes, you heard right! Developer testing. It means testing done by developers! And yes, I’m talking about the confirmation testing, which is known as “The changelog” in our R&D department. The result – improvement from 50 % to 95 % of tickets closed at the end of a sprint and all sprint goals completed on time 4 […]

Categories
Productivity Tips

Quick and dirty workaround for broken brew in Mac OS X 10.11 beta

I am trying to setup better go development environment and decided to give vim-go a try (which also resulted in me replacing Vundle with Pathogen, which is much more straightforward). Installing everything was a breeze and I only encountered a problem when I tried to make tagbar work, because tagbar does not work with BSD […]

Categories
Security

Detection of hard-coded passwords improved

In the previous article, I was describing the creation of a new FindBugs detector for hard-coded passwords and cryptographic keys. I also mentioned some imperfections and I have decided to learn more about FindBugs and improve the detection. Java virtual machine has a stack architecture – operands must be pushed on the stack before method […]

Categories
Security

Extending FindBugs to detect hard-coded passwords

FindBugs is a great open source tool for detection of software bugs in Java. It uses static analysis to search compiled classes for hundreds of bug patterns and even more can be found using FindSecurityBugs and fb-contrib plugins. However, before my recent contribution there was no general detector for hard-coded passwords and cryptographic keys. Hard-coded […]

Categories
Books

Toying with Clojure: How complex is to be empty?

Coding some sequence processing in Clojure, I was wondering how efficient is the test for sequence emptiness. the first thing which comes in mind is: Sometimes, this leads to unreadable code and for instance, Joy of Clojure recommends to simply use the following pun: So basically converting the collection into a sequence every time, leveraging […]

Categories
Y Soft Corporation

FFFI 2015

Learn more about FFFI.

Categories
Software Craftsmanship

Builder pattern without getters

I like builders. If you’ve ever seen a constructor with ten parameters, eight of which can be null, you probably like builders, too. While this pattern is quite verbose, it is elegant. After doing some work with builders, I found myself wondering. Why are getters ever used in these? From Single Responsibility Principle point of […]