* Secure Code Development: A Casualty With Agile?: This article discusses the creation of secure code by Agile teams and references a study that shows that Agile teams do not take security seriously even when building systems which are accessible over the web. Teams could use incremental Attack Surface Analysis to watch for changes in system’s security risk profile. Also check out Essential Attack Surface Management and Simple Security Rules.
* Rabbit holes: Why being smart hurts your productivity: An interesting article on how us geeks, in our pursuit of perfection and perfect information get distracted from the task at hand. Fortunately, this can be a weakness and a strength.
* GitHub Compromised by Mass Assignment Vulnerability: This article explains briefly how GitHub was compromised by the mass assignment vulnerability. Mass assignment is a technique for mapping form data to objects, essentially for data binding, which unfortunately leaves security holes if no care is taken. Also see Hints for writing secure code and Simple Security Rules.
* Coding with JRebel – Java forever changed: This article addresses the ways in which JRebel has made an impact on how developers spend their day coding. With JRebel, developers get to see their code changes immediately, fine-tune their code with incremental changes, debug, explore and deploy their code with ease.
* Java Profiler Comparison: A bried comparison of some of the available Java profiling tools, including JVisualVM, JProfiler, YourKit, JProbe and Spring Insight. Also see Profile your applications with Java VisualVM and Spring Insight – Web Application Profiling.
* Save Memory by Using String Intern in Java: This article discusses how to save memory in Java by refactoring the data model and mainly by using String interning. This approach keeps every String only once in memory and by reusing String objects we are able to save memory (yet as a tradeoff for performance). Also check out Low GC in Java: Use primitives instead of wrappers.
* All about JMS messages: An introductory article on the structure of JMS messages. The various Header fields, Properties and Bodies are explained. Also check out ActiveMQ IS Ready For Prime Time and Spring 3 HornetQ 2.1 Integration Tutorial.
* The Economics of Developer Testing: This article discusses unit testing and what might be a healthy level of it. It is correctly mentioned that tests are code too and need to be maintained, so there is a point of diminishing returns on your time investment.
* Typesafe Stack 2.0: Scala, Akka, Play: Typesafe has released Typesafe Stack 2.0, an open source platform for building scalable applications in Java and Scala. The Typesafe Stack includes the Scala programming language, the Akka 2.0 event-driven middleware, the Play 2.0 web framework, and various development tools, that integrate seamlessly with existing Java environments.
That’s all for this week. Stay tuned for more, here at Java Code Geeks.