This document provides an overview of writing documentation for APIs and SDKs. It discusses typical users and producers of APIs/SDKs, ideal information to include in SDK and API documentation, common documentation deliverables, programming concepts to cover, and help authoring tools. The document also outlines benefits and drawbacks to technical writers in this specialty, ways to break into the market including education and training options, and resources for API/SDK documentation writers.
API Documentation Workshop tcworld India 2015Tom Johnson
This is a workshop I gave on API documentation at tcworld India 2015. The workshop covers 3 main areas:
- General overview of API documentation
- Deep dive into REST API documentation
- Deep dive into Javadoc documentation
PiterPy #3 talk (Video: https://youtu.be/bCwSyyygSmM). Some points on RAML, general overview and takeaways based on a real project.
Presented with Dmitry Nazarov https://ru.linkedin.com/in/aspectmkn8rd/en (Part 2, as mentioned in contents)
Developers write documentation. Technical authors write manuals. But in a perfect world, your users read software self-help guides. Consumers expect documentation to reflect the sophistication of the software they are using, and will abandon an application if they cannot easily find the answer to their problems. If we really want world domination of free and open source software, we need to have the self-help guides worthy of our code. In "Self Help Guides for World Domination" we'll take a look at the strategies and tools needed for really awesome documentation.
Imagine a world where documentation actually helped you to find an answer, or solved one of your problems. If that sounds like a pipe dream, it's because you've had to struggle with too much crap documentation. Technical writing can be fun and accessible, but more importantly, it can be truly useful. By analysing how people use software, and where they stumble, we can drastically improve the experience our users have with our software documentation. Creating relevant documentation needs a little more than just a scraping of code comments though--and this talk will show you how it should be done.
Open source tools for writing documentation are very sophisticated, but generally our mastery of them quite simply sucks. Whether they are using DocBook, Mallard or DITA, many projects have opted for very powerful markup languages for their documentation, but often use only a fraction of what the tools can do. Other projects have opted to go with Web-based content management systems and have failed to create a cohesive self-help experience for users. You will learn how to effectively use these common tools for creating and maintaining collaborative documentation. Real examples will be pulled from open source projects.
If you've been wanting to help make the user experience better for your project, this talk is a must-see.
What is Programming Paradigm
Types of Programming Paradigm
What is web programming
How does it work
What are web programming languages
Module of Web Programming
HTML
CSS
JAVASCRIPT
PHP
ASP .NET
RUBY ON RAILS
JAVA
PYTHON
The Cordova framework
Recurrent app architecture
Cordova CLI
Debugging Cordova applications
My development environment
Cordova APIs
This presentation has been developed in the context of the Mobile Applications Development course, DISIM, University of L'Aquila (Italy), Spring 2014.
http://www.ivanomalavolta.com
In this chapter we review the basic rules and recommendations for writing quality program code. We pay attention to naming the identifiers in the program (variables, methods, parameters, classes, etc.), formatting and code organization rules, good practices for composing methods, and principles for writing quality documentation.
Programming language is the most important part of the computer science world. so if want to make your carrier in the world of computer science you must have to learn programming languages.
By this slide m providing you some guidelines about top programming languages that are mostly used these time.
the advantages and disadvantages of that programming languages
and the applications of it.
if you want learn programming language then visit the no. 1 website for programming language.
website- https://programmingshark.com/
Erik Champion, Curtin University PISA 9 SEPTEMBER 2014
heritage visualisation and serious game design
• major concepts and issues in the field
• learning from game design
• problems that arise when entertainment, heritage,
history and education collide
API Documentation Workshop tcworld India 2015Tom Johnson
This is a workshop I gave on API documentation at tcworld India 2015. The workshop covers 3 main areas:
- General overview of API documentation
- Deep dive into REST API documentation
- Deep dive into Javadoc documentation
PiterPy #3 talk (Video: https://youtu.be/bCwSyyygSmM). Some points on RAML, general overview and takeaways based on a real project.
Presented with Dmitry Nazarov https://ru.linkedin.com/in/aspectmkn8rd/en (Part 2, as mentioned in contents)
Developers write documentation. Technical authors write manuals. But in a perfect world, your users read software self-help guides. Consumers expect documentation to reflect the sophistication of the software they are using, and will abandon an application if they cannot easily find the answer to their problems. If we really want world domination of free and open source software, we need to have the self-help guides worthy of our code. In "Self Help Guides for World Domination" we'll take a look at the strategies and tools needed for really awesome documentation.
Imagine a world where documentation actually helped you to find an answer, or solved one of your problems. If that sounds like a pipe dream, it's because you've had to struggle with too much crap documentation. Technical writing can be fun and accessible, but more importantly, it can be truly useful. By analysing how people use software, and where they stumble, we can drastically improve the experience our users have with our software documentation. Creating relevant documentation needs a little more than just a scraping of code comments though--and this talk will show you how it should be done.
Open source tools for writing documentation are very sophisticated, but generally our mastery of them quite simply sucks. Whether they are using DocBook, Mallard or DITA, many projects have opted for very powerful markup languages for their documentation, but often use only a fraction of what the tools can do. Other projects have opted to go with Web-based content management systems and have failed to create a cohesive self-help experience for users. You will learn how to effectively use these common tools for creating and maintaining collaborative documentation. Real examples will be pulled from open source projects.
If you've been wanting to help make the user experience better for your project, this talk is a must-see.
What is Programming Paradigm
Types of Programming Paradigm
What is web programming
How does it work
What are web programming languages
Module of Web Programming
HTML
CSS
JAVASCRIPT
PHP
ASP .NET
RUBY ON RAILS
JAVA
PYTHON
The Cordova framework
Recurrent app architecture
Cordova CLI
Debugging Cordova applications
My development environment
Cordova APIs
This presentation has been developed in the context of the Mobile Applications Development course, DISIM, University of L'Aquila (Italy), Spring 2014.
http://www.ivanomalavolta.com
In this chapter we review the basic rules and recommendations for writing quality program code. We pay attention to naming the identifiers in the program (variables, methods, parameters, classes, etc.), formatting and code organization rules, good practices for composing methods, and principles for writing quality documentation.
Programming language is the most important part of the computer science world. so if want to make your carrier in the world of computer science you must have to learn programming languages.
By this slide m providing you some guidelines about top programming languages that are mostly used these time.
the advantages and disadvantages of that programming languages
and the applications of it.
if you want learn programming language then visit the no. 1 website for programming language.
website- https://programmingshark.com/
Erik Champion, Curtin University PISA 9 SEPTEMBER 2014
heritage visualisation and serious game design
• major concepts and issues in the field
• learning from game design
• problems that arise when entertainment, heritage,
history and education collide
Object-oriented design is not just for software engineers. Anyone involved in a product development lifecycle can benefit from learning object-oriented design. We can use this skill to understand engineering designs, software development kits (SDKs), and application programming interfaces (APIs). As a content engineer and content strategist, I’ve used this skill to design content models and structures, content reuse strategies, content processes, and publishing models. I believe that object-oriented design will play a key role in aligning the various engineering disciplines and help us deliver new smart products as their parts become smarter and smarter.
50 Digital Marketing Metrics for CMOs, CDOs, CIOs and CFOsVala Afshar
These 50 metrics are must haves for any CMOs, CDOs, CIOs and CFOs. They help to illustrate why marketing is important and how marketing will help your organization.
Here are the slides from my tutorial on Scripting Recipes for Testers. In it I share a number of reusable scripts and some tips I learned writing them to help testers do their job better.
The scripts themselves can be found on my site (http://adam.goucher.ca) under the category 'GLSEC2008'
Once you’ve convinced an employer that you know how to write, can play well with others, and are curious about technology, you need to demonstrate your mastery of the authoring tools they require on the job. But which authoring tools should you master? Jeff Haas, past president of STC Atlanta, discusses the tools that are currently in demand and the ones that are likely to be in demand in the very near future.
This is a presentation I did for the Cedar Rapids .NET User Group (CRineta.org). I also presented it at work (Fiserv Insurance Solutions - now StoneRiver) for fellow developers.
Program, Language, & Programming Language
Object Oriented Programming vs Procedure Oriented Programming
About C
Why still Learn C?
Basic Terms
C Stuff
C Syntax
C Program
Social media guru and technical communication expert Scott Abel, The Content Wrangler, explores how content technologies, content standards, social networks, location awareness, user-generated content, mobile communication, augmented reality, information visualization, and advanced communication techniques can help technical communicators better serve their customers, identify failure points, and spot opportunities for growth.
Move Over Text: Video Documentation Meets DITAScott Abel
Technical communicators have been recombining small chunks of text to create multiple deliverables for years. But, as consumer expectations shift away from text-only content and toward video training and documentation, shouldn\'t we be creating and delivering multiple video deliverables? And, if video documentation is the wave of the future, can we use our existing content standards to make it happen? The answer is "Yes!" Attend this presentation to learn how one organization is creating and repurposing small video segments to create multiple video documentation sets using the Darwin Information Typing Architecture (DITA).
Twitter Who Cares What You\'re Doing Right Now, AnywayScott Abel
Twitter. It\'s everywhere. Newscasters mention it. Political analysts point to its influence. Marketers use it to get messages out. Journalists and bloggers use it for research. Regular folks use it to keep up with their friends, family, and co-workers. And, people of all types use it for entertainment, research, and education. But, Twitter is more than all of these things combined. It\'s a revolution in content publishing and its changing forever -- or at least for now -- how we communicate what\'s important to us to those who want to know.
Intelligent content. It sounds so futuristic, and yet, it\'s not. This session will showcase examples of intelligent content found both on the world wide web and in private and government organizations today. Discover several innovative and useful examples that leverage the power of content to provide improved service, lower transaction costs, and reduce effort.
Presented in Palm Springs, CA at Intelligent Content 2009: http://www.intelligentcontent2009.com
The Changing Face of TechComm and the Society for Technical CommunicationScott Abel
The technical communication landscape is changing rapidly. New tools,
techniques, expectations and opportunities are making it necessary to
expand the definition of what a technical communicator does and the
Society for Technical Communication is at the forefront of
communicating these changes to government and industry. Susan Burton,
Executive Director of the Society of Technical Communication (STC)
will discuss efforts to broaden the definition used by the U.S.
government Bureau of Labor Statistics to describe technical
communicators and the work they do. She
The Truth about Content: Learning from the Past in order to Succeed in the Fu...Scott Abel
This presentation will throw a spotlight onto the single most common,
and most serious, reason why Content Management projects fail. In a
nutshell, too many projects become so focused on the technology they
want to deploy that they forget about what matters most - the content
and the people who use it. Real-life case studies will be used to
illustrate this problem. The optimism of the audience will be rebuilt
by introducing a proven solution to this issue with this being a call
to move the focus of CM project towards Content Oriented Architectures.
The most common mistake found in content management projects is rather
surprising. The reason most CM projects falter is that the project
team, and frequently its stakeholders, become unduly enamored with
some piece of technology and assume, or hope, that one or two
applications will erase all of the challenges surrounding the
creation, management, reuse and delivery of content. When a particular
collection of applications fail to deliver on the expectations, the
usual response is to insert even more applications. With each new
application that is introduced, a number of connectors and patches are
also added so that one tool can work with the others that are already
in place. This continues until, with seeming inevitability, these
projects crumble under the weight of growing system complexity. These
projects fail, in short, because, in becoming fixated on technology,
they essentially forget about their content.
This presentation will use a number of project cases studies, some
older and some exceedingly current, to illustrate the downward path
that most CM projects follow. While this might sound ominous, this
journey will actually arrive at a hopeful conclusion. If CM projects
place content at the center of their solution designs, adopting in
effect a Content Oriented Architecture (COA), it becomes possible for
projects to use technology, even exploit it, in ways that emphasize
helping authors, publishers and content users. Under this model, the
quality and usefulness of the content assets becomes the overriding
focus and where automation is introduced it is to either further
improve the quality of the content or to reduce the cost and effort
needed to achieve the desired results. Examples of successful projects
will be used to prove that Content Oriented Architectures are not
really new and that they do deliver results that endure over time.
Content Oriented Architectures: Putting Content at the Center of CM ProjectsScott Abel
Presented by Joe Gollner at Documentation and Training East, October
The most common mistake found in content management projects is rather
surprising. The reason most CM projects falter is that the project
team, and frequently its stakeholders, become unduly enamored with
some piece of technology and assume, or hope, that one or two
applications will erase all of the challenges surrounding the
creation, management, reuse and delivery of content. When a particular
collection of applications fail to deliver on the expectations, the
usual response is to insert even more applications. With each new
application that is introduced, a number of connectors and patches are
also added so that one tool can work with the others that are already
in place. This continues until, with seeming inevitability, these
projects crumble under the weight of growing system complexity. These
projects fail, in short, because, in becoming fixated on technology,
they essentially forget about their content.
This presentation will use a number of project cases studies, some
older and some exceedingly current, to illustrate the downward path
that most CM projects follow. While this might sound ominous, this
journey will actually arrive at a hopeful conclusion. If CM projects
place content at the center of their solution designs, adopting in
effect a Content Oriented Architecture (COA), it becomes possible for
projects to use technology, even exploit it, in ways that emphasize
helping authors, publishers and content users. Under this model, the
quality and usefulness of the content assets becomes the overriding
focus and where automation is introduced it is to either further
improve the quality of the content or to reduce the cost and effort
needed to achieve the desired results. Examples of successful projects
will be used to prove that Content Oriented Architectures are not
really new and that they do deliver results that endure over time.
Modular Content Projects: One Size DOES NOT Fit AllScott Abel
Presented by Steve Manning at Documentation and Training East, October
29-November 1 in Burlington, MA.
Modular Content Projects: One Size DOES NOT Fit All
Making the move to modular content involves more than repeatedly
chanting
Navigating the Vendor Maze: Understanding XML Authoring Tools and Content Man...Scott Abel
Presented by Steve Manning at Documentation and Training East, October
29-November 1, 2008 in Burlington, MA.
It can be tough to work through the volumes of software vendor
marketing and know exactly what products offer. What are the product
strengths? What are the weaknesses? They say the tools
Presented by Andrew Bredenkamp at Documentation and Training East,
October 29-November 1, 2008.
Do you have Standards for Information Quality? Do you monitor,
measure, and track conformance to your Information Quality Standards?
Are your Information Quality metrics collected consistently and
objectively? Are your Information Quality metrics collected
automatically on every information product that you deliver? Are your
Information Quality metrics presented in a meaningful, actionable
manner? Can you conclusively demonstrate Information Quality
improvements? Can you tie cost and time-to-market reductions directly
to Information Quality improvements?
If you answered yes to all of these questions, you are applying well-
known Quality Management principles to your Information development,
localization, and production processes. And you know that in addition
to quality improvements, you have generated substantial cost and time
savings. You also know that your company is among the elite minority
that knows their own IQ, and continually improves it.
The rest of you likely answered no to most of the questions, either
because you thought it was too hard, or too expensive, or too time
consuming. Or not possible at all
[Case Study] - Nuclear Power, DITA and FrameMaker: The How's and Why'sScott Abel
Presented by Thomas Aldous at Documentation and Training East 2008,
October 29-November 1 in Burlington, MA.
This session is for anyone that is interested in learning how to
manage a transition to Specialized DITA including Content Management
Systems, Editors and Publishing Server issues and resolutions. As a
added bonus, we will also convert an Word Document To Specialized DITA
and edit the content is FrameMaker 8. There will be a question and
answer period at the end of the session for both technical and project
management issues.
We Eat Our Own Dog Food: Three Companies in the World of Localization Technol...Scott Abel
Presented by Richard Sikes at Documentation and Training East 2008 in
Burlington, MA - October 29-November 1, 2008.
Translation and Localization are intrinsically pragmatic endeavours.
They also require a good deal of human effort that can be aided by
technology. Numerous companies have developed solutions to help
themselves, then realized that they were onto a good thing, so they
have productized their proprietary solutions for more generalized
usage. Well-known localization expert Richard Sikes will paint the
background and evolution of three such stories, featuring products for
visual software localization, translation workflow, and translation
business management, and showing how they are used today.
PASSOLO is a leading software technology for visual software
localization. Used worldwide to create software products in many
languages, PASSOLO is itself available in several languages. Pass
Engineering, a wholly owned subsidiary of SDL International, has
automated PASSOLO so as to use itself recursively to build alternate
language versions.
At Nero, the manufacturer of popular media creation software that is
available in many languages, the localization management team sought,
and failed to find, a workflow system to connect Nero
Sustainable XML for Publishing Applications: DITA Makes It PossibleScott Abel
Presented by Eliot Kimber at Documentation and Training East 2008,
October 29-November 1, 2008 in Burlington, MA.
XML applications for publishers have largely failed to realize the
full potential inherent in the technology. While larger publishers
could make the investment necessary to realize significant return on
the use of XML technology, smaller enterprises simply could not, for a
number of reasons, but fundamentally because the startup costs and
ongoing costs of ownership were simply too high. The DITA standard
fundamentally changes the equation, bringing several unique features
that, together, serve to lower both the startup cost and ongoing
costs, making the use of XML for publishers much more affordable than
it ever has before. At the same time, advances in supporting
technologies important to Publishers, such as improved support for XML
in Adobe Creative Suite and Microsoft Office, powerful new XML search
and retrieval systems such as MarkLogic, and a new generation of lower-
cost XML editors, as serve to make the use of XML for Publishing
applications more attractive than it ever has been before.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
APIs and SDKs: Breaking Into and Succeeding in a Specialty Market
1. APIs and SDKs: Breaking Into and
Succeeding in a Specialty Market
Ed Marshall
Copyright 2008
2. APIs and SDKs
API = Application Programming Interface
SDK = Software Development Kit
• Typical users and why they use them
• Typical producers of these products
• Examples
3. Typical Documentation Deliverables
• Programmer’s reference guides
• Online help (in some format, more later)
• Programmer’s guides
• Data dictionaries
• API and SDK installation manuals
• System administrator's guides
• User configuration guides
4. Ideal Information for SDKs
• Provide an overview of the SDK
• Describe the tools and components in the SDK
and how they relate to the APIs
• Describe each tool in detail
• Describe any sample programs included in the
SDK
5. Ideal Information for APIs
• Break each component into the various
families
• Describe each API completely, including cross-
references to any types used in the definition
• Provide and explain examples that show both
trivial and complex use of the class / API
6. Reference Information for APIs
• Brief description
• Syntax
• Examples, examples, examples!
• Error messages
• Cross-references
7. Examples of API / SDK Documentation
• Visual Basic ActiveX Control Help Sample –
print and online help
• C++ API Help Sample – print and online help
• Typical SDK documentation – Guide to Tools,
Programmer’s Reference, Programmer’s
Guide, etc.
8. Key Programming Concepts
• Data types / variables
• Program control – loops, conditions, etc.
• Logical operators
• Data structures such as arrays
• Functions / methods
9. Benefits to the Writer
• Do more advanced technical writing = Higher
pay / higher status
• Good if you like to play with software at the
code level, create / test examples, talk / write
in gibberish
• Work more closely with developers
10. Drawbacks to the Writer
• Possibly restrictive / repetitive writing
• Possibly less contact with users as they are
developers / programmers themselves
• Possibly, more technically challenging
development / build environments
11. Knowledge / Personality Traits that
Work Well
• Some knowledge of programming languages
BUT you don’t have to be a programmer!
• Willingness to work with advanced /
programmer types of tools – Use software
instead of specs
• Desire to work at the code level and write for
developers who work at the code level
12. Knowledge / Personality Traits, cont.
• Willingness / confidence to work closely with
senior developers
• Ability to develop context-sensitive level help at
a lower-level than typical end-user (window-
level) help
13. Ways to Get Information
• Read the specifications
• Use the software
• Attend demos
• Run automated tools against the software
• Provide fill-in-the-blank templates to
developers
14. Build and Deployment Issues
• Use of automated build systems
• Use of source code control systems
• Other tools to do file comparisons, advanced
text editors, multi-file search and replace, etc.
15. Determining Which Help Format to Use
• Platforms
• Browsers
• Minimum versions required by your product
16. Common Help Formats
• WinHelp – Not in Vista but…
• HTMLHelp 1.x
• HTMLHelp 2.0 (used with Microsoft
VisualStudio.NET)
• WebHelp / Web Help
• JavaHelp
• Vista help – Not available to us in Vista
17. Context-sensitive Help
• Need to determine if it is necessary
• Need developers to implement / hook to the
API
• Have to use the appropriate API for the help
format
• Mapping of context IDs to numbers / text
strings
• Need to test all links from the product
19. Automated Tools
• Doxygen
• JavaDoc
• Sandcastle – New tool for .Net help (MSDN
style). Doc-to-Help supports Sandcastle help.
• Others
20. Doxygen
• Very powerful code generation tool
• Free
• Reads specially formatted comments in code
• Supports C / C++, Java, (Corba and Microsoft) Java,
Python, IDL, and C#
• Outputs RTF, compiled HTML Help, browser-based
help, and LaTex (PDF)
• Active development / support
• www.stack.nl/~dimitri/doxygen/download.html#latests
rc – current version is 1.5.5
21. JavaDoc
• Powerful code generation tool for Java
• Free
• Reads specially formatted comments in code
• Outputs browser-based help
• Active development
• www.sun.com – current version: Java Development
Kit 5.0 Update 15
• www.doclet.com – source for Java Doclets and
Javadoc information
22. Help Authoring Tools (HATs)
• Flare – www.madcapsoftware.com
• RoboHelp – www.adobe.com
• Help & Manual - www.ec-software.com/
• WebWorks ePublisherPro – www.quadralay.com
• Doc-to-Help – www.componentone.com
• AuthorIT – www.authorit.com
For a searchable database of HATs, see hat-
matrix.com/ - Char James-Tanny’s service
23. Microsoft IDEs
• Visual Studio 2008 Visual C++
• Visual C #
• Visual Basic
All free from
http://www.microsoft.com/express/download/
24. Other IDEs
• Sun NetBeans – www.sun.com (Free - search
for NetBeans)
• Eclipse – www.eclipse.org (a free open source
IDE)
25. Advanced Text Editors
NoteTabPro and EditPadPro:
• Both tools have: Spell-checking. Big plus if you work in a mixed OS
environment: Neither tool inserts Windows-style line feed
characters in Unix files.
• NoteTabPro has an auto-complete option for html tags and other
languages. Has a free version with reduced functionality.
www.notetab.com $19.95, Lots of other tools here.
• EditPadPro has color-coding for custom html tags
www.jgsoft.com $39.
Free full-featured (except for Spell Check) evaluation download available.
JG Soft has other tools such as a PowerGrep tool, Registry editor, and
others.
26. File / Folder Level Comparison
(Differencing Tools)
• Beyond Compare – Performs folder and file level comparisons, ASCII and
binary. Can detect that ASCII or binary files are different but can only show
the differences in ASCII files, not binary files. Highlights the specific
characters different between 2 ASCII files. Has a 30-day full-featured free
trial.
www.scootersoftware.com/
Retail price: $30
• Araxis Merge - Performs folder and file level comparisons, ASCII and
binary. Has a 30-day free trial.
www.araxis.com/merge/index.html
Retail price: $129
27. Search and Replace Tool
Funduc – Searches & replaces both folders and
zip files. Will search & replace ASCII and
binary files. Will search binary files but cannot
replace by itself. Has plug-ins for Word, Excel,
and PowerPoint.
www.funduc.com $25
Many other tools here also.
28. Sample APIs
• Google APIs –
code.google.com/more/#label=APIs&product=
gdata
• Google Earth API – earth.google.com/comapi/
• Google Maps API –
code.google.com/apis/maps/
• BackPack – www.backpackit.com/
29. Breaking into this Market
• Get training to develop the skills:
- Courses
- Self-paced training
- On-the-job training
• Make your own sample help systems, with
context-sensitive help coded
• Write some sample programs
30. Education / Training Opportunities
• Programming courses at local colleges
• STC conferences / workshops
31. Self-Paced Training
• Manuel Gordon’s API materials
(www.gordonandgordon.com)
• Documenting APIs: Writing Developer
Documentation for Java APIs / SDKs – James Bisso
/ Victoria Maki (www.bitzone.com/book.html)
• Deitel & Deitel “(C / C++ / C# / Java) How to
Program”
• Sams “Teach Yourself…”
• Sample projects, such as the HTML Help API
32. Other Resources
• MSDN – msdn.microsoft.com
• RoboWizard Web site – www.robowizard.com
• Flare forums – www.madcapsoftware.com
• RoboHelp / Flare Web site – www.grainge.org/
33. Listservers (Yahoo Groups)
• STC API – groups.yahoo.com/group/svcstcapi/
• API writers –
groups.yahoo.com/group/APIWriters/
• NetTechWriters –
groups.yahoo.com/group/nettechwriters/
• HATT – groups.yahoo.com/group/HATT/
35. Web Services – A Growing Area
• Web Service - An application that provides a
Web API to perform application integration
• Platform / language independent
• Related to service oriented architectures
(SOAs)
• Uses SOAP (Simple Object Access Protocol)
to send / receive XML messages
36. Web Services / SOA resources
• Web Services A Manager’s Guide – Anne Thomas
Mannes
• Service Oriented Architecture for Dummies –
Judith Hurwitz, Robin Bloor, and Carol Baroudi
37. Summary
• Description of APIs / SDKs
• Benefits to writers
• Drawbacks to writers
• Training
• Writing considerations (tools, formats, issues
for context-sensitive help)