The document discusses various topics related to software development security including programming concepts, compilers and interpreters, procedural vs object-oriented programming, application development methods like waterfall vs agile, database security concepts, and assessing software vulnerabilities. It provides an overview of machine code, source code, and assembly language. It also describes compilers and interpreters, top-down vs bottom-up programming, open source vs proprietary software, and the software development lifecycle (SDLC) process.
Threat Modeling as a structured activity for identifying and managing the objects (such as application) threats.
Threat Modeling – also called Architectural Risk Analysis is an essential step in the development of your application.
Without it, your protection is a shot in the dark
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
Cybersecurity careers are complex and many roles can be found in banks, retailers and government organizations. This PPT will guide you through multiple career paths in cybersecurity. Below are the topics covered in this tutorial:
1. Where to Start?
2. Career Paths in Cybersecurity
3. Cybersecurity Job Salaries
4. Skills for Cybersecurity Careers
5. Tools & Technologies
6. Cybersecurity Careers & Estimated Annual
7. Related Occupations you should know about
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Threat Modeling as a structured activity for identifying and managing the objects (such as application) threats.
Threat Modeling – also called Architectural Risk Analysis is an essential step in the development of your application.
Without it, your protection is a shot in the dark
Cybersecurity Career Paths | Skills Required in Cybersecurity Career | Learn ...Edureka!
** CyberSecurity Certification Training: https://www.edureka.co/cybersecurity-certification-training **
Cybersecurity careers are complex and many roles can be found in banks, retailers and government organizations. This PPT will guide you through multiple career paths in cybersecurity. Below are the topics covered in this tutorial:
1. Where to Start?
2. Career Paths in Cybersecurity
3. Cybersecurity Job Salaries
4. Skills for Cybersecurity Careers
5. Tools & Technologies
6. Cybersecurity Careers & Estimated Annual
7. Related Occupations you should know about
Cybersecurity Training Playlist: https://bit.ly/2NqcTQV
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
Cyber Security is one of the major challenges facing organisations within all industries. This presentation will examine the integration of an Enterprise Architecture approach with an Enterprise Security Architecture approach (TOGAF and SABSA) and propose a generic framework.
Download this presentation at http://opengroup.co.za/presentations
Secure code review is probably the most effective technique to identify security bugs early in the system development lifecycle.
When used together with automated and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. This presentation explain how can we start secure code review effectively.
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
OWASP Top 10 2021 – Overview and What's New.
OWASP Top 10 is the most successful OWASP Project
It shows ten most critical web application security flaws.
Read the presentation and you will learn each OWASP Top 10 category and recommendations on how to prevent it.
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
Risk Analysis Of Banking Malware AttacksMarco Morana
Analysis of How Banking Malware Like Zeus Exploit Weakenesses In On-Line Banking Applications and Security Controls. This prezo is a walkthrough the attack scenarion, the attack vectors, the vulnerability exploits and the techniques to model the threats so that countermeasures can be identified
Application Security Architecture and Threat ModellingPriyanka Aash
95% of attacks are against “Web Servers and Web Applications”
Security Architecture and SDLC
3 Tier – Web App Architecture
Would you trust the code?
Traditional SDLC
Secure SDLC
SAST vs. DAST
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Enterprise Security Architecture for Cyber SecurityThe Open Group SA
Cyber Security is one of the major challenges facing organisations within all industries. This presentation will examine the integration of an Enterprise Architecture approach with an Enterprise Security Architecture approach (TOGAF and SABSA) and propose a generic framework.
Download this presentation at http://opengroup.co.za/presentations
Secure code review is probably the most effective technique to identify security bugs early in the system development lifecycle.
When used together with automated and manual penetration testing, code review can significantly increase the cost effectiveness of an application security verification effort. This presentation explain how can we start secure code review effectively.
Application Security - Your Success Depends on itWSO2
Traditional information security mainly revolves around network and operating system (OS) level protection. Regardless of the level of security guarding those aspects, the system can be penetrated and the entire deployment can be brought down if your application's security isn't taken into serious consideration. Information security should ideally start at the application level, before network and OS level security is ensured. To achieve this, security needs to be integrated into the application at the software development phase.
In this session, Dulanja will discuss the following:
The importance of application security - why network and OS security is insufficient.
Challenges in securing your application.
Making security part of the development lifecycle.
OWASP Top 10 2021 – Overview and What's New.
OWASP Top 10 is the most successful OWASP Project
It shows ten most critical web application security flaws.
Read the presentation and you will learn each OWASP Top 10 category and recommendations on how to prevent it.
You've seen the headlines. You're beginning to understand the importance of cybersecurity. Where do you begin? It's important to understand the common methods of attack and ways you can begin to protect your organization today. For more information on our cybersecurity education please visit FPOV.com/edu.
Zero Trust, Zero Trust Network, or Zero Trust Architecture refer to security concepts and threat model that no longer assumes that actors, systems or services operating from within the security perimeter should be automatically trusted, and instead must verify anything and everything trying to connect to its systems before granting access.
Risk Analysis Of Banking Malware AttacksMarco Morana
Analysis of How Banking Malware Like Zeus Exploit Weakenesses In On-Line Banking Applications and Security Controls. This prezo is a walkthrough the attack scenarion, the attack vectors, the vulnerability exploits and the techniques to model the threats so that countermeasures can be identified
Application Security Architecture and Threat ModellingPriyanka Aash
95% of attacks are against “Web Servers and Web Applications”
Security Architecture and SDLC
3 Tier – Web App Architecture
Would you trust the code?
Traditional SDLC
Secure SDLC
SAST vs. DAST
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Introduction to Risk Management via the NIST Cyber Security FrameworkPECB
The cyber security profession has successfully established explicit guidance for practitioners to implement effective cyber security programs via the NIST Cyber Security Framework (CSF). The CSF provides both a roadmap and a measuring stick for effective cyber security. Application of the CSF within cyber is nothing new, but the resurgence of Enterprise Security Risk Management and Security Convergence highlight opportunities for expanded application for cyber, physical, and personnel security risks. This NIST CSF can help practitioners build a cross-pollenated understanding of holistic risk.
Main points covered:
• Understand the purpose, value, and application of the NIST CSF in familiar non-technical terms.
• Understand how the Functions and Categories of the NIST CSF (the CSF “Core”) and an organization's “current” and “target” profiles are relevant and valuable in a variety of sectors and environments.
• Understand how an organization’s physical and cyber security resources and stakeholders can align with the NIST CSF as a tool to achieve holistic security risk management.
Presenters:
David Feeney, CPP, PMP has 17 years of security industry experience assisting organizations with risk management matters specific to physical, personnel, and cyber security. He has 9 years of experience with service providers and 8 years of experience within enterprise security organizations. David has worked with industry leaders in the energy, technology, healthcare, and real estate sectors. Areas of specialization include Security Operations Center design and management, Security Systems design and implementation, and Enterprise Risk Management. David holds leadership positions in ASIS International and is also a member of the InfraGard FBI program. David holds Certification Protection Professional (CPP) and Project Management Professional (PMP) certifications.
Andrea LeStarge, MS has over ten years of experience in program management, risk analysis and curriculum development. Being specialized in Homeland Security, Andrea leverages her experience in formerly managing projects to support various Federal Government entities in identifying, detecting and responding to man-made, natural and cyber incidents. She has an established track record in recognizing security gaps and corrective risk mitigation options, while effectively communicating findings to stakeholders, private sector owners and operators, and first-responder personnel within tactical, operational and strategic levels. Overall, Andrea encompasses analytical tradecraft and demonstrates consistent, repeatable and defensible methodologies pertaining to risk and the elements of threat, vulnerability and consequence.
Recorded webinar: https://youtu.be/hxpuYtMQgf0
This presentation will provide an overview of what a penetration test is, why companies pay for them, and what role they play in most IT security programs. It will also include a brief overview of the common skill sets and tools used by today’s security professionals. Finally, it will offer some basic advice for getting started in penetration testing. This should be interesting to aspiring pentesters trying to gain a better understanding of how penetration testing fits into the larger IT security world.
Additional resources can be found in the blog below:
https://www.netspi.com/blog/entryid/140/resources-for-aspiring-penetration-testers
More security blogs by the authors can be found @
https://www.netspi.com/blog/
Abstract:
A apresentação centra-se na temática de ter forma de controlar, versionar e actualizar toda a parte de Base de Dados de um projecto. Estamos a falar, desde a produção de modelos ER, a versionamento de scripts, passando pelo deploy dos mesmos e terminado na documentação. A apresentação conta ainda com uma breve demonstração do uso da ferramenta Flyway para versionar e controlar a execução de scripts nos diversos ambientes de um projecto.
Sobre o Nuno Alves:
Chamo-me Nuno Alves nascido em Coimbra, Portugal e vivi maioritariamente em Leiria. Licenciado em Engenharia Informática na ESTG-IPLeiria (Escola Superior de Tecnologia e Gestão) onde o gosto por dados e bases de dados se começou a desenvolver. Daí, profissionalmente a minha área de actuação ser em torno de bases de dados e infra-estruturas. Tenho cerca de 10 anos de experiência repartidos pelas áreas Financeira, Seguros, Governo, Militar em tecnologias que vão desde Oracle, PostgreSQL, MSSQLServer a DB2.
Security regarding NoSQL Databases Still remain a question.Not much research done these databases,this paper concentrates on some of the major NoSQL databases and their flaws
Introduction to CQRS - command and query responsibility segregationAndrew Siemer
A high level introduction to CQRS (command and query responsibility segregation), CQS (command query separation), DDD (domain driven design), DDD-D ...with distributed, and how all those weave together.
Reuven Lerner's first talk from Open Ruby Day, at Hi-Tech College in Herzliya, Israel, on June 27th 2010. An overview of what makes Rails a powerful framework for Web development -- what attracted Reuven to it, what are the components that most speak to him, and why others should consider Rails for their Web applications.
Introducing NoSQL and MongoDB to complement Relational Databases (AMIS SIG 14...Lucas Jellema
This presentation gives an brief overview of the history of relational databases, ACID and SQL and presents some of the key strentgths and potential weaknesses. It introduces the rise of NoSQL - why it arose, what is entails, when to use it. The presentation focuses on MongoDB as prime example of NoSQL document store and it shows how to interact with MongoDB from JavaScript (NodeJS) and Java.
Composable Software Architecture with SpringSam Brannen
What does the architecture of a modern enterprise Java application look like? What have we as a community learned from our past? What does it mean to design a composable architecture? And how can Spring help developers meet the needs of enterprise applications in 2013 and beyond?
In this keynote presentation at Java Breeze, core Spring Framework committer Sam Brannen invites the audience to explore what it means to design, develop, and test modern enterprise Java applications following a composable software architecture model. Along the way, Sam will show how the Spring ecosystem and programming model fit into the larger picture of modern enterprise Java applications.
An Open Source Workbench for Prototyping Multimodal Interactions Based on Off...Jean Vanderdonckt
In this paper we present an extensible software workbench for supporting the effective and dynamic prototyping of multimodal interactive systems. We hypothesize the construction of such applications to be based on the assembly of several components, namely various and sometimes interchangeable modalities at the input, fusion-fission components, and also several modalities at the output. Successful realization of advanced interactions can benefit from early prototyping and the iterative implementation of design requires the easy integration, combination, replacement, or upgrade of components. We have designed and implemented a thin integration platform able to manage these key elements, and thus provide the research community a tool to bridge the gap of the current support for multimodal applications implementation. The platform is included within a workbench offering visual editors, non-intrusive tools, components and techniques to assemble various modalities provided in different implementation technologies, while keeping a high level of performance of the integrated system.
June 3, 2024 Anti-Semitism Letter Sent to MIT President Kornbluth and MIT Cor...Levi Shapiro
Letter from the Congress of the United States regarding Anti-Semitism sent June 3rd to MIT President Sally Kornbluth, MIT Corp Chair, Mark Gorenberg
Dear Dr. Kornbluth and Mr. Gorenberg,
The US House of Representatives is deeply concerned by ongoing and pervasive acts of antisemitic
harassment and intimidation at the Massachusetts Institute of Technology (MIT). Failing to act decisively to ensure a safe learning environment for all students would be a grave dereliction of your responsibilities as President of MIT and Chair of the MIT Corporation.
This Congress will not stand idly by and allow an environment hostile to Jewish students to persist. The House believes that your institution is in violation of Title VI of the Civil Rights Act, and the inability or
unwillingness to rectify this violation through action requires accountability.
Postsecondary education is a unique opportunity for students to learn and have their ideas and beliefs challenged. However, universities receiving hundreds of millions of federal funds annually have denied
students that opportunity and have been hijacked to become venues for the promotion of terrorism, antisemitic harassment and intimidation, unlawful encampments, and in some cases, assaults and riots.
The House of Representatives will not countenance the use of federal funds to indoctrinate students into hateful, antisemitic, anti-American supporters of terrorism. Investigations into campus antisemitism by the Committee on Education and the Workforce and the Committee on Ways and Means have been expanded into a Congress-wide probe across all relevant jurisdictions to address this national crisis. The undersigned Committees will conduct oversight into the use of federal funds at MIT and its learning environment under authorities granted to each Committee.
• The Committee on Education and the Workforce has been investigating your institution since December 7, 2023. The Committee has broad jurisdiction over postsecondary education, including its compliance with Title VI of the Civil Rights Act, campus safety concerns over disruptions to the learning environment, and the awarding of federal student aid under the Higher Education Act.
• The Committee on Oversight and Accountability is investigating the sources of funding and other support flowing to groups espousing pro-Hamas propaganda and engaged in antisemitic harassment and intimidation of students. The Committee on Oversight and Accountability is the principal oversight committee of the US House of Representatives and has broad authority to investigate “any matter” at “any time” under House Rule X.
• The Committee on Ways and Means has been investigating several universities since November 15, 2023, when the Committee held a hearing entitled From Ivory Towers to Dark Corners: Investigating the Nexus Between Antisemitism, Tax-Exempt Universities, and Terror Financing. The Committee followed the hearing with letters to those institutions on January 10, 202
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Embracing GenAI - A Strategic ImperativePeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
A Strategic Approach: GenAI in EducationPeter Windle
Artificial Intelligence (AI) technologies such as Generative AI, Image Generators and Large Language Models have had a dramatic impact on teaching, learning and assessment over the past 18 months. The most immediate threat AI posed was to Academic Integrity with Higher Education Institutes (HEIs) focusing their efforts on combating the use of GenAI in assessment. Guidelines were developed for staff and students, policies put in place too. Innovative educators have forged paths in the use of Generative AI for teaching, learning and assessments leading to pockets of transformation springing up across HEIs, often with little or no top-down guidance, support or direction.
This Gasta posits a strategic approach to integrating AI into HEIs to prepare staff, students and the curriculum for an evolving world and workplace. We will highlight the advantages of working with these technologies beyond the realm of teaching, learning and assessment by considering prompt engineering skills, industry impact, curriculum changes, and the need for staff upskilling. In contrast, not engaging strategically with Generative AI poses risks, including falling behind peers, missed opportunities and failing to ensure our graduates remain employable. The rapid evolution of AI technologies necessitates a proactive and strategic approach if we are to remain relevant.
The Roman Empire A Historical Colossus.pdfkaushalkr1407
The Roman Empire, a vast and enduring power, stands as one of history's most remarkable civilizations, leaving an indelible imprint on the world. It emerged from the Roman Republic, transitioning into an imperial powerhouse under the leadership of Augustus Caesar in 27 BCE. This transformation marked the beginning of an era defined by unprecedented territorial expansion, architectural marvels, and profound cultural influence.
The empire's roots lie in the city of Rome, founded, according to legend, by Romulus in 753 BCE. Over centuries, Rome evolved from a small settlement to a formidable republic, characterized by a complex political system with elected officials and checks on power. However, internal strife, class conflicts, and military ambitions paved the way for the end of the Republic. Julius Caesar’s dictatorship and subsequent assassination in 44 BCE created a power vacuum, leading to a civil war. Octavian, later Augustus, emerged victorious, heralding the Roman Empire’s birth.
Under Augustus, the empire experienced the Pax Romana, a 200-year period of relative peace and stability. Augustus reformed the military, established efficient administrative systems, and initiated grand construction projects. The empire's borders expanded, encompassing territories from Britain to Egypt and from Spain to the Euphrates. Roman legions, renowned for their discipline and engineering prowess, secured and maintained these vast territories, building roads, fortifications, and cities that facilitated control and integration.
The Roman Empire’s society was hierarchical, with a rigid class system. At the top were the patricians, wealthy elites who held significant political power. Below them were the plebeians, free citizens with limited political influence, and the vast numbers of slaves who formed the backbone of the economy. The family unit was central, governed by the paterfamilias, the male head who held absolute authority.
Culturally, the Romans were eclectic, absorbing and adapting elements from the civilizations they encountered, particularly the Greeks. Roman art, literature, and philosophy reflected this synthesis, creating a rich cultural tapestry. Latin, the Roman language, became the lingua franca of the Western world, influencing numerous modern languages.
Roman architecture and engineering achievements were monumental. They perfected the arch, vault, and dome, constructing enduring structures like the Colosseum, Pantheon, and aqueducts. These engineering marvels not only showcased Roman ingenuity but also served practical purposes, from public entertainment to water supply.
Operation “Blue Star” is the only event in the history of Independent India where the state went into war with its own people. Even after about 40 years it is not clear if it was culmination of states anger over people of the region, a political game of power or start of dictatorial chapter in the democratic setup.
The people of Punjab felt alienated from main stream due to denial of their just demands during a long democratic struggle since independence. As it happen all over the word, it led to militant struggle with great loss of lives of military, police and civilian personnel. Killing of Indira Gandhi and massacre of innocent Sikhs in Delhi and other India cities was also associated with this movement.
Acetabularia Information For Class 9 .docxvaibhavrinwa19
Acetabularia acetabulum is a single-celled green alga that in its vegetative state is morphologically differentiated into a basal rhizoid and an axially elongated stalk, which bears whorls of branching hairs. The single diploid nucleus resides in the rhizoid.
Introduction to AI for Nonprofits with Tapp NetworkTechSoup
Dive into the world of AI! Experts Jon Hill and Tareq Monaur will guide you through AI's role in enhancing nonprofit websites and basic marketing strategies, making it easy to understand and apply.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
2024.06.01 Introducing a competency framework for languag learning materials ...Sandy Millin
http://sandymillin.wordpress.com/iateflwebinar2024
Published classroom materials form the basis of syllabuses, drive teacher professional development, and have a potentially huge influence on learners, teachers and education systems. All teachers also create their own materials, whether a few sentences on a blackboard, a highly-structured fully-realised online course, or anything in between. Despite this, the knowledge and skills needed to create effective language learning materials are rarely part of teacher training, and are mostly learnt by trial and error.
Knowledge and skills frameworks, generally called competency frameworks, for ELT teachers, trainers and managers have existed for a few years now. However, until I created one for my MA dissertation, there wasn’t one drawing together what we need to know and do to be able to effectively produce language learning materials.
This webinar will introduce you to my framework, highlighting the key competencies I identified from my research. It will also show how anybody involved in language teaching (any language, not just English!), teacher training, managing schools or developing language learning materials can benefit from using the framework.
3. Machine Code, Source Code, and
Assembly Language
• Machine code
• Binary language built into CPU
• Source code
• Human-readable language like C
• Assembly Language
• Low-level commands one step above
machine language
• Commands like ADD, SUB, PUSH
4. Compilers, Interpreters, and Bytecode
• Compilers translate source code into
machine code
• Interpreters translate each line of code
into machine code on the fly while the
program runs
• Bytecode is an intermediary form
between source code and machine code,
ready to be executed in a Java Virtual
Machine
5. Procedural and Object-Oriented
Languages
• Procedural languages use subroutines,
procedures and functions
• Ex: C, FORTRAN
• Object-oriented languages define
abstract objects
• Have attributes and methods
• Can inherit properties from parent
objects
• Ex: C++, Ruby, Python
8. Computer-Aided Software Engineering
(CASE)
• Programs assist in creation and
maintenance of other programs
• Three types
• Tools: support one task
• Workbenches: Integrate several tools
• Environments: Support entire process
• 4GL, object-oriented languages, and
GUIs are used as components of CASE
9. Top-Down vs. Bottom-Up Programming
• Top-Down
• Starts with high-level requirements
• Common with procedural languages
• Bottom-Up
• Starts with low-level technical
implementation details
• Common with object-oriented
languages
10. Types of Publicly Released Software
• Closed Source
• Source code is confidential
• Open Source
• Free Software
• May cost $0, or be open to modify
• Freeware: costs $0
• Shareware: free trial period
• Crippleware: limited free version
11. Software Licensing
• Public domain (free to use)
• Proprietary software is copyrighted, and
sometimes patented
• EULA (End User License Agreement)
• Open-source licenses
• GNU Public License (GPL)
• Berkeley Software Distribution (BSD)
• Apache
17. Scrum
• Stop running the relay race
• Doing only one step and handing off
the project
• Take up rugby
• A team goes the distance as a unit
18. Extreme Programming (XP)
• Pairs of programmers work off a detailed
specification
• Constant communication with fellow
programmers and customers
19. Spiral
• Many rounds
• Each round is a project; may use
waterfall model
• Risk analysis performed for each round
20.
21. Rapid Application Development (RAD)
• Goal: quickly meet business needs
• Uses prototypes, "dummy" GUIs, and
back-end databases
22. Prototyping
• Breaks projects into smaller tasks
• Create multiple mockups (prototypes)
• Customer sees realistic-looking results
long before the final product is
completed
23. SDLC
• Systems Development Life Cycle
• or Software Development Life Cycle
• Security included in every phase
• NIST Special Publication 800-14
24. SDLC Phases
• Initiation
• Development / Acquisition
• Implementation
• Operation
• Disposal
• Security plan should be first step
25. SDLC Overview
• Prepare security plan
• Initiation: define need and purpose
• Sensitivity Assessment
• Development / Acquisition
• Determine security requirements and
incorporate them into specifications
• Implementation
• Install controls, security testing,
accreditation
26. SDLC Overview
• Operation / Maintenance
• Security operations and administration:
backups, training, key management,
etc.
• Audits and monitoring
• Disposal
• Archiving
• Media sanitization
27. Integrated Product Teams
• A customer-focused group that focuses
on the entire lifecycle of a project
• More agile than traditional hierarchical
teams
28. Software Escrow
• Third party archives source code of
proprietary software
• Source code is revealed if the product is
orphaned
29. Code Repository Security
• Like GitHub
• Contents must be protected
• Developers shouldn't publish code that
contains secrets
30. Security of Application Programming
Interfaces (APIs)
• API allows apps to use a service, like
Facebook
• API exploits abuse the API to
compromise security
32. Software Change and Configuration
Management
• Ensures that changes occur in an orderly
fashion, and don't harm security
• NIST SP 80-128 describes a
Configuration Management Plan (CMP)
• Configuration Control Board (CCB)
• Configuration Item Identification
• Configuration Change Control
• Configuration Monitoring
33. DevOps
• Old system had strict separation of
duties between developers, quality
assurance, and production
• DevOps is more agile, with everyone
working together in the entire service
lifecycle
36. Database
• Structured collection of data
• Databases allow
• Queries (searches)
• Insertions
• Deletions
• Database Management Systems (DBMS)
• Controls all access to the database
• Enforces database security
37. Database Concepts
• Database Administrator (DBA)
• Query language
• Ex: Structured Query Language (SQL)
• Inference attack
• Enumerating low-privilege data to find
missing items, which must be
high-privilege
• Aggregation attack
• Combining many low-privilege records to
deduce high-privilege data
38. Types of Databases
• Relational
• Hierarchical
• Object-oriented
• Flat file
• Simple text file
40. Relational Database Terms
• Tables have rows (records or tuples) and
columns (fields or attributes)
• Primary Key field is guaranteed to be
unique, like a SSN
• Foreign key is a field in another table that
matched the primary key
• Join connects two tables by a matching
field
41. Integrity
• Referential Integrity
• Foreign keys match primary keys
• Semantic Integrity
• Field values match data type (no letters
in numerical fields)
• Entity Integrity
• Each tuple has a non-null primary key
44. Database Views
• Contained user interface
• Shows only some data and options
• Like a PoS (Point of Sale) device
45. Data Dictionary
• Describes the tables
• This is metadata -- data about data
• Database schema
• Describes the attributes and values of
the tables
46.
47. Query Languages
• Two subsets of commands
• Data Definition Language (DDL)
• Data Manipulation Language (DML)
• Structured Query Language (SQL) is the
most common query language
• Many types
• MySQL, ANSI SQL (used by Microsoft),
PL/SQL (Procedural Language/SQL,
used by Oracle), and more
50. Object-Oriented Databases
• Combines data and functions in an
object-oriented framework
• Uses Object Oriented Programming
(OOP)
• and Object Database Management
System (OBMS)
51. Database Integrity
• Mitigate unauthorized data modification
• Two users may attempt to change the
same record simultaneously
• The DBMS attempts to commit an update
• If the commit is unsuccessful, the DBMS
can rollback and restore from a save
point
• Database journal logs all transactions
52. Database Replication and Shadowing
• Highly Available (HA) databases
• Multiple servers
• Multiple copies of tables
• Database replication
• Mirrors a live database
• Original and copy are in use, serving
clients
• Shadow database
• Live backup, not used
53. Data Warehousing and Data Mining
• Data Warehouse
• A large collection of data
• Terabytes (1000 GB)
• Petabytes (1000 TB)
• Data Mining
• Searching for patterns
• Ex: finding credit card fraud
55. Object-Oriented Programming (OOP)
• A program is a series of connected
objects that communicate via messages
• Ex: Java, C++, Smalltalk, Ruby
• Objects contain data and methods
• Objects provide data hiding
• Internal structure not visible from the
outside
• Also called encapsulation
60. Object Request Brokers (ORBs)
• Middleware
• Connect programs to other programs
• Object search engines
• Common ORBs
• COM, DCOM, CORBA
61. COM and DCOM
• Component Object Model
• Distributed Component Object Model
• From Microsoft
• Allows objects written in different OOP
languages to communicate
• Assemble a program by connecting
components together like puzzle pieces
• Includes ActiveX objects and Object
Linking and Embedding (OLE)
• COM and DCOM are being supplanted by
Microsoft.NET
62. CORBA
• Common Object Request Broker
Architecture
• Open vendor-neutral framework
• Competes with Microsoft's proprietary
DCOM
• Objects communicate via Interface
Definition Language (IDL)
63. Object-Oriented Analysis (OOA) &
Object-Oriented Design (OOD)
• Object-Oriented Analysis (OOA)
• Analyzes a problem domain
• Identifies all objects and interactions
• Object-Oriented Design (OOD)
• Then develops the solution
69. Buffer Overflow
• Program reserves space for a variable
• Ex: name[20]
• User submits data that's too long to fit
• Data written beyond the reserved space
and corrupts memory
• Can lead to Remote Code Execution
70. TOCTOU / Race Conditions
• Time of Check/Time of Use (TOCTOU)
attacks (also called Race Conditions)
• A brief time of vulnerability
• Attacker needs to "win the race"
71. Cross-Site Scripting (XSS)
• Insert Javascript into a page
• For example, a comment box
• The code executes on another user's
machine
• BeEF (Browser Exploitation Framework)
• Allows an attacker to control targets'
browsers
72. Cross-Site Request Forgery (CSRF)
• Trick a user into executing an unintended
action
• With a malicious URL
• Or by using a stolen cookie
73. Privilege Escalation
• Vertical escalation
• Attacker increases privilege level
• To "Administrator", "root", or
"SYSTEM"
• Horizontal escalation
• To another user's account
74. Backdoor
• Shortcut into a system, bypassing
security checks like username/password
• May be through exploiting a vulnerability
• Or a backdoor account left in the system
by its developer
75. Disclosure
• Actions taken by a security researcher
after finding a software vulnerability
• Full Disclosure
• Release all details publicly
• Responsible Disclosure
• Tell vendor privately
• Give them time to patch it
76. Software Capability Maturity Model
(CMM)
• From Carnegie Mellon
• A methodical framework for creating
quality software
77. Five Levels of CMM
1. Initial - ad-hoc & chaotic
• Depends on individual effort
2. Repeatable - basic project management
3. Defined
• Documented standardized process
4. Managed
• Controlled, measured process & quality
5. Optimizing
• Continual process improvement
78. Acceptance Testing
• ISTQB (International Software Testing
Qualifications Board) has 4 levels
• User acceptance test
• Operational acceptance test
• Contract acceptance testing
• Compliance acceptance testing
79. Security Impact of Acquired Software
• Commercial Off-the-Shelf (COTS)
Software
• Compare vendor claims with third-party
research
• Consider vendors going out of
business, and support
• Custom-Developed Third Party Products
• Service Level Agreements (SLA) are
vital
81. Expert Systems
• Two components
• Knowledge Base
• If/then statements
• Contain rules that the expert system
uses to make decisions
• Inference Engine
• Follows the tree formed by the
knowledge base