Deploying secrets with AWS CloudFormation

One of the biggest pains we encounter in creating immutable infrastructures with CloudFormation, is dealing with secrets. Secrets must be passed into the CloudFormation templates to make them different per environment. Furthermore, these secrets have to passed to development teams, so that they can do something useful with them. Before you know it, your secrets are compromised.

With this Custom CloudFormation Resource we put an end to that.  Read more 


Misvattingen rondom testautomatisering - Misvatting 1: The Silver Bullet

Deze blog post is de eerste in een reeks van posts ter wegneming van misvattingen rondom het thema testautomatisering. Zie hier voor het inleidende artikel.


Testautomatisering is de oplossing voor al onze problemen rondom testen en kwaliteit.”


Dit is helaas nog steeds een gangbare opvatting onder voornamelijk, doch zeker niet uitsluitend, ongeïnformeerde stakeholders op (lijn-) managementniveau. Daarbij blijft deze misvatting ook vaak onuitgesproken. Vanwege dit impliciete karakter, blijft deze zienswijze doorgaans lang bestaan, omdat zij niet (of te laat) onderkend en daarmee ook niet (tijdig) gecorrigeerd wordt.

Read more →

Misvattingen rondom testautomatisering - Introductie

De geschiedenis van testautomatisering beslaat inmiddels een periode van enkele tientallen jaren. Deze discipline is echter pas de laatste jaren écht in een stroomversnelling geraakt en ze lijkt nu voor het eerst ook definitief door te breken en zich te bestendigen, als een relatief volwassen vakgebied.

Deze ontwikkeling is een gevolg van onder andere de maturatie van tooling en frameworks, de adoptie door grote spelers zoals Google en de succesvolle opkomst van software development methodologieën die testautomatisering als randvoorwaarde hebben of waarvan testautomatisering een logisch gevolg is.

Omdat testautomatisering in deze zin genomen nog maar een relatief jong vakgebied is, bestaan er binnen dat vakgebied nog steeds een hoop misvattingen (en daarmee valkuilen). Zelfs ten aanzien van allerlei fundamentele thema’s. Deze misvattingen bestaan in een organisatie vaak niet alleen binnen allerlei (hogere) managementlagen en groepen van (meer direct betrokken) business stakeholders (zoals product owners), maar zelfs binnen allerlei groepen van practitioners (zoals developers en testers).

Read more →

Refactoring to Microservices – Using Docker Compose

In the previous version of the shop landscape (see tag 'document_v2' in this [repository]) services were started with a shell script. Each depended on Rabbit MQ to run, so there was a URL with an IP address that depended on whatever address the host it runs on got from its DHCP server. This was brittle, so I decided to introduce docker-compose. Actually, I should say 're-introduce' because my colleague Pavel Goultiaev built a previous version using compose. In this version, I copied and finished his code.

read more

This blog is part of my Trying-to-understand-Microservices-Quest, you can find the previous [installment here].

From Search to Checkout without annoying your customers

In the world of e-commerce, customers are becoming increasingly mobile. In The Netherlands, 50% of consumers is shopping on their mobile phone. Among those under 35 years of age mobile purchases is at 65%. Numbers for searching and browsing for a potential purchase is over 70% overall. Converting these visitors into customers is a delicate task. Consumers are still hesitant to make mobile purchases. The challenge lies in optimizing the mobile user experience. Luckily we can use new web technologies to deliver a stellar user experience with instant page transitions. Nowadays we can offer our customers an e-commerce experience that will not alienate or drive them away, but one that they will love.

Read more on Medium →

Being An Agile Security Officer: Spread Your Knowledge

This is my fifth and last part of my blog series about Being an Agile Officer

In the previous parts I showed how Security Officers can align with the Agile process and let security become a standard considered quality attribute again. Unfortunately many teams not only need to be made aware of security requirements, but also need technical advise and guidance in designing and implementing them. As an Agile Security Officer you therefor need not only to act as a Stakeholder, but also as a Domain Expert for Security.

Read more →

Avoiding deeply nested component trees

By passing child components down instead of data you can avoid passing data down through many levels of components. It also makes your components more reusable. Even multibrand components become much easier to build. Overall it is a pattern which improves your frontend code a lot!

The Problem

When building frontends you will pass data from a parent component to a child component. Often the child component renders this data, but not the component passing it along. The child components have different data requirements than your current component.

Then you add a new component, somewhere down your component tree. It has new data requirements, so you have to pass its data through all its parent components. On top of data, it might also need callbacks to provide interactivity. You also pass these through all parent components. You change a lot of files to add new functionality. With all the data passing the readability of your code also decreases. Overall the maintainability of codebase decreases.

Code samples and more at

Property-based testing in Java with JUnit-Quickcheck - Part 1: The basics

To be able to show you what Property-based testing (PBT) is, let's start by grasping the concept of a property in programming languages. Since this is a Java tutorial, I will start with Oracle and their definition of a property in their glossary:

Characteristics of an object that users can set, such as the color of a window.

Property is neither a variable/field or a method; it is something in between which is always true in your context. An example is weight in a postal parcel: this always is greater than zero.  In Java the following example implementation would follow:

Read more →

Share This