Devtoberfest 2021: Looking Back on Week 3 and Forward to Week 4
It’s hard to believe but Devtoberfest is at the half way point. TechEd is getting close. At this midpoint we will look at a summary of week 3 and then look forward to the content in Week 4.
Although we’ve had tutorials in each of the weeks to support that particular topic, at the beginning of Week 3 we also launched the Tutorial Scavenger Hunt. This is an extra set of tutorials that run across all the topics of Devtoberfest. You have until the end of Devtoberfest itself on November, 12th to complete these bonus tutorials. If you complete all 20 bonus tutorials you get a whopping 6500 points towards the Devtoberfest contest. So if you are trying to reach Nerdvana (the 4 star level of the contest), these bonus points are going to be a big help.
Week 3 Recap
Week 3 was all about Cloud Native approach to development and I suspect that the session from this week challenged a lot of peoples notions about what exactly makes an architect Cloud Native.
We kicked off the week with Jens Keller and his discussion on “Microservices are Probably Not What You Think They Are” challenging everyone on the very idea of one of the foundations of Cloud Native – the Microservice.
Then on Thursday, Christian Lechner entertained the audience with one of best named presentations I’ve ever encountered – “Pour Some Serverless on Me“. For those you that don’t get that 1980’s hair band reference; here is some background reading materials for you.
And after everyone was challenged to reconsider the concepts of Microservices and Serverless this week; the Fun Friday lecture came along to lighten the mood. This week we are fortunate enough t be joined by Eric Johnson from Amazon Web Services. Although also well versed in the Cloud Native topic, Eric’s presentation addressed challenges in both our personal and work lives and how the right attitude can make all the difference in overcoming them. His presentation on “Attitude of Iteration” is not to be missed.
Looking Ahead to Week 4
Week 4 is all about Security in application development. You might think that Security is something that is only for the dedicated security admin. But as the presentations this week will focus on, it’s something that all of us as developers need to build into our overall thinking, design and every level of architecture we build. And like the other weeks of Devtoberfest, we have thought leadership sessions, practical tutorials, code challenges and some fun activities planned for you this week.
Next week has a full agenda of sessions that will run the gambit from programming model and language specific language features to more holistic discussions of the role of passwords and container security.
Kicking off the week will be Cédric Hebert discussing how we can defeat hackers at their own game by using honey passwords to poison the well in “Hackers Want Passwords“.
Tuesday we mix things up with a Security Round Table discussion from security researches and experts joining us from Microsoft, Mannheim University of Applied Sciences, and SAP. Bring your questions and join in on this lively discussion.
Then on Wednesday it’s my turn with a live coding session covering the “Security Aspects of SAP Cloud Application Programming Model“. This session will tie right into the Code Challenge of the week and give you some hints as to how to best defeat that Code Challenge.
We end the week’s interactive sessions with a presentation from Michele Chubirka called “Container Security: It’s All About the Supply Chain“. In her own words: The talk is tool agnostic, because security of the supply chain is more about the alignment with the software development process than the integration of a single magical tool.
But if you want hands-on kinds of experiences for your Security topic, we have you covered there as well. This week includes the following tutorials designed to test your security relevant development skills across various SAP BTP aspects.
- Week 4 Attended Speaker Event
- Secure Your Application on SAP Cloud Platform Cloud Foundry
- Secure a Node.JS Application and Make It Available to Other Subaccounts
- Prepare User Authentication and Authorization (XSUAA) Setup
- Implement Roles and Authorization Checks In CAP
- Create Authorization Model with SAP BTP, ABAP Environment
- Create Authorization Model and App in SAP BTP, ABAP Environment
- Connect SAP Business Application Studio and SAP S/4HANA Cloud Tenant
- Access Protected SAP Analytics Cloud Resources with OAuth Two-Legged Flow
- Call SAP Conversational AI API Using OAuth
- Week 4 Fun Friday Event
In addition to the tutorials, this week also has a coding challenge where you’ll have an existing repository that has “built-in” security flaws for you to discover and fix. To expand on the general security concepts of Devtoberfest Week 4, we also want to provide some practical exercises for both the ABAP and SAP Cloud Application Programming Model environment. You can choose to tackle the ABAP challenge, the CAP challenge or both of them.
This challenge consists of three ABAP classes all of which have typical security issues when working with dynamic SQL. Your challenge is to improve this code; keeping it still dynamic but improve the safety of the code.
The rest of the content in this challenge is an SAP Cloud Application Programming Model project. This is an already built project with the basic sample data model. It can be cloned locally into VSCode or into the SAP Business Application Studio or you can edit it directly from GitHub Codespaces. It is configured to run with SQLite, so no backend HANA dependencies are necessarily needed to start.
This is a perfectly normal, although simple, CAP project. However it lacks certain security features that are available to the Cloud Application Programming Model. Your challenge is to add one or more of these features into the project.
- Add CORS processing for when the CAP service is used directly without an Application Router
- Add authentication to your CAP Service
- Add Access Control to your CAP Model/Service
- Add Instance Based Authorization (Role Level Checks)
- Add A Content Security Policy
- Other aspects – up to you
Fun Friday Activity
As the saying goes “All work and no play makes for a dull life”. To that end, we will take time out next Friday to having some fun and community building by engaging in some online gaming together.
For this event it is all about challenging the SAP Developer Advocates and the Community in your favorite video game and will the Fun Friday Activity on October 29th. Although the Discord server is already available and can be used to game with your fellow community members and form groups before the big gathering on Fun Friday.
To communicate and interact with each other we provide a Discord server which you can join for the different gaming channels. Devtoberfest Gaming Night Server
We look forward to seeing you there.