The document discusses DNSSEC and efforts to secure the Domain Name System (DNS). It describes common DNS security threats like cache poisoning, where an attacker provides false data to a caching name server by guessing query IDs. The Kaminsky attack exploited a flaw that made it possible to guess IDs and poison caches without prior knowledge of the target domain's cache contents. DNSSEC aims to prevent such attacks by digitally signing DNS data to verify its integrity and authenticity.
The document discusses challenges related to software operation knowledge (SOK) integration. It describes how SOK data can be collected from various sources and used to improve software processes. However, challenges exist around visualizing and analyzing large amounts of technical and usage data, aligning business and technical metrics, handling big and real-time data, and addressing errors at different levels of software. The document advocates for continuous refinement of SOK integration objectives and requirements to optimize results.
This document discusses software engineering and improving how people build software systems. It mentions requirements, testing, and deployment as key parts of the software engineering process. The rest of the document focuses on end-user programming with spreadsheets, noting that spreadsheets are widely used in business and often form the basis for important decisions, but they can contain errors if they lack documentation or are used by multiple people over many years. The document describes research interviewing spreadsheet users to understand frustrations and likes, then developing tools to help users understand and diagnose spreadsheets based on feedback from real users in practice.
The top 10 security issues in web applicationsDevnology
The top 10 security issues in web applications are:
1. Injection flaws such as SQL, OS, and LDAP injection.
2. Cross-site scripting (XSS) vulnerabilities that allow attackers to execute scripts in a victim's browser.
3. Broken authentication and session management, such as not logging users out properly or exposing session IDs.
4. Insecure direct object references where users can directly access files without authorization checks.
5. Cross-site request forgery (CSRF) that tricks a user into performing actions they did not intend.
6. Security misconfiguration of web or application servers.
7. Insecure cryptographic storage of passwords or sensitive data.
8
The document discusses smartcards and RFID tags, explaining that they provide more secure authentication than passwords but are still vulnerable to hacking through logical attacks targeting flaws in cryptographic algorithms, key management, or security protocols, or through physical attacks manipulating the hardware. It also provides examples of attacks that have broken proprietary crypto systems in smartcards and weaknesses like default keys that have enabled attacks on key management.
The document discusses DNSSEC and efforts to secure the Domain Name System (DNS). It describes common DNS security threats like cache poisoning, where an attacker provides false data to a caching name server by guessing query IDs. The Kaminsky attack exploited a flaw that made it possible to guess IDs and poison caches without prior knowledge of the target domain's cache contents. DNSSEC aims to prevent such attacks by digitally signing DNS data to verify its integrity and authenticity.
The document discusses challenges related to software operation knowledge (SOK) integration. It describes how SOK data can be collected from various sources and used to improve software processes. However, challenges exist around visualizing and analyzing large amounts of technical and usage data, aligning business and technical metrics, handling big and real-time data, and addressing errors at different levels of software. The document advocates for continuous refinement of SOK integration objectives and requirements to optimize results.
This document discusses software engineering and improving how people build software systems. It mentions requirements, testing, and deployment as key parts of the software engineering process. The rest of the document focuses on end-user programming with spreadsheets, noting that spreadsheets are widely used in business and often form the basis for important decisions, but they can contain errors if they lack documentation or are used by multiple people over many years. The document describes research interviewing spreadsheet users to understand frustrations and likes, then developing tools to help users understand and diagnose spreadsheets based on feedback from real users in practice.
The top 10 security issues in web applicationsDevnology
The top 10 security issues in web applications are:
1. Injection flaws such as SQL, OS, and LDAP injection.
2. Cross-site scripting (XSS) vulnerabilities that allow attackers to execute scripts in a victim's browser.
3. Broken authentication and session management, such as not logging users out properly or exposing session IDs.
4. Insecure direct object references where users can directly access files without authorization checks.
5. Cross-site request forgery (CSRF) that tricks a user into performing actions they did not intend.
6. Security misconfiguration of web or application servers.
7. Insecure cryptographic storage of passwords or sensitive data.
8
The document discusses smartcards and RFID tags, explaining that they provide more secure authentication than passwords but are still vulnerable to hacking through logical attacks targeting flaws in cryptographic algorithms, key management, or security protocols, or through physical attacks manipulating the hardware. It also provides examples of attacks that have broken proprietary crypto systems in smartcards and weaknesses like default keys that have enabled attacks on key management.
(1) The document provides instructions for installing the CounterClockwise plugin for Eclipse to get an IDE for Clojure development. (2) It describes how to create and load Clojure files and launch a REPL for evaluation. (3) The document includes exercises on Clojure basics like functions, macros, and functional programming techniques as well as examples for implementing macros.
Presentation introducing LISP, looking at the history and concepts behind this powerfull programming language.
Presentation by Tijs van der Storm for the sept 2012 Devnology meetup at the Mirabeau offices in Amsterdam
Devnology Back to School: Empirical Evidence on Modeling in Software DevelopmentDevnology
Modeling is a common part of modern day software engineering practice. Little scientific evidence is known about how models are made and how they help in producing better software. In this talk Michel Chaudron presents highlights from a decade of research that he has performed in the area of software modeling using UML. Topics that will be addressed: What is the state of UML modeling in practice? What are effective techniques for assessing the quality of UML models? How do engineers look at UML models? Do UML models actually help in creating better software?
Devnology Back to School IV - Agility en ArchitectuurDevnology
The document discusses whether agility and architecture can coexist. It notes there is tension between adaptation (agile) and anticipation (architecture). However, the conflict depends on context, including the semantics of architecture, scope, life cycle stage, role, documentation needs, and methods used. Not all design requires architecture. With the right context, agility and architecture can be balanced.
Devnology Back to School III : Software impactDevnology
Michiel van Genuchten talk on software impact, based on a series of columns in IEEE Software discussing the impact on software and analysis of size and volume of software.
Introduction to Software Evolution: The Software VolcanoDevnology
The document discusses software evolution and maintenance. It notes that as software ages, more resources are spent on maintenance and enhancements rather than new projects. The "software volcano" refers to the estimated 750 gigalines of COBOL code and 900 gigalines of C code worldwide, containing an estimated 35 gigabugs. Issues with software maintenance include increasing complexity over time, lack of testing and documentation, and difficulty adapting to changing business needs. Solutions include refactoring, automated testing, knowledge management, and adopting frameworks like ITIL.
GenPro is a genetic programming framework that allows programs to be represented as grids of "cells", where each cell contains a method call. It uses genetic algorithms such as crossover and mutation to evolve programs. The document discusses GenPro's program representations, how solutions are evaluated and bred, challenges in the framework, and ideas for future extensions such as loop support and stateful objects.
Spoofax: ontwikkeling van domeinspecifieke talen in EclipseDevnology
The Spoofax Language Workbench provides tools for defining domain-specific languages (DSLs) with specialized syntax, semantics, and editor services. It offers declarative syntax definition with SDF, model transformations, static analysis for error checking, and semantic services for editors like content completion and error marking. Spoofax aims to make implementing these DSL features cheaply and integrates language development and use into the Eclipse IDE.
This document discusses augmented reality (AR) and describes how to set up an AR experience using the GDDF format. It includes details on loading dimensions, refreshing experiences over time or distance, and defines the required GDDF elements like locations, assets, features and overlays. Instructions are provided on tools for exploring AR on Android and iPhone as well as a POST request format for refreshing experiences. The goal is to get readers interested in designing their own AR dimensions.
The document discusses unit testing for Silverlight applications. It provides an overview of model-view-viewmodel (MVVM) patterns, and examples of writing unit tests for a Silverlight application using the StatLight testing framework. Examples include tests for view models, models, and data services using common unit testing assertions and attributes.
mobl: Een DSL voor mobiele applicatieontwikkelingDevnology
This document discusses mobile application development using MOBL, a domain-specific language for building mobile web applications. It provides examples of building user interfaces, adding scripting capabilities, modeling and querying data, and integrating with native device APIs like geolocation using higher-order controls. Future directions are mentioned like adaptive UIs, offline support, and hybrid web/native applications. Code samples demonstrate creating a tip calculator, scripting functions, modeling task data, and accessing local storage on a device.
The document provides an agenda for a Rascal Codefest event on March 3, 2010. It lists the presenters and provides an outline of the topics to be covered, including lightning introductions, a coding game, analysis, visualization, transformations, disclaimers, and an introduction to using Rascal.
The document summarizes Software Transactional Memory (STM) and the Multiverse framework. STM provides an alternative to classic locking-based concurrency control using transactions on memory. Multiverse is an STM framework for Java that uses transactions to provide atomic, isolated and consistent access to shared memory without exposing locking details. It supports various programming models including POJO and managed reference based approaches.
(1) The document provides instructions for installing the CounterClockwise plugin for Eclipse to get an IDE for Clojure development. (2) It describes how to create and load Clojure files and launch a REPL for evaluation. (3) The document includes exercises on Clojure basics like functions, macros, and functional programming techniques as well as examples for implementing macros.
Presentation introducing LISP, looking at the history and concepts behind this powerfull programming language.
Presentation by Tijs van der Storm for the sept 2012 Devnology meetup at the Mirabeau offices in Amsterdam
Devnology Back to School: Empirical Evidence on Modeling in Software DevelopmentDevnology
Modeling is a common part of modern day software engineering practice. Little scientific evidence is known about how models are made and how they help in producing better software. In this talk Michel Chaudron presents highlights from a decade of research that he has performed in the area of software modeling using UML. Topics that will be addressed: What is the state of UML modeling in practice? What are effective techniques for assessing the quality of UML models? How do engineers look at UML models? Do UML models actually help in creating better software?
Devnology Back to School IV - Agility en ArchitectuurDevnology
The document discusses whether agility and architecture can coexist. It notes there is tension between adaptation (agile) and anticipation (architecture). However, the conflict depends on context, including the semantics of architecture, scope, life cycle stage, role, documentation needs, and methods used. Not all design requires architecture. With the right context, agility and architecture can be balanced.
Devnology Back to School III : Software impactDevnology
Michiel van Genuchten talk on software impact, based on a series of columns in IEEE Software discussing the impact on software and analysis of size and volume of software.
Introduction to Software Evolution: The Software VolcanoDevnology
The document discusses software evolution and maintenance. It notes that as software ages, more resources are spent on maintenance and enhancements rather than new projects. The "software volcano" refers to the estimated 750 gigalines of COBOL code and 900 gigalines of C code worldwide, containing an estimated 35 gigabugs. Issues with software maintenance include increasing complexity over time, lack of testing and documentation, and difficulty adapting to changing business needs. Solutions include refactoring, automated testing, knowledge management, and adopting frameworks like ITIL.
GenPro is a genetic programming framework that allows programs to be represented as grids of "cells", where each cell contains a method call. It uses genetic algorithms such as crossover and mutation to evolve programs. The document discusses GenPro's program representations, how solutions are evaluated and bred, challenges in the framework, and ideas for future extensions such as loop support and stateful objects.
Spoofax: ontwikkeling van domeinspecifieke talen in EclipseDevnology
The Spoofax Language Workbench provides tools for defining domain-specific languages (DSLs) with specialized syntax, semantics, and editor services. It offers declarative syntax definition with SDF, model transformations, static analysis for error checking, and semantic services for editors like content completion and error marking. Spoofax aims to make implementing these DSL features cheaply and integrates language development and use into the Eclipse IDE.
This document discusses augmented reality (AR) and describes how to set up an AR experience using the GDDF format. It includes details on loading dimensions, refreshing experiences over time or distance, and defines the required GDDF elements like locations, assets, features and overlays. Instructions are provided on tools for exploring AR on Android and iPhone as well as a POST request format for refreshing experiences. The goal is to get readers interested in designing their own AR dimensions.
The document discusses unit testing for Silverlight applications. It provides an overview of model-view-viewmodel (MVVM) patterns, and examples of writing unit tests for a Silverlight application using the StatLight testing framework. Examples include tests for view models, models, and data services using common unit testing assertions and attributes.
mobl: Een DSL voor mobiele applicatieontwikkelingDevnology
This document discusses mobile application development using MOBL, a domain-specific language for building mobile web applications. It provides examples of building user interfaces, adding scripting capabilities, modeling and querying data, and integrating with native device APIs like geolocation using higher-order controls. Future directions are mentioned like adaptive UIs, offline support, and hybrid web/native applications. Code samples demonstrate creating a tip calculator, scripting functions, modeling task data, and accessing local storage on a device.
The document provides an agenda for a Rascal Codefest event on March 3, 2010. It lists the presenters and provides an outline of the topics to be covered, including lightning introductions, a coding game, analysis, visualization, transformations, disclaimers, and an introduction to using Rascal.
The document summarizes Software Transactional Memory (STM) and the Multiverse framework. STM provides an alternative to classic locking-based concurrency control using transactions on memory. Multiverse is an STM framework for Java that uses transactions to provide atomic, isolated and consistent access to shared memory without exposing locking details. It supports various programming models including POJO and managed reference based approaches.
3. Waarom?
Fouten vinden in bestaande code
Fouten voorkómen – door verhoging
van kwaliteit van toekomstige code
Inzicht krijgen in betrouwbaarheid en
onderhoudbaarheid
4. Voordelen en nadelen
Geïnspecteerde software levert half zoveel rework op
Geïnspecteerde software kost 90% minder onderhoud
Inspectie vindt 60% meer fouten dan testen
Inspectie is 4x meer effectief dan testen
Developers die code inspecteren zijn minimaal 20%
productiever
Code-inspecties kosten tijd
Code-inspecties zijn saai
Code-inspecties kunnen negatief werken op de sfeer
in het team
10. IfSQ Level-1: indicatoren
Work In Progress
WIP-1—Vague "To Do"
WIP-2—Disabled Code
WIP-3—Empty Statement Block
Structured Programming
SP-1—Routine Too Long
SP-2—Nesting Too Deep
Single Point of Maintenance
SPM-1—Magic Numbers
12. IfSQ Level-1: hands-on
Voer inspectie uit op uitgereikte code
Level-1
20 minuten
Noot: indicatoren Level-1 staan in
boekje en op Quick Reference Card
14. IfSQ Level-2: 6 extra indicatoren
Structured Programming
SP-3—Routine Too Complex
Single Point of Maintenance
SPM-2—Magic Strings
SPM-3—Copy/Paste Programming
Defensive Programming
DP-1—Parameter Not Checked
DP-2—Status Ignored After Call
DP-3—Unexpected State Not Trapped