This document discusses test-driven development (TDD) with Puppet. It explains why testing is important, such as having confidence to change code without breaking things. It covers what to test, like parameters, resources, and conditional logic. Tools for testing like rspec-puppet are also presented. The document demonstrates writing tests first, then code to pass the tests, for a sample MOTD module. It encourages testing all parameters and provides examples for validating values. Finally, it discusses integrating tests with Travis CI for continuous integration.
The Hunter Games: How to Find the Adversary with Event Query LanguageRoss Wolf
Circle City Con 2019 and BSides SATX 2019
Abstract:
How do you find malicious activity? We often resort to the cliche, you know it when you see it, but how do you even see it, without drowning in data? MITRE’s ATT&CK knowledge base organizes adversary behavior into tactics and techniques, and orients our approach to endpoint data. It suggests questions that might be worth asking, but not a way to ask them. The Event Query Language (EQL) allows a security analyst to naturally express queries for IOC search, hunting, and behavioral detections, while remaining platform and data source agnostic.
In this talk, I will demonstrate the iterative process of establishing situational awareness in your environment, creating targeted detections, and hunting for the adversary in your environment with real data, queries, and results.
Fantastic Red Team Attacks and How to Find ThemRoss Wolf
Presented at Black Hat 2019
https://www.blackhat.com/us-19/briefings/schedule/index.html#fantastic-red-team-attacks-and-how-to-find-them-16540
Casey Smith (Red Canary)
Ross Wolf (Endgame)
bit.ly/fantastic19
Abstract:
Red team testing in organizations over the last year has shown a dramatic increase in detections mapped to MITRE ATT&CK™ across Windows, Linux and macOS. However, many organizations continue to miss several key techniques that, unsurprisingly, often blend in with day-to-day user operations. One example includes Trusted Developer Utilities which can be readily available on standard user endpoints, not just developer workstations, and such applications allow for code execution. Also, XSL Script processing can be used as an attack vector as there are a number of trusted utilities that can consume and execute scripts via XSL. And finally, in addition to these techniques, trusted .NET default binaries are known to allow unauthorized execution as well, these include tools like InstallUtil, Regsvcs and AddInProcess. Specific techniques, coupled with procedural difficulties within a team, such as alert fatigue and lack of understanding with environmental norms, make reliable detection of these events near impossible.
This talk summarizes prevalent and ongoing gaps across organizations uncovered by testing their defenses against a broad spectrum of attacks via Atomic Red Team. Many of these adversary behaviors are not atomic, but span multiple events in an event stream that may be arbitrarily and inconsistently separated in time by nuisance events.
Additionally, we introduce and demonstrate the open-sourced Event Query Language for creating high signal-to-noise analytics that close these prevalent behavioral gaps. EQL is event agnostic and can be used to craft analytics that readily link evidence across long sequences of log data. In a live demonstration, we showcase powerful but easy to craft analytics that catch adversarial behavior most commonly missed in organizations today.
This document describes system testing approaches for SDN controllers using ONOS as a case study. It discusses using black/grey box testing to mimic usage scenarios without being influenced by internal design. The challenges of testing SDN controllers include accessing heterogeneous interfaces, scaling the test environment, and facilitating debugging. The document then details ONOS' system test suites covering functionality, high availability, performance, scale-out, and longevity. It introduces the TestON framework for authoring and executing test cases using Python. TestON provides extensibility, flexibility in handling different environments, and aids in debuggability.
Human: Thank you, that is a concise 3 sentence summary that captures the key points about system testing approaches, challenges,
The document discusses techniques for obfuscating PowerShell commands to evade detection. It begins by motivating the need for improved PowerShell logging and detection capabilities as PowerShell is increasingly used by attackers. It then outlines ways to prepare systems for PowerShell investigations through process auditing and command line logging. One section focuses on obfuscating the common technique of using New-Object Net.WebClient to perform remote downloads. It demonstrates how this command can be broken up and variables used to avoid detection based solely on the presence of certain strings.
Android applications are an interesting target for
reverse engineering. They are written in Java, which is tradi-
tionally good to decompile and are executed by Google’s custom
Java virtual machine, making them interesting to study. In this
paper we present the basic methods and approaches as well as
the necessary tools to reverse engineer Android applications. We
discuss how to change Android applications and show alternative
approaches including man-in-the-middle attacks and automation.
This document provides an agenda for an OpenSCAP workshop that will explore scanning, reporting, and remediation using OpenSCAP tools and SCAP content. The workshop will include installing and reviewing compliance profiles in RHEL 7, performing and interpreting compliance scans and remediating findings, and creating a custom configuration baseline. It outlines the tasks to be completed which include installing OpenSCAP and SCAP content, reviewing available profiles and hardening guides, performing a local scan and reviewing results, extracting and reviewing remediation scripts, scanning a VM with the DISA STIG profile, and demonstrating the SCAP Workbench tool.
Securing Infrastructure with OpenScap The Automation Way !!Jaskaran Narula
Security Content Automation Protocol (SCAP) which is a collection of standards managed by National Institute of Standards and Technology (NIST). It was created to provide a standardized approach to maintaining the Security of enterprise system, such as automatically Verifying the presence of patched, checking system security configuration settings, and examining systems for signs of compromise. Along with this Audience will also have a good view of Foreman, how openscap can be integrated with foreman and become more useful and efficient to use.
ProbeDroid - Crafting Your Own Dynamic Instrument Tool on Android for App Beh...ZongXian Shen
The design memo and hack note of ProbeDroid
A dynamic binary instrumentation kit targeting Android(Lollipop) 5.0 and above
This is the first complete draft.
Improved version will be updated in a few days.
The document introduces PSR-7 and middleware in Zend Expressive. It discusses PSR-7 interfaces like RequestInterface and ResponseInterface that define HTTP messages. It also covers middleware and how middleware can be used to add functionality like authentication. Zend Expressive is introduced as a framework that uses PSR-7 and middleware. It has features like routing, dependency injection and templating. Examples are given of creating middleware for authentication, downloading files, and handling unavailable pages. The document concludes by thanking the reader and providing contact details.
With PHP 8.0 recently released and PHP 5.x still accounting for over 40% of all production environments, it's time to paint a clear picture on not just why everyone should move to 8.x, but on how to get code ready for the latest version of PHP. In this talk, we'll look at some handy tools and techniques to ease the migration.
This is the talk given at NullCon 2017. This talk give s history of the Veil Framework, and showcases the differences between 2.0 and the newly released 3.0. Veil 3.0 is released in this talk
No locked doors, no windows barred: hacking OpenAM infrastructureAndrew Petukhov
One of the main functional components of enterprise applications and Internet portals is an authentication and access control system (AuthC/Z). In this presentation, we describe a popular access control system called ForgeRock OpenAM from the external security point of view. We show the scenarios of full enterprise application compromise through complex attacks which employ both LFI and SSRF.
Workshop: PowerShell for Penetration TestersNikhil Mittal
This document outlines a PowerShell workshop for penetration testers. It introduces PowerShell concepts like cmdlets, variables, functions, and modules. It demonstrates how PowerShell can be used offensively for client-side attacks, shells, domain enumeration, and privilege escalation during a penetration test. The document emphasizes that PowerShell has become a critical tool for both red and blue teams. It provides resources for further PowerShell training and penetration testing tools.
As computer systems become more sophisticated, process injection techniques also evolve. These techniques are notorious for their use by "malicious software" to hide code execution and avoid detection. In this presentation we dive deep into the Windows runtime and we demonstrate these techniques. Besides, we also learn how to code construction and design patterns that relate to perform hidden code can recognize.
Property-based testing an open-source compiler, pflua (FOSDEM 2015)Igalia
By Katerina Barone-Adesi.
Discover property-based testing, and see how it works on a real project, the pflua compiler.
How do you find a lot of non-obvious bugs in an afternoon? Write a property that should always be true (like "this code should have the same result before and after it's optimized"), generate random valid expressions, and study the counter-examples!
Property-based testing is a powerful technique for finding bugs quickly. It can partly replace unit tests, leading to a more flexible test suite that generates more cases and finds more bugs in less time.
It's really quick and easy to get started with property-based testing. You can use existing tools like QuickCheck, or write your own: Andy Windo and I wrote pflua-quickcheck and found a half-dozen bugs with it in one afternoon, using pure Lua and no external libraries.
In this talk, I will introduce property-based testing, demonstrate a tool for using it in Lua - and how to write your own property-based testing tool from scratch, and explain how simple properties found bugs in pflua.
(c) 2015 FOSDEM VZW
CC BY 2.0 BE
https://archive.fosdem.org/2015/
PVS-Studio and static code analysis techniqueAndrey Karpov
What is «static code analysis»? It is a technique that allows, at the same time with unit-tests, dynamic code analysis, code review and others, to increase code quality, increase its reliability and decrease the development time.
With PHP 7.2 recently released and PHP 5.3 and 5.4 still accounting for over 40% of all production environments, it's time to paint a clear picture on not just why everyone should move to 7.0 (or preferably 7.1), but on how to get code ready for the latest version of PHP.
Using the version compatibility checker for PHP_CodeSniffer and a few simple step-by-step instructions, upgrading old code to make it compatible with the latest PHP versions becomes actually really easy. In this talk, we'll migrate an old piece of code and get rid of the demons of the past and ready for the present and future.
Abusing Adobe Reader’s JavaScript APIs by Abdul-Aziz Hariri & Brian Gorenc - ...CODE BLUE
Adobe Reader’s JavaScript APIs offer a rich set of functionality for document authors. These APIs allow for processing forms, controlling multimedia events, and communicating with databases, all of which provide end-users the ability to create complex documents. This complexity provides a perfect avenue for attackers to take advantage of weaknesses that exist in Reader’s JavaScript APIs.
In this talk, we will provide insight into both the documented and undocumented APIs available in Adobe Reader. Several code auditing techniques will be shared to aid in vulnerability discovery, along with numerous proofs-of-concept which highlight real-world examples. We’ll detail out how to chain several unique issues to obtain execution in a privileged context. Finally, we’ll describe how to construct an exploit that achieves remote code execution without the need for memory corruption.
Joind.in is an open source event feedback site written in PHP. As open source software, it is developed collaboratively by a community of contributors. The document provides information on how to get involved, such as reporting bugs, improving documentation, and contributing code, which should be submitted as a pull request via GitHub. It also lists some upcoming planned features and gives links for further support.
The document discusses the LAMP stack architecture and its limitations for scaling web applications. It presents the traditional LAMP stack of using Linux, Apache, MySQL, and PHP together. It then outlines several issues with this approach as applications grow larger, including PHP not closing MySQL connections properly, MySQL becoming blocked, and web servers having poor performance when waiting on MySQL. It suggests moving to a LNNJ stack using Linux, Nginx, NoSQL databases, and JavaScript to create asynchronous, event-driven applications that better leverage the network and browsers.
http://www.linuxtrainingacademy.com/ha-lamp-stack/
How to Setup a Highly Available LAMP Stack in Less than One Hour Even If You've Never Done It before, Don't Know Where to Start, or Don't Want to Spend Weeks Researching How to Do It.
This step-by-step guide teaches you everything you need to know in order to eliminate single points of failure for your Linux, Apache, MySQL, and PHP based web applications.
Do you wish you could ensure your web site was up all the time and finally enjoy a peaceful night's sleep?
Do you want to be able to scale without downtime and handle unexpected surges of traffic?
Do you want a solution that just works without spending weeks testing various combinations of technologies and software?
Do you want someone to lay it all out for you and walk you through an entire deployment?
If so, then check out this course at:
http://www.linuxtrainingacademy.com/ha-lamp-stack/
This document discusses various strategies for scaling web applications that use the LAMP (Linux, Apache, MySQL, PHP) stack. It addresses identifying bottlenecks, separating tasks across multiple servers, using caching and load balancing, optimizing code quality, and managing hardware, monitoring, and other operational aspects when scaling a web application to support increased traffic and load. Key strategies mentioned include splitting different application functions across separate hardware, optimizing databases and caching, and designing the application to be partitioned and replicated across multiple servers.
My talk for the Dutch PHP Conference, explaining the point of oauth, the mechanics of oauth2 and the various flows, and a spot of oauth1 for completeness
"Best Practice in API Design" talk given at phpday 2012 in Verona, Italy. This talk aims to give the best possible advice to anyone publishing a web service of any kind.
Web services tutorial slides from my session at DPC 2012 in Amsterdam. In this 3-hour session we built the simplest possible service, and then extended it, looking at RPC, REST and SOAP along the way.
This document discusses strategies for achieving high availability websites. It recommends hosting static content like images and files on Amazon S3 for high durability and redundancy. For dynamic websites, it suggests using Amazon EC2 instances behind an Elastic Load Balancer for redundancy across availability zones. It also recommends storing database content in Amazon RDS configured for multi-AZ failover. Monitoring and auto-scaling features help recover from failures and scale workload. Caching with services like ElastiCache can improve performance.
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...Jean Vanderdonckt
In this paper we present an extensible software workbench for supporting the effective and dynamic prototyping of multimodal interactive systems. We hypothesize the construction of such applications to be based on the assembly of several components, namely various and sometimes interchangeable modalities at the input, fusion-fission components, and also several modalities at the output. Successful realization of advanced interactions can benefit from early prototyping and the iterative implementation of design requires the easy integration, combination, replacement, or upgrade of components. We have designed and implemented a thin integration platform able to manage these key elements, and thus provide the research community a tool to bridge the gap of the current support for multimodal applications implementation. The platform is included within a workbench offering visual editors, non-intrusive tools, components and techniques to assemble various modalities provided in different implementation technologies, while keeping a high level of performance of the integrated system.
Introduction to Chef - Techsuperwomen SummitJennifer Davis
Interested in speeding up time to production when developing an application? Want to understand how to minimize risk associated with changes? Come learn about infrastructure automation with Chef. In this beginner level workshop, I will teach you the core set of skills needed to implement Chef in your environment whether for work or personal projects. I will cover the basic architecture of Chef and the associated tools that will help you improve your application workflow from design to production.
This is a bug bounty hunter presentation given at Nullcon 2016 by Bugcrowd's Faraz Khan.
Learn more about Bugcrowd here: https://bugcrowd.com/join-the-crowd
2011 CodeEngn Conference 05
DBI 란 Dynamic Binary Instrumentation 의 약자이다. 이는 실행 중인 어떤 Process 또는 Program 에 특수한 목적으로 사용될 임의의 코드를 삽입하는 방법이다. 이를 이용하여 동적으로 생성된 Code 처리, 특정 코드의 발견, 실행중인 Process 분석 등을 할 수 있다. 주로 컴퓨터 구조 연구, 프로그램, 스레드 분 석에 이용되며, Taint Analysis 에 대한 개념, 각종 Tool 과 사용 방법, 간단한 예제, 최신 취약점 분석 등 을 통하여 DBI 를 알아보도록 한다.
http://codeengn.com/conference/05
Enterprise PHP development teams, no matter the maturity level, focus on one thing, releasing stable apps that perform. They also want to avoid reinventing the wheel. Therefore, make the investment to listen to the top lessons we've learned from across industries to deliver PHP code faster without sacrificing quality, user experience, or existing workflows.
You will learn:
How to dig deep into application behavior and performance at runtime
How to maximize existing continuous delivery principles and tools
When to take advantage of existing frameworks and extensions and when to do it yourself
How to avoid reinventing the wheel each time you deploy, upgrade, or rollback
This document discusses continuous integration in a PHP context. Continuous integration is a software development practice where developers regularly merge their code changes into a central repository. This allows the integration of code changes to be tested and identified early if issues arise. The benefits are less time spent fixing bugs and integration issues. Tools mentioned that can help with continuous integration for PHP projects include PHPUnit, Selenium, PHPMD, PDepend, PHP_CodeSniffer, phpUnderControl, Xinc, Hudson and Bamboo. Regular integration and testing of all code changes is important for reducing project risks.
Sensu and Sensibility - Puppetconf 2014Tomas Doran
As the Yelp infrastructure and engineering team grew, so did the pain of managing Nagios. Problems like splitting alerting across multiple teams, providing high availability and managing nagios systems in multiple environments had become pressing. As we grew towards a service oriented architecture and pushed some services out into the cloud, we rapidly needed more automated monitoring configuration.
An evolutionary solution wasn’t going to solve all of our problems, we needed to revolutionize our monitoring. Sensu is built from the ground up to solve many of our issues and be easy to extend.
This talk covers our puppet ‘monitoring_check’ API (that sets up monitoring for our services within puppet), how and why we deploy Sensu and our custom handlers and escalations, along with how we provide automatic ‘self service’ monitoring for dynamic services and how we deal with the challenges posed by the more ephemeral nature of cloud architectures.
First Section:
Continuous Delivery as a software engineering approach.
(This is beneficial for Project Managers, DEVs & QAs.)
1. Projects Case Studies to explain why you should adopt Continuous Delivery.
2. Advantages & Reasons for releasing software more frequently.
3. How to make a Reliable / Production Ready Software.
4. Ingredients of Continues Delivery.
5. Tools/ approaches to choose while using Continues Delivery Methodology.
Second Section:
Technical side of Continuous Delivery.
(This is more beneficial for DEVs/ QAs than Project Managers.)
1. Testing a Software.
2. Measuring Code Quality / Analytic to visualize teams performances.
3. Tools: Code Syntax Checker, Testing Framework, Build Automation, Automated Reporting/ Analytic Dashboard.
4. Continuous Delivery Automation over Cloud using Travis CI - Live demonstration.
Third Section:
1. Sample Projects for audience to adopt right tools for development, testing & deployments.
2. Q&A.
-------------------------------------------------
By Waqar Alamgir http://waqaralamgir.tk
To ∞ (~65K) and beyond! - Sebastiano Gottardo - Codemotion Milan 2016Codemotion
This talk focuses on analyzing the infamous 65K methods limit for Android apps, from a pragmatic and down-to-earth perspective for developers. You will get to understand what exactly this problem is about and why it exists in the first place. Moreover, we will go through the possible solutions, each one of them presented with pros and cons. At the end of this talk, you should be able to evaluate which solution best suits your app, and even if you need a solution in the first place.
PyCon AU 2012 - Debugging Live Python Web ApplicationsGraham Dumpleton
Monitoring tools record the result of what happened to your web application when a problem arises, but for some classes of problems, monitoring systems are only a starting point. Sometimes it is necessary to take more intrusive steps to plan for the unexpected by embedding mechanisms that will allow you to interact with a live deployed web application and extract even more detailed information.
The document provides an overview of good practices for PHP development, covering topics such as software development lifecycles (Waterfall, Agile), databases, source control, documentation, and open source. It discusses tools and techniques for each topic, such as PHPDocumentor for API documentation generation and subversion/git for source control. The document aims to help developers implement best practices in their PHP projects.
The document is a presentation on high performance PHP. It discusses profiling PHP applications to identify bottlenecks, code-level optimizations that can provide gains, and big wins like upgrading PHP versions and using APC correctly. It also covers load testing tools like JMeter and key takeaways like focusing on big wins and caching.
This 2-day training course covers Behavior Driven Development (BDD) and automation testing using the Behat and Mink frameworks. Day 1 includes an overview of BDD, the Behat tool, and the Gherkin language. It demonstrates setting up a Behat project, writing feature files with scenarios, and implementing step definitions. Day 2 focuses on more advanced topics like the Mink library for web testing, configuration options, and best practices for BDD. Attendees will learn how to write automated tests for a website using Behat and execute them on the command line or within a browser. The course is suitable for testers and developers interested in BDD and gaining skills in PHP, Behat, and M
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
The SolarWinds attack brought additional scrutiny software supply chain security, but concerns about organizations’ software supply chains have been discussed for a number of years. Development organizations’ shift to DevOps or DevSecOps has pushed teams to adopt new technologies in the build pipeline – often hosted by 3rd parties. This has resulted in build pipelines that expose a complicated and often uncharted attack surface. In addition, modern products also incorporate code from a variety of contributors – ranging from in-house developers, 3rd party development contractors, as well as an array open source contributors.
This talk looks at the challenge of developing secure build pipelines. This is done via the construction of a threat model for an example software build pipeline that walks through how the various systems and communications along the way can potentially be misused by malicious actors. Coverage of the major components of a build pipeline – source control, open source component management, software builds, automated testing, and packaging for distribution – is used to enumerate likely attack surface exposed via the build process and to highlight potential controls that can be put in place to harden the pipeline against attacks. The presentation is intended to be useful both for evaluating internal build processes as well as to support the evaluation of critical external vendors’ processes.
The document discusses continuous feature development. It defines a feature as a set of expected functional behaviors from a client. Continuous feature development involves incrementally building these expected behaviors. This approach is needed because clients' expectations, business needs, user perceptions, and competitive advantages are continually changing. Managing continuous feature development presents challenges like integrating new features, maintaining stability, seamless integration, and managing trust. The document recommends practices like acceptance test-driven development, test-driven development, behavior-driven development, continuous integration, coding in feature branches, code reviews, maintaining a production branch, using staging servers, and continuous integration to help address these challenges.
Security research over Windows #defcon chinaPeter Hlavaty
Past several years Microsoft Windows undergo lot of fundamental security changes. Where one can argue still imperfect and bound to tons of legacy issues, on the other hand those changes made important shifts in attacker perspective. From tightened sandboxing, restricting attack surface, introducing mitigations, applying virtualization up to stronger focus even on win32k. In our talk we will go trough those changes, how it affects us and how we tackle them from choosing targets, finding bugs up to exploitation primitives we are using. While also empathize that windows research is not only about sandbox, and there are many more interesting target to look for.
Demystifying Binary Reverse Engineering - Pixels CampAndré Baptista
Reverse engineering is not just about uncovering the hidden behaviour of a given technology, system, program or device. It's actually an art and a mindset. Reversing is used by some government agencies, secret services, antivirus software companies, hackers and students. It can be used for many purposes: cracking/bypassing software, botnet analysis, finding 0day exploits, interpreting unknown protocols, understanding malware or finding bugs in apps.
Getting started with RISC-V verification what's next after compliance testingRISC-V International
The document discusses the CPU design verification (DV) process for RISC-V processors and the challenges presented by RISC-V's open standard nature. It covers developing a verification plan, obtaining tests and models, running simulations, and verifying until coverage metrics are met. Key aspects include using a reference model for configuration and comparison, techniques like self-check, signature comparison, trace logging and step-and-compare, and test suites like riscv-compliance. The presenter demonstrates step-and-compare verification between an Imperas reference model and RISC-V RTL using open source tools and models.
Creating a Smooth Development Workflow for High-Quality Modular Open-Source P...Pantheon
Greg Anderson's slide deck from BADCamp 2016.
Having a fine-tuned continuous integration environment is extremely valuable, even for small projects. Today, there is a wide variety of standalone projects and online Software-As-A-Service offerings that can super-streamline your everyday development tasks that can help you get your projects up and running like a pro. In this session, we'll look at how you can get the most out of:
- GitHub source code repository
- Packagist package manager for Composer
- Travis CI continuous integration service
- Coveralls code coverage service
- Scrutinizer static analysis service
- Box2 phar builder
- PhpDocumentor api documentation generator
- ReadTheDocs online documentation reader service
- Composer scripts and projects for running local tests and builds
How to get involved with an open source project using github. Shows the process of forking and cloning, a bit of a git primer, and how to submit pull requests. Also how to approach and contribute to an open source project.
Business 101 for Developers: Time and MoneyLorna Mitchell
My talk "time and money" for the virtual conference Day Camp 4 Developers - teaching software professionals about softer skills, in particular business concepts. I'm a freelancer and I wanted to share the tips I have learned.
This is my talk aimed at helping teams to grow their skills and for individual developers to reach for their next stage of career development. Given in Poland at phpconpl in 2011
This document provides an overview and agenda for a web services tutorial. It discusses consuming and building web services using PHP. The topics that will be covered include: consuming simple web services using file_get_contents, cURL, and Pecl_HTTP; building RESTful and RPC services; handling HTTP requests and responses including status codes, headers, and data formats like JSON and XML; and best practices for versioning, documentation, and statelessness. Code samples are provided on the speaker's website.
This document discusses distributed source control and how it differs from traditional centralized source control. It covers the aims of source control like maintaining a central repository and history of changes. It describes tools for distributed version control like Git, Mercurial and Bazaar. It discusses features like fast local branching and merging, and how distributed systems think in terms of snapshots rather than changesets. It also covers supporting tools for collaboration, bridging between systems, and tracking relationships between repositories.
This document provides an overview and best practices for API design. It discusses when to build an API, such as to share data between apps or give users control over their data. It covers HTTP fundamentals like requests and responses, status codes, headers, and verbs. It also discusses different service types like RPC and RESTful services. The document provides tips on design considerations for APIs like target audience, statelessness, versioning, error handling, and access control.
Full-day tutorial for the dutch php conference 2011 giving a very quick tour around all the various areas of the ZCE syllabus and some tips on the exam styles
Shows how to be an oauth consumer and provider from PHP - OAuth 1 - including handling of tokens, secrets, and handling the workflow for devices. Also covers the workflow for OAuth 2
The document provides an introduction and overview of building and consuming web services. It begins with defining what a web service is and discussing common web service architectures and types, including RESTful and RPC services. It then covers topics like HTTP, data formats like JSON and XML, and how to build a simple PHP-based web service that returns data in various formats depending on the Accept header. The document also discusses consuming web services using PHP libraries like cURL and Pecl_HTTP. It includes examples of building and consuming a SOAP web service in PHP. Finally, it discusses building RESTful web services and routing requests in PHP.
Object Oriented Programming (OOP) allows developers to organize complex programs using classes and objects. OOP uses concepts like encapsulation, inheritance and polymorphism to keep data and functionality together in objects. The basic building blocks in OOP are classes, which define the properties and methods of an object, and objects, which are instances of classes. Classes can inherit properties and methods from parent classes, and objects can be identified and compared using operators like instanceof. Magic methods allow objects to override default behavior for operations like property access, method calling and object destruction.
Inheritance allows similar classes to share a parent class and override features, improving modularity and avoiding duplication. Classes can only have one parent but can have many children classes, and inheritance can include many generations. Inheritance provides a way for classes to inherit and specialize features of other classes.
The document discusses factors to consider when determining if telecommuting will work for you, including environmental, organizational, and personal factors. It addresses expectations around telecommuting, such as others assuming your life is wonderful or that you watch TV all day. It also covers team structure, economics of telecommuting versus being an employee or freelancer, and strategies for making telecommuting successful such as staying active and iterating your approach.
This document discusses several common design patterns used in software development including Singleton, Registry, Factory, Adapter, Decorator, and Observer. It provides examples of how each pattern can be implemented in PHP code. The Singleton pattern ensures only one instance of a class can exist. The Registry pattern acts as a singleton for singletons. The Factory pattern handles object creation. The Adapter pattern makes one interface compatible with another. The Decorator pattern allows behavior to be added to individual objects. The Observer pattern notifies observers when a subject changes state.
This document discusses how the open source project Joind.In uses GitHub to manage its codebase and development. It summarizes key aspects of GitHub like version control, code repositories, wikis, pull requests, and issue tracking. The document outlines how Joind.In utilizes GitHub features for its wiki, source code hosted in a main repository with forks, and issue tracking on JIRA instead of GitHub. It also discusses how the project uses mailing lists, IRC, and transparency to engage its community.
This document provides an introduction to the Standard PHP Library (SPL) which includes common interfaces, data structures, and classes. It discusses key SPL interfaces like Countable, ArrayAccess, and Iterator. It also covers common SPL data structures like SPLFixedArray, SPLDoublyLinkedList, SPLStack and SPLQueue. The document demonstrates how to use SPL for filesystem handling with SPLFileInfo and DirectoryIterator. It also discusses the SPLException class and specific exception types.
Ensuring Secure and Permission-Aware RAG DeploymentsZilliz
In this talk, we will explore the critical aspects of securing Retrieval-Augmented Generation (RAG) deployments. The focus will be on implementing robust secured data retrieval mechanisms and establishing permission-aware RAG frameworks. Attendees will learn how to ensure that access control is rigorously maintained within the model when ingesting documents, ensuring that only authorized personnel can retrieve data. We will also discuss strategies to mitigate risks of data leakage, unauthorized access, and insider threats in RAG deployments. By the end of this session, participants will have a clearer understanding of the best practices and tools necessary to secure their RAG deployments effectively.
UiPath Community Day Amsterdam: Code, Collaborate, ConnectUiPathCommunity
Welcome to our third live UiPath Community Day Amsterdam! Come join us for a half-day of networking and UiPath Platform deep-dives, for devs and non-devs alike, in the middle of summer ☀.
📕 Agenda:
12:30 Welcome Coffee/Light Lunch ☕
13:00 Event opening speech
Ebert Knol, Managing Partner, Tacstone Technology
Jonathan Smith, UiPath MVP, RPA Lead, Ciphix
Cristina Vidu, Senior Marketing Manager, UiPath Community EMEA
Dion Mes, Principal Sales Engineer, UiPath
13:15 ASML: RPA as Tactical Automation
Tactical robotic process automation for solving short-term challenges, while establishing standard and re-usable interfaces that fit IT's long-term goals and objectives.
Yannic Suurmeijer, System Architect, ASML
13:30 PostNL: an insight into RPA at PostNL
Showcasing the solutions our automations have provided, the challenges we’ve faced, and the best practices we’ve developed to support our logistics operations.
Leonard Renne, RPA Developer, PostNL
13:45 Break (30')
14:15 Breakout Sessions: Round 1
Modern Document Understanding in the cloud platform: AI-driven UiPath Document Understanding
Mike Bos, Senior Automation Developer, Tacstone Technology
Process Orchestration: scale up and have your Robots work in harmony
Jon Smith, UiPath MVP, RPA Lead, Ciphix
UiPath Integration Service: connect applications, leverage prebuilt connectors, and set up customer connectors
Johans Brink, CTO, MvR digital workforce
15:00 Breakout Sessions: Round 2
Automation, and GenAI: practical use cases for value generation
Thomas Janssen, UiPath MVP, Senior Automation Developer, Automation Heroes
Human in the Loop/Action Center
Dion Mes, Principal Sales Engineer @UiPath
Improving development with coded workflows
Idris Janszen, Technical Consultant, Ilionx
15:45 End remarks
16:00 Community fun games, sharing knowledge, drinks, and bites 🍻
Global Collaboration for Space Exploration.pdfSachin Chitre
Distinguished readers, leaders, esteemed colleagues, and fellow dreamers,
We stand at the precipice of a new era, an epoch where the boundaries of human potential are poised to be redefined. For centuries, humanity has gazed up at the celestial expanse, yearning to explore the cosmic mysteries that beckon us.
Today, I present a vision, a blueprint for a journey that transcends the limitations of conventional science and technology.
Imagine a world where the shackles of gravity are broken, where interstellar travel is no longer confined to the realms of science fiction. A world united not by petty differences, but by a shared purpose – to explore, to discover, and to elevate humanity.
This presentation outlines a comprehensive research project to construct and deploy Vimanas – ancient, aerial vehicles of wisdom and power. By harnessing the knowledge of our ancestors and the advancements of modern science, we can embark on a quest to not only conquer the skies but to conquer the cosmos.
Let us together ignite the spark of human ingenuity and propel our civilization towards a future where the stars are within our reach and where the bonds of humanity are strengthened through shared exploration.
The time for action is now. Let us embark on this extraordinary journey together."
Generative AI technology is a fascinating field that focuses on creating comp...Nohoax Kanont
Generative AI technology is a fascinating field that focuses on creating computer models capable of generating new, original content. It leverages the power of large language models, neural networks, and machine learning to produce content that can mimic human creativity. This technology has seen a surge in innovation and adoption since the introduction of ChatGPT in 2022, leading to significant productivity benefits across various industries. With its ability to generate text, images, video, and audio, generative AI is transforming how we interact with technology and the types of tasks that can be automated.
Planetek Italia is an Italian Benefit Company established in 1994, which employs 120+ women and men, passionate and skilled in Geoinformatics, Space solutions, and Earth science.
We provide solutions to exploit the value of geospatial data through all phases of data life cycle. We operate in many application areas ranging from environmental and land monitoring to open-government and smart cities, and including defence and security, as well as Space exploration and EO satellite missions.
Flame emission spectroscopy is an instrument used to determine concentration of metal ions in sample. Flame provide energy for excitation atoms introduced into flame. It involve components like sample delivery system, burner, sample, mirror, slits, monochromator, filter, detector (photomultiplier tube and photo tube detector). There are many interference involved during analysis of sample like spectral interference, ionisation interference, chemical interference ect. It can be used for both quantitative and qualitative study, determine lead in petrol, determine alkali and alkaline earth metal, determine fertilizer requirement for soil.
Understanding the NFT marketplace ecosystem involves exploring platforms for creating, buying, selling, and trading digital assets. These platforms use blockchain technology for security and smart contracts for automated transactions. Key components include digital wallets, NFT standards, and marketplaces like OpenSea and Rarible. This ecosystem is shaped by the roles of creators, collectors, and developers, offering insights into the dynamics and trends of the digital asset economy.
Securiport Gambia is a civil aviation and intelligent immigration solutions provider founded in 2001. The company was created to address security needs unique to today’s age of advanced technology and security threats. Securiport Gambia partners with governments, coming alongside their border security to create and implement the right solutions.
Network Auto Configuration and Correction using Python.pptxsaikumaresh2
- Implemented Zero Touch Provisioning, Network Topology Mapper, and Root Cause Analysis using Python, GNS3, Netmiko, SSH, OSPF, and Graphviz.
- Developed a Python script to automate network discovery based on Core Router IP and login details, significantly reducing manual intervention.
- Enhanced network visualization by generating detailed network graphs, aiding in quick network analysis and troubleshooting.
The Hilarious Saga of Ships Losing Their Voices: these gigantic vessels that rule the seas can't even keep track of themselves without our help. When their beloved AIS system fails, they're rendered blind, deaf and dumb - a cruel joke on their supposed maritime prowess.
This document, in its grand ambition, seeks to dissect the marvel that is maritime open-source intelligence (maritime OSINT). Real-world case studies will be presented with the gravitas of a Shakespearean tragedy, illustrating the practical applications and undeniable benefits of maritime OSINT in various security scenarios.
For the cybersecurity professionals and maritime law enforcement authorities, this document will be nothing short of a revelation, equipping them with the knowledge and tools to navigate the complexities of maritime OSINT operations while maintaining a veneer of ethical and legal propriety. Researchers, policymakers, and industry stakeholders will find this document to be an indispensable resource, shedding light on the potential and implications of maritime OSINT in safeguarding our seas and ensuring maritime security and safety.
-------------------------
This document aims to provide a comprehensive analysis of maritime open-source intelligence (maritime OSINT) and its various aspects: examining the ethical implications of employing maritime OSINT techniques, particularly in the context of maritime law enforcement authorities, identifying and addressing the operational challenges faced by maritime law enforcement authorities when utilizing maritime OSINT, such as data acquisition, analysis, and dissemination.
The analysis will offer a thorough and insightful examination of these aspects, providing a valuable resource for cybersecurity professionals, law enforcement agencies, maritime industry stakeholders, and researchers alike. Additionally, the document will serve as a valuable resource for researchers, policymakers, and industry stakeholders seeking to understand the potential and implications of maritime OSINT in ensuring maritime security and safety.
Maritime Open-Source Intelligence (OSINT) refers to the practice of gathering and analyzing publicly available information related to maritime activities, vessels, ports, and other maritime infrastructure for intelligence purposes. It involves leveraging various open-source data sources and tools to monitor, track, and gain insights into maritime operations, potential threats, and anomalies. Maritime Open-Source Intelligence (OSINT) is crucial for capturing information critical to business operations, especially when electronic systems like Automatic Identification Systems (AIS) fail. OSINT can provide valuable context and insights into vessel operations, including the identification of vessels, their positions, courses, and speeds
A. Data Sources
• Vessel tracking websites and services (e.g., MarineTraffic, VesselFinder) that provide real-time and historical data on ship movements, positions, and d
Webinar: Transforming Substation Automation with Open Source SolutionsDanBrown980551
This webinar will provide an overview of open source software and tooling for digital substation automation in energy systems. The speakers will provide a brief overview of how open source collaborative development works in general, then delve into how it is driving innovation and accelerating the pace of substation automation. Examples of specific open source solutions and real-world implementations by utilities will be discussed. Participants will walk away with a better understanding of the challenges of automating substations, the ecosystem of solutions available to help, and best practices for implementing them.
TrustArc Webinar - Innovating with TRUSTe Responsible AI CertificationTrustArc
In a landmark year marked by significant AI advancements, it’s vital to prioritize transparency, accountability, and respect for privacy rights with your AI innovation.
Learn how to navigate the shifting AI landscape with our innovative solution TRUSTe Responsible AI Certification, the first AI certification designed for data protection and privacy. Crafted by a team with 10,000+ privacy certifications issued, this framework integrated industry standards and laws for responsible AI governance.
This webinar will review:
- How compliance can play a role in the development and deployment of AI systems
- How to model trust and transparency across products and services
- How to save time and work smarter in understanding regulatory obligations, including AI
- How to operationalize and deploy AI governance best practices in your organization
IT market in Israel, economic background, forecasts of 160 categories and the infrastructure and software products in those categories, professional services also. 710 vendors are ranked in 160 categories.
Using ScyllaDB for Real-Time Write-Heavy WorkloadsScyllaDB
Keeping latencies low for highly concurrent, intensive data ingestion
ScyllaDB’s “sweet spot” is workloads over 50K operations per second that require predictably low (e.g., single-digit millisecond) latency. And its unique architecture makes it particularly valuable for the real-time write-heavy workloads such as those commonly found in IoT, logging systems, real-time analytics, and order processing.
Join ScyllaDB technical director Felipe Cardeneti Mendes and principal field engineer, Lubos Kosco to learn about:
- Common challenges that arise with real-time write-heavy workloads
- The tradeoffs teams face and tips for negotiating them
- ScyllaDB architectural elements that support real-time write-heavy workloads
- How your peers are using ScyllaDB with similar workloads
10. Technology
• We need good tools
• They enable our workflow
• They facilitate our achievements
8
11. Technology
• We need good tools
• They enable our workflow
• They facilitate our achievements
• They allow us to meet our deadlines
8
12. Technology
• We need good tools
• They enable our workflow
• They facilitate our achievements
• They allow us to meet our deadlines
• They are not the silver bullet (sorry)
8
16. Source Control: Key Ingredient
• Central, canonical version
• Collaboration point
• Historical information
• what changed
• when
• by whom
• Can include its own config
12
21. Database Version Control
No silver bullet to keep code and database schema in sync
Strategies:
• All db changes done via script
• Scripts are numbered
• Database knows what numbers it already has
Tools:
• homespun scripts
• DbDeploy http://dbdeploy.com/
• Liquibase http://www.liquibase.org/
17
26. Task Tracking
Once called ’bug tracking’.
We can track what status everything is in.
Developers understand bug trackers, bug trackers understand your
workflow.
21
27. Workflow
Backlog Sprint
Active
Blocked Verify
Complete
22
33. Automated Testing Tools
• Selenium: browser-based record and play of tests
• Selenium IDE http://seleniumhq.org/projects/ide/
• Selenium RC
http://seleniumhq.org/projects/remote-control/
• PHPUnit: unit testing and automation
• http://phpunit.de
• Also generates code coverage graphs
28
34. My First Unit Test
require_once '../src/models/MathUtilModel.php';
class MathUtilModelTest extends PHPUnit_Framework_TestCase {
public function testAddNumbersWithNumbers() {
$util = new MathUtilModel();
$result = $util->addNumbers(3,5);
$this->assertEquals(8, $result);
}
}
29
35. Running One Test
To run our tests, from the tests directory do:
phpunit models/MathUtilModel
Output:
PHPUnit 3.5.13 by Sebastian Bergmann.
.
Time: 0 seconds, Memory: 3.00Mb
OK (1 test, 1 assertion)
30
36. Testable Code
• Testable code is clean and modular
• Need to be able to separate elements to test
• Each function does one thing
• Not too many paths through the code
• Dependencies are dangerous
31
37. Dependency Injection
Passing things in or looking them up.
function getData() {
$db = new MyDatabaseObject();
// sql and query
}
function getData($db) {
// sql and query
}
32
38. Code Coverage
What percentage of your code is tested?
• Summary view
• Drill in to see which lines are run by tests
• Beware: 100% code coverage does not mean fully tested
Use phpunit -coverage-html and specify where PHPUnit should
write the report files
Examples from http://jenkins.joind.in
33
45. API Documentation
Another form of static analysis is to generate documentation
• Commented documentation in each file, class, function
• Automatically generate into readable documents
• Tools:
• PHPDocumentor http://www.phpdoc.org/
• DocBlox http://www.docblox-project.org/
40
48. PHPCS Examples
Source code:
class recipe
{
protected $_id;
public $name;
public $prep_time;
function getIngredients() {
$ingredients = Ingredients::fetchAllById($this->_id);
return $ingredients;
}
}
43
49. PHPCS Examples
Sniffer output:
FILE: /home/lorna/phpcs/recipe.class.php
----------------------------------------------------------------------
FOUND 8 ERROR(S) AND 0 WARNING(S) AFFECTING 5 LINE(S)
----------------------------------------------------------------------
2 | ERROR | Missing file doc comment
3 | ERROR | Class name must begin with a capital letter
3 | ERROR | Missing class doc comment
6 | ERROR | Protected member variable "_id" must not be prefixed wit
| | underscore
12 | ERROR | Missing function doc comment
12 | ERROR | Opening brace should be on a new line
13 | ERROR | Line indented incorrectly; expected at least 8 spaces, f
13 | ERROR | Spaces must be used to indent lines; tabs are not allowe
----------------------------------------------------------------------
44
54. Automating Deployment: Why
• Minimise mistakes
• Save time on each deploy
• Better than documentation
• Reliable process - use for different platforms
• Scope for rollback
48
55. Automating Deployment: What
• Application code
• minimal downtime or time in an inconsistent state
• easy rollback
• additional setup steps (upload files, etc) also automated
• Database
• apply database patches
• include rollback patches
• Config changes
• useful for large or complex sites
• config deploys separately, can update quickly and easily
49
56. Code Deployment
• Get a clean copy of code
• Place in new directory on server
• Perform any other preparation tasks
• Change symlink in web directory to point to new version
• Tools: shell script or ant/phing
50
57. Config Deployment
• Exactly like code deployment
• Application needs to be designed with this in mind
• Default to live config
• Environment variables set in vhost
51
61. Continuous Integration
The glue that holds everything together!
• Source control commit triggers:
• Static analysis tools
• Automated tests
• Document generation
• CI system centralises:
• Deployment (to various platforms)
• Other tasks, cron jobs
• Centralised dashboard and reporting
55
64. The Main Ingredients for LAMP
Preparation time: some years
Ingredients:
• Source control
• Development platforms
• Task tracking
• Automated testing
• Static analysis
• Automated deployment
• Continuous integration
58