Anay Nayak
Organization: ThoughtWorks
Topic: Fluent interfaces in testing
Presented in vodQA - THE TESTING SPIRIT! on Oct 7, 2010 in ThoughtWorks, Pune
OWASP Top 10 at International PHP Conference 2014 in BerlinTobias Zander
With the latest XSS and CSRF attacks on Twitter, PayPal and Facebook, security is still obviously a very difficult thing to get right.
Every 3 years, the open web application security project (OWASP) releases a new Top 10 vulnerabilities, this talk will walk you through 2013s list.
I'll present you the possible attack scenarios and how you can protect against them.
In addition we'll look at more security issues which are not part of the Top 10, but that you should definitely keep in mind.
Mike Creuzer's presentation from the December, 2009 Suburban Chicago PHP & Web Dev Meetup. The topic is SQL injection in PHP and common PHP content management systems.
Visit Mike's blog at http://mike.creuzer.com/
Presented at #PHPLX 11 September 2013
The 2013 edition of OWASP (Open Web Application Security Project) top 10 has just been released and unfortunately Injections (not only SQL injection) is still the most common security problem. In this talk we will review the top 10 list of security problems looking at possible attack scenarios and ways to protect against them mostly from a PHP programmer perspective.
OWASP Top 10 at International PHP Conference 2014 in BerlinTobias Zander
With the latest XSS and CSRF attacks on Twitter, PayPal and Facebook, security is still obviously a very difficult thing to get right.
Every 3 years, the open web application security project (OWASP) releases a new Top 10 vulnerabilities, this talk will walk you through 2013s list.
I'll present you the possible attack scenarios and how you can protect against them.
In addition we'll look at more security issues which are not part of the Top 10, but that you should definitely keep in mind.
Mike Creuzer's presentation from the December, 2009 Suburban Chicago PHP & Web Dev Meetup. The topic is SQL injection in PHP and common PHP content management systems.
Visit Mike's blog at http://mike.creuzer.com/
Presented at #PHPLX 11 September 2013
The 2013 edition of OWASP (Open Web Application Security Project) top 10 has just been released and unfortunately Injections (not only SQL injection) is still the most common security problem. In this talk we will review the top 10 list of security problems looking at possible attack scenarios and ways to protect against them mostly from a PHP programmer perspective.
Concise and elegant automated tests?
Pain free ( almost ) web UI test stack?
More time for drinking coffee/playing Cuphead/starring into the void* ?
Jump in, we’ll talk Lombok, Vavr, Owner, why you should use ready solutions and how to make tests more concise and readable. Vaper and/or hoverboard required.
Outline
- What Is Selenium
- Why Automates Web Browser
- Automation with Selenium IDE
- Automation with WebDriver
- Page Factory
- Page Object Pattern
- Automation with FluentAutomation
- Selenium Grid
- Selenium Tests in Continuous Integration
- The Reality
- Q & A
Code sample can be downloaded at http://goo.gl/KtyF6r
Neues aus dem Tindergarten: Auswertung "privater" APIs mit Apache IgniteQAware GmbH
MRMCD 2018, Darmstadt: Vortrag von Franz Wimmer (@zalintyre, Softwareingenieur bei QAware)
===
Dieser Talk wurde aufgezeichnet. Hier geht's zum Video: https://media.ccc.de/v/2018-151-neues-aus-dem-tindergarten-auswertung-privater-apis-mit-apache-ignite
===
Abstract:
Was ist eigentlich der meistverwendete Emoji auf Tinder? Und welcher der beliebteste #hashtag? Dieser Vortrag zeigt nicht nur witzige Auswertungen von "offenen" APIs mit dem In-Memory-Computing-Framework Apache Ignite, sondern wirft auch einen kritischen Blick auf das massenhafte Sammeln und "Bereitstellen" von privaten Daten.
Details:
Es gibt hunderte beliebte Apps, in denen Nutzer freiwillig private Daten teilen. "Teilen" bedeutet auch, dass andere diese Daten einsehen können. Nur eingeschränkt und häppchenweise, versteht sich. Ein Beispiel für eine solche App ist Tinder, mit der Nutzer Fotos, Profile und Interessen der Welt preisgeben.
Doch die Apps müssen mit einem Server kommunizieren - und dieser Server hat dazu meist eine API, die man auch mit alternativen Clients, z.B. von GitHub, ansprechen kann.
Baut man für diesen Client einen Crawler, kann man schnell die verfügbaren Profile herunterladen. Und füttert man anschließend die heruntergeladenen Daten in eine Auswertung, lassen sich Statistiken und andere Informationen gewinnen.
Auf der anderen Seite bieten die APIs die Gelegenheit für massive Verletzungen der Privatsphäre und von Grundrechten.
Dieser Talk behandelt mehrere Aspekte von privaten, aber offenen APIs im Internet:
- Welche lustigen und interessanten Dinge kann man mit so einer API tun?
- Welche nicht lustigen und gefährlichen Dinge könnte man anstellen?
Außerdem geht dieser Talk auf die technische Seite der API-Auswertung ein:
- Das reverse Engineering einer API
- Die Authentifizierung an der API
- Das Sammeln, Speichern und Auswerten der Daten mit dem In-Memory-Computing-Framework Apache Ignite
Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...Alex Soto
Do you know that Java EE is not heavy anymore? Do you know that in Java EE with two simple annotations you can create a REST endpoint that it is secured, transaction-aware and with concurrent control? And even more important, the era of heavy application servers is over. Apache TomEE has fixed this.
Come to this session to learn how you can develop a micro service and deploy it with only 5 minutes.
In this talk we will make a tour through the most important changes and new features in the language and its standard library, such as enums, single-dispatch generic functions, Tulip, yield from, raise from None, contextlib... And yes, we will talk about Python 3.
GitHub repository with the code of the examples: https://github.com/pablito56/coolest_is_yet_to_come
Many companies continue to manaully create and manage their cloud infrastructure via web consoles. Documenting these procedures is challenging, especially since the interfaces are always evolving. Reviewing the changes is also difficult, and it often involves having a coworker watching over your shoulder. Rolling back a bad change requires deleting your current work and attemtping to manually re-create the old infrastructure from memory. Scaling or deploying the infrastructure to new environments also often involves manually re-creating it.
Hashicorp's Terraform allows for the management of infrastructure as code. While a growing number of groups have started to utilize this tool, most are only just beginning to scratch the surface of its potential. Yes, Terraform can be used to create and manage resources in AWS and other cloud providers. However, thanks to an ever growing number of providers, it can manage resources in many other popular cloud services. At Yelp, we use Terraform to manage our AWS resources, DNS records in NS1, CDN configuration in Fastly and Cloudflare, and our charts and dashboards in SignalFx.
This setup provides us with the ability to maintain our infrastructure as code in a version control system that can be put through standard code review flows. If we discover an issue, we can revert to an older, working commit and restore our infrastructure to that point in time. Documentation can include code snippets that can be easily copied/pasted in an error free manner. Finally, resources managed by one Terraform provider can benefit from and utilize information from resources managed by another provider. This means that launching a new AWS EC2 instance can automatically update the necessary DNS records in NS1, and then create a dashboard filled with customized charts designed to monitor the instance.
About ART:A hybrid framework named as ART (Automation Reusable Test) is used for end-to-end automation as ART framework supports automation of web, windows, and AS/400 applications. ART framework uses automation tool owned by HP i.e. Quick Test Professional (QTP) for execution of automated keyword-driven test scripts.Key Achievements: Efforts involved in test cases/scripts integration has reduced.
Concise and elegant automated tests?
Pain free ( almost ) web UI test stack?
More time for drinking coffee/playing Cuphead/starring into the void* ?
Jump in, we’ll talk Lombok, Vavr, Owner, why you should use ready solutions and how to make tests more concise and readable. Vaper and/or hoverboard required.
Outline
- What Is Selenium
- Why Automates Web Browser
- Automation with Selenium IDE
- Automation with WebDriver
- Page Factory
- Page Object Pattern
- Automation with FluentAutomation
- Selenium Grid
- Selenium Tests in Continuous Integration
- The Reality
- Q & A
Code sample can be downloaded at http://goo.gl/KtyF6r
Neues aus dem Tindergarten: Auswertung "privater" APIs mit Apache IgniteQAware GmbH
MRMCD 2018, Darmstadt: Vortrag von Franz Wimmer (@zalintyre, Softwareingenieur bei QAware)
===
Dieser Talk wurde aufgezeichnet. Hier geht's zum Video: https://media.ccc.de/v/2018-151-neues-aus-dem-tindergarten-auswertung-privater-apis-mit-apache-ignite
===
Abstract:
Was ist eigentlich der meistverwendete Emoji auf Tinder? Und welcher der beliebteste #hashtag? Dieser Vortrag zeigt nicht nur witzige Auswertungen von "offenen" APIs mit dem In-Memory-Computing-Framework Apache Ignite, sondern wirft auch einen kritischen Blick auf das massenhafte Sammeln und "Bereitstellen" von privaten Daten.
Details:
Es gibt hunderte beliebte Apps, in denen Nutzer freiwillig private Daten teilen. "Teilen" bedeutet auch, dass andere diese Daten einsehen können. Nur eingeschränkt und häppchenweise, versteht sich. Ein Beispiel für eine solche App ist Tinder, mit der Nutzer Fotos, Profile und Interessen der Welt preisgeben.
Doch die Apps müssen mit einem Server kommunizieren - und dieser Server hat dazu meist eine API, die man auch mit alternativen Clients, z.B. von GitHub, ansprechen kann.
Baut man für diesen Client einen Crawler, kann man schnell die verfügbaren Profile herunterladen. Und füttert man anschließend die heruntergeladenen Daten in eine Auswertung, lassen sich Statistiken und andere Informationen gewinnen.
Auf der anderen Seite bieten die APIs die Gelegenheit für massive Verletzungen der Privatsphäre und von Grundrechten.
Dieser Talk behandelt mehrere Aspekte von privaten, aber offenen APIs im Internet:
- Welche lustigen und interessanten Dinge kann man mit so einer API tun?
- Welche nicht lustigen und gefährlichen Dinge könnte man anstellen?
Außerdem geht dieser Talk auf die technische Seite der API-Auswertung ein:
- Das reverse Engineering einer API
- Die Authentifizierung an der API
- Das Sammeln, Speichern und Auswerten der Daten mit dem In-Memory-Computing-Framework Apache Ignite
Develop and Deploy your JavaEE micro service in less than 5 minutes with Apac...Alex Soto
Do you know that Java EE is not heavy anymore? Do you know that in Java EE with two simple annotations you can create a REST endpoint that it is secured, transaction-aware and with concurrent control? And even more important, the era of heavy application servers is over. Apache TomEE has fixed this.
Come to this session to learn how you can develop a micro service and deploy it with only 5 minutes.
In this talk we will make a tour through the most important changes and new features in the language and its standard library, such as enums, single-dispatch generic functions, Tulip, yield from, raise from None, contextlib... And yes, we will talk about Python 3.
GitHub repository with the code of the examples: https://github.com/pablito56/coolest_is_yet_to_come
Many companies continue to manaully create and manage their cloud infrastructure via web consoles. Documenting these procedures is challenging, especially since the interfaces are always evolving. Reviewing the changes is also difficult, and it often involves having a coworker watching over your shoulder. Rolling back a bad change requires deleting your current work and attemtping to manually re-create the old infrastructure from memory. Scaling or deploying the infrastructure to new environments also often involves manually re-creating it.
Hashicorp's Terraform allows for the management of infrastructure as code. While a growing number of groups have started to utilize this tool, most are only just beginning to scratch the surface of its potential. Yes, Terraform can be used to create and manage resources in AWS and other cloud providers. However, thanks to an ever growing number of providers, it can manage resources in many other popular cloud services. At Yelp, we use Terraform to manage our AWS resources, DNS records in NS1, CDN configuration in Fastly and Cloudflare, and our charts and dashboards in SignalFx.
This setup provides us with the ability to maintain our infrastructure as code in a version control system that can be put through standard code review flows. If we discover an issue, we can revert to an older, working commit and restore our infrastructure to that point in time. Documentation can include code snippets that can be easily copied/pasted in an error free manner. Finally, resources managed by one Terraform provider can benefit from and utilize information from resources managed by another provider. This means that launching a new AWS EC2 instance can automatically update the necessary DNS records in NS1, and then create a dashboard filled with customized charts designed to monitor the instance.
About ART:A hybrid framework named as ART (Automation Reusable Test) is used for end-to-end automation as ART framework supports automation of web, windows, and AS/400 applications. ART framework uses automation tool owned by HP i.e. Quick Test Professional (QTP) for execution of automated keyword-driven test scripts.Key Achievements: Efforts involved in test cases/scripts integration has reduced.
LinkedIn for Lawyers is a step-by-step guide for lawyers. Ja-Nae walks through how to optimize your profile for search engine optimize, best practices for engagement, as well as creating a strategy to implement.
In "vodQA - Testing and Beyond" held in March 2012 in ThoughtWorks Pune, Anand Bagmar spoke about - "What is Behavior Driven Testing (BDT)? How does it differ from Behavior Driven Development? What tools support this kind of testing? The value proposition BDT offers."
As a follow-up to that introduction to BDT, we conducted a Behavior Driven Testing (BDT) workshop in the ThoughtWorks Pune office. This workshop was the first in a series of vodQA Geek Nights.
For more information about the workshop, visit https://www.facebook.com/groups/vodqa/
Get Started With Selenium 3 and Selenium 3 GridDaniel Herken
In this talk you will learn how to:
- Setup Selenium 3 execution in Chrome, Firefox, IE and Edge
- Create and run a Selenium test
- Run tests against a Selenium Grid
More webinars can be found here:
http://www.browseemall.com/Resources/Webinars
Selenide - популярная библиотека для написания лаконичных и стабильных UI-тестов на Java. Многие используют её для тестирования веб-приложения, но не все знают, что её также можно использовать и для мобилок.
Рассказ о том, как использовать Selenide для тестирования веба и мобилок и даже переиспользовать код между ними.
Introduction to SQLAlchemy and Alembic MigrationsJason Myers
In this talk, we'll examine how to use SQLAlchemy ORM and Core in both simple queries and query builder type applications. Next, we'll explore Alembic database migrations and how we can use them to handle database changes.
UA testing with Selenium and PHPUnit - PHPBenelux Summer BBQMichelangelo van Dam
Nothing is as frustrated as deploying a new release of your web application to find out functionality you had doesn't work anymore. Of course you have all your unit tests in place and you run them through your CI environment, but nothing prepared you to a failing javascript error or a link that doesn't work anymore. Welcome to User Acceptance testing or UAT. Before you start putting real people in front of your application, create macros and export them as PHPUnit test classes. Then run them in an automated way just like your unit tests and hook them into your CI. In this talk I will show you how easy it is to create Selenium macros that can be converted into PHPUnit scripts and run automatically on different virtual machines (VM's) so you can test all different browsers on a diversity of operating systems.
Building up your application's UI interface is certainly a challenge by itself, but writing automated web UI tests is an even bigger one! And after you are done, your project comes across more questions:
* Validate the order confirmation PDF?
> Yes of course!
* Test the rich-client implementation as well?
> Would be fantastic!
* Where to run the test?
> For sure inside of a container!
* Rewrite all of our tests?
> Are you kidding me? We want to reuse them!
* Scale your test executors?
> What's about Kubernetes!?
If you already have a bunch of Selenium tests in your project, you won't throw them all away if some new test requirements, like the ones mentioned above, come up. Therefore we have developed a solution, which will keep your Selenium tests as they are, but with the possibility to test even more. PDF validation or controlling a Flash Player will be as easy as the validation of an HTML button. While we are at it, why not testing a whole rich-client app with the same test setup? With "Sakuli Se" as a Selenium extension, you will be able to do this and execute all tests inside of a preconfigured UI testing container. Afterwards you can scale your test environment with Kubernetes/OpenShift and let them do the work. The talk will answer all the above-mentioned questions and demonstrate the different use cases in a live coding session.
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Matt Raible
During this presentation, you'll learn how to implement authentication in your Java web applications using Java EE 7 Security, Spring Security and Apache Shiro. This session will also touch on best practices for securing a REST API and using SSL.
Java Web Application Security with Java EE, Spring Security and Apache Shiro ...Matt Raible
This presentation shows you how to implement authentication in your Java web applications using Java EE 7 Security, Spring Security and Apache Shiro. It also touches on best practices for securing a REST API and using SSL.
Почти каждая Test Automation команда прикладывает много усилий и времени, чтобы построить и отполировать свой Framework. Никто не нуждается в Framework в первую очередь. Вместо этого нужны быстрые, надежные и простые тесты, которые работают и обеспечивают качество для текущего процесса разработки. На это митапе @Nikita Simonovets расскажет, как можно построить хорошую автоматизацию и на какие готовые решения и подходы стоит обратить внимание.
Agenda:
• Whois Test Automation Engineer?
• What is really WebDriver?
• What is really Test Automation Framework?
• Bad examples of Test Automation Solution
• How to write more stable tests
• Stairway to heaven: Selenide vs JDI
Multi Client Development with Spring - Josh Long jaxconf
No application is an island and this is more obvious today than ever as applications extend their reach into people's pockets, desktops, tablets, TVs, blueray players and cars. What's a modern developer to do to support these many platforms? In this talk, join Josh Long to learn how Spring can extend your reach through (sometimes Spring Security OAuth-secured) RESTful services exposed through Spring MVC, HTML5 and client specific rendering thanks to Spring Mobile, and powerful, native support for Android with Spring Android.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/