How the Twitter Web, Data and Mobile platforms enable developers to connect to the real-time pulse of the planet.
Talk given at the PHP Hampshire meetup in Portsmouth, December 2014
Learn hints, tips and tricks from the Twitter Fabric development team, and the principles that guided their creation of this modular and powerful SDK.
Presentation delivered at DroidconNL, Amsterdam, Nov 2014
Thanks to Andrea Falcone and the Fabric team for content and materials. You can see a lightning version of this talk delivered at Twitter Flight here -> https://www.youtube.com/watch?v=3h7jQU1AOvw&index=2&list=PLFKjcMIU2WsjUiy7UcPiWNxktpin0WDgu
Have you ever wonder if the access to your cloud kingdom is secure? Have you ever thought how cyber criminals are hunting for your secrets? How can you be sure that your secret is not “mistakenly” available to the public? In my presentation I’m going to present you hackish methods used by cyber criminals to find access keys in the public Internet. How can Shannon Entropy help you? During the presentation, I’ll release my own scaners to search AWS and Azure space and in the end I will demonstrate my own tool to analyze big amounts of data in search for sensitive data. Lots of demos, technical stuff and educating moral for unaware specialists in the end. It’s gonna be fun!
Additional materials: https://www.securing.biz/en/seven-step-guide-to-securing-your-aws-kingdom/index.html
Apps for Science - Elsevier Developer Network Workshop 201102remko caprio
This presentation is an introduction into programming OpenSocial Gadgets for Science.
1. overview of apps
2. social networks
3. opensocial
4. SciVerse Platform
5. SciVerse APIs
6. Coding OpenSocial Gadgets for SciVerse
7. Resources
Nowadays REST APIs are behind each mobile and nearly all of web applications. As such they bring a wide range of possibilities in cases of communication and integration with given system. But with great power comes great responsibility. This talk aims to provide general guidance related do API security assessment and covers common API vulnerabilities. We will look at an API interface from the perspective of potential attacker.
I will show:
how to find hidden API interfaces
ways to detect available methods and parameters
fuzzing and pentesting techniques for API calls
typical problems
I will share several interesting cases from public bug bounty reports and personal experience, for example:
* how I got various credentials with one API call
* how to cause DoS by running Garbage Collector from API
How to hack a node app? @ GDG DevFest Ukraine 2017Asim Hussain
Thought hacking was hard? It’s not, it’s easy and I’m going to show you how! We’ll investigate a series of hacking stories and break them down step-by-step to see exactly how they did it. By the end you’ll walk away a little bit more scared and a lot more prepared with some great practices you can apply immediately to your own applications.
When talking about Hypermedia APIs, we're once again using one of these big words that make others feel stupid not to know yet. After a short intro about what hypermedia is, these slides take you through 2 vastly different implementations of the concept of resources linked to one another, and balances the pros and cons of each of these. Often a simple solution is the best, and having a default fallback for those who don't speak a new format is crucial for a good learning curve.
Learn hints, tips and tricks from the Twitter Fabric development team, and the principles that guided their creation of this modular and powerful SDK.
Presentation delivered at DroidconNL, Amsterdam, Nov 2014
Thanks to Andrea Falcone and the Fabric team for content and materials. You can see a lightning version of this talk delivered at Twitter Flight here -> https://www.youtube.com/watch?v=3h7jQU1AOvw&index=2&list=PLFKjcMIU2WsjUiy7UcPiWNxktpin0WDgu
Have you ever wonder if the access to your cloud kingdom is secure? Have you ever thought how cyber criminals are hunting for your secrets? How can you be sure that your secret is not “mistakenly” available to the public? In my presentation I’m going to present you hackish methods used by cyber criminals to find access keys in the public Internet. How can Shannon Entropy help you? During the presentation, I’ll release my own scaners to search AWS and Azure space and in the end I will demonstrate my own tool to analyze big amounts of data in search for sensitive data. Lots of demos, technical stuff and educating moral for unaware specialists in the end. It’s gonna be fun!
Additional materials: https://www.securing.biz/en/seven-step-guide-to-securing-your-aws-kingdom/index.html
Apps for Science - Elsevier Developer Network Workshop 201102remko caprio
This presentation is an introduction into programming OpenSocial Gadgets for Science.
1. overview of apps
2. social networks
3. opensocial
4. SciVerse Platform
5. SciVerse APIs
6. Coding OpenSocial Gadgets for SciVerse
7. Resources
Nowadays REST APIs are behind each mobile and nearly all of web applications. As such they bring a wide range of possibilities in cases of communication and integration with given system. But with great power comes great responsibility. This talk aims to provide general guidance related do API security assessment and covers common API vulnerabilities. We will look at an API interface from the perspective of potential attacker.
I will show:
how to find hidden API interfaces
ways to detect available methods and parameters
fuzzing and pentesting techniques for API calls
typical problems
I will share several interesting cases from public bug bounty reports and personal experience, for example:
* how I got various credentials with one API call
* how to cause DoS by running Garbage Collector from API
How to hack a node app? @ GDG DevFest Ukraine 2017Asim Hussain
Thought hacking was hard? It’s not, it’s easy and I’m going to show you how! We’ll investigate a series of hacking stories and break them down step-by-step to see exactly how they did it. By the end you’ll walk away a little bit more scared and a lot more prepared with some great practices you can apply immediately to your own applications.
When talking about Hypermedia APIs, we're once again using one of these big words that make others feel stupid not to know yet. After a short intro about what hypermedia is, these slides take you through 2 vastly different implementations of the concept of resources linked to one another, and balances the pros and cons of each of these. Often a simple solution is the best, and having a default fallback for those who don't speak a new format is crucial for a good learning curve.
Testing iOS apps without jailbreak in 2018SecuRing
Penetration tests of iOS applications usually require jailbreak. On the other hand, software developers often enforce a new version of iOS to run the application. Unfortunately, as history shows, with the release of subsequent versions of the iOS system, pentesters have to wait longer and longer for a stable jailbreak. Finally, by testing iDevices, we become participants of the Russian roulette - remain with an out-of-date iOS with the hope that there won’t be an application requiring a newer version; or take the risk of updating and maybe never get the new jailbreak version? During my presentation, I will show you that it is not necessary to put iRevolver to the head and I will present the techniques of conducting the penetration tests without the need to have a jailbreak. The presentation will also include a live demo presenting the solution to the problem of access to protected application resources on the latest version of iOS.
There have long been links on the internet that take the unwary user to a page with unexpected or malicious content. Most of these attempts rely on the user to click on the link to be successful. However, the latest variation has moved beyond simple text links to "Google-image poisoning" - placing malware in the middle of Google searches for images where users have traditionally had no reason to be wary. Our presentation will focus on How malware writers are able to infect the average website; detailed analyses of the PHP script used to infect s ites and SEO techniques to get infected images at the top of search results.
Advanced Technical SEO in 2020 - Data ScienceTyler Reardon
Tyler Reardon is an SEO Strategist at CARFAX where he helps drive the traffic acquisition strategy for the CARFAX Used Car Listings marketplace. He began his journey in search in 2011 at eVacuumStore.com before co-founding United SEO, a Boston-based consultancy specializing in SEO and Analytics, where he crafted and executed strategies for clients such as Oreck, HyDrive Energy, and MedStar Health.
Writing vuln reports that maximize payouts - Nullcon 2016bugcrowd
Writing Vuln Submissions that Maximize Your Payouts - presentation given at Nullcon 2016 by Bugcrowd's Kymberlee Price.
Learn more about Bugcrowd here: https://bugcrowd.com/join-the-crowd
Intro to developing for @twitterapi (updated)Raffi Krikorian
A short primer on how to develop for the Twitter API.
This is the newly edited version of http://www.slideshare.net/raffikrikorian/intro-to-developing-for-twitterapi
In graph we trust: Microservices, GraphQL and security challengesMohammed A. Imran
In graph we trust: Microservices, GraphQL and security challenges - Mohammed A. Imran
Microservices, RESTful and API-first architectures are rage these days and rightfully so, they solve some of the challenges of modern application development. Microservices enable organisations in shipping code to production faster and is accomplished by dividing big monolithic applications into smaller but specialised applications. Though they provide great benefits, they are difficult to debug and secure in complex environments (different API versions, multiple API calls and frontend/backend gaps etc.,). GraphQL provides a powerful way to solve some of these challenges but with great power, comes great responsibility. GraphQL reduces the attack surface drastically(thanks to LangSec) but there are still many things which can go wrong.
This talk will cover the risks associated with GraphQL, challenges and solutions, which help in implementing Secure GraphQL based APIs. We will start off with introduction to GraphQL and its benefits. We then discuss the difficulty in securing these applications and why traditional security scanners don’t work with them. At last, we will cover solutions which help in securing these API by shifting left in DevOps pipeline.
We will cover the following as part of this presentation:
GraphQL use cases and how unicorns use them
Benefits and security challenges with GraphQL
Authentication and Authorisation
Resource exhaustion
Backend complexities with microservices
Need for tweaking conventional DevSecOps tools for security assurance
Security solutions which works with GraphQL
Approaching the unknown - Windows Phone application security assessment guideSecuRing
Windows Phone should be gone by now.
But somehow it survived, hanging around few percent of mobile OS market share. Maybe good camera which is in those phones does it.
Sometimes even an application dedicated to WP platform shows up on pentest.
How to do it?
What tools to use?
What to check?
This talk will give you an overview of WP application security assessment, including some tips & tricks as well.
We will cover topics like:
- application internal structure
- data storage
- traffic interception
- testing on emulator vs testing on rooted phone
- code analysis of WP application
- overview of security mechanisms available on WP
There even will be a real phone with Windows Phone on it to see.
It has been possible to instantly push information from a web server to a web browser for around 15 years, but it's 2015 and real-time web technology has been mainstream for a while thanks to the experiences offered by applications like Twitter, Facebook, Uber, Google Docs and the rise of the Internet of Things (IoT). Technology advancements have also played their part with raw technology improvements such as WebSockets, and solutions like Socket.IO, SignalR, Faye, Firebase and Pusher.
In this talk I'll cover the past, present and future of client and server communication technology, the realtime web and provide a number of use cases and demonstrations of how the technology is actually used today (it's not just chat and spaceship games).
Serverless applications in Python sounds, strange isn’t? In this talk I’ll explain how to build not only crop images or select data from DynamoDB, but build real application, what kind of troubles are we should expect, how to make decision is your task fit into serverless architecture in Python or may be you should use, general approach. How fast serverless applications written in Python, and more important how to scale it.
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani GolandCODE BLUE
On June, thousands of Facebook users complained that they had been infected by a virus through their accounts after they received a message from a Facebook friend claiming they had mentioned them in a comment. Kaspersky Lab researcher Ido Naor and Dani Goland, CEO & founder of Undot, decided to investigate. They quickly discovered that the message had in fact been initiated by attackers and unleashed a two-stage attack on recipients. The first stage of the attack started when the user clicked on the “mention”. A malicious file seized control of their browsers, terminating its legitimate session and replacing it with a malicious one that captured their entire web traffic. The second stage included a highly sophisticated script that took over victims Facebook and Google Drive accounts. After puzzling the script, they managed to extract the proverbial needle from a haystack: an unknown Facebook vulnerability that allowed an attacker to exploit the notifications functionality.
In this talk, Dani and Ido will dive into the bites and bytes of the campaign and explaining how the attackers exploited Facebook to spread the malware.
--- Ido Naor
Ido is a senior security researcher at the Global Research & Analysis Team (GReAT), Kaspersky Lab. He joined Kaspersky two years ago and is leading the regional research in Israel.
Ido specializes in malware analysis, penetration testing and software reverse engineering and has been credited for his work by major enterprises such as: Google, Facebook, Linkedin, Alibaba and more.
Aside from research, Ido is a martial arts expert and a father of two daughters.
--- Dani Goland
Dani is the CEO and founder of Undot, an Israeli-based startup that developed a unified remote-control application to control home appliances.
Dani has more than a decade of experience in programming on a variety of frameworks and languages.
Aside from managing Undot, Dani is a frequent competitor in Hackathons (programming competitions) and won 1st places at HackTrackTLV 2016 and eBay Hackathon 2015.
MR201504 Web Defacing Attacks Targeting WordPressFFRI, Inc.
Large number web sites defacing for various purposes are increasing.
Many used technique within of the these attacks is targeting a popular product or these plug-ins like WordPress.
In this report, was analyses about vulnerability that made 18,000 websites victims by exploiting “Slider Revolution".
The point different from general attacks like SQL injection is that using normal function.
Many of these vulnerabilities within of the CMS product are often in where there are assume used by admin.
So, Limit of access to "/wp-admin" or "/admin" by editing ".htaccess" is very important.
C* Summit 2013: Cassandra on Cloud Foundry by Renat Khasanshyn and Cornelia D...DataStax Academy
Speakers: Renat Khasanshyn, Founder and CEO at Altoros and Cornelia Davis, Senior Technologist at Pivotal
Coupling Cassandra with a Platform as a Service may significantly simplify the process of deploying Cassandra and applications that utilize it, reduce the cost of managing Cassandra within the organization, and to allow infrastructure service providers a simple path to offering database as a service to their customers. Attendees will learn why and when use Cassandra atop of Cloud Foundry, the history of Cassandra service within Cloud Foundry, the State of Cassandra integration with Cloud Foundry, how to create and manage Cassandra nodes on Cloud Foundry and what to expect in the next 6 months.
Testing iOS apps without jailbreak in 2018SecuRing
Penetration tests of iOS applications usually require jailbreak. On the other hand, software developers often enforce a new version of iOS to run the application. Unfortunately, as history shows, with the release of subsequent versions of the iOS system, pentesters have to wait longer and longer for a stable jailbreak. Finally, by testing iDevices, we become participants of the Russian roulette - remain with an out-of-date iOS with the hope that there won’t be an application requiring a newer version; or take the risk of updating and maybe never get the new jailbreak version? During my presentation, I will show you that it is not necessary to put iRevolver to the head and I will present the techniques of conducting the penetration tests without the need to have a jailbreak. The presentation will also include a live demo presenting the solution to the problem of access to protected application resources on the latest version of iOS.
There have long been links on the internet that take the unwary user to a page with unexpected or malicious content. Most of these attempts rely on the user to click on the link to be successful. However, the latest variation has moved beyond simple text links to "Google-image poisoning" - placing malware in the middle of Google searches for images where users have traditionally had no reason to be wary. Our presentation will focus on How malware writers are able to infect the average website; detailed analyses of the PHP script used to infect s ites and SEO techniques to get infected images at the top of search results.
Advanced Technical SEO in 2020 - Data ScienceTyler Reardon
Tyler Reardon is an SEO Strategist at CARFAX where he helps drive the traffic acquisition strategy for the CARFAX Used Car Listings marketplace. He began his journey in search in 2011 at eVacuumStore.com before co-founding United SEO, a Boston-based consultancy specializing in SEO and Analytics, where he crafted and executed strategies for clients such as Oreck, HyDrive Energy, and MedStar Health.
Writing vuln reports that maximize payouts - Nullcon 2016bugcrowd
Writing Vuln Submissions that Maximize Your Payouts - presentation given at Nullcon 2016 by Bugcrowd's Kymberlee Price.
Learn more about Bugcrowd here: https://bugcrowd.com/join-the-crowd
Intro to developing for @twitterapi (updated)Raffi Krikorian
A short primer on how to develop for the Twitter API.
This is the newly edited version of http://www.slideshare.net/raffikrikorian/intro-to-developing-for-twitterapi
In graph we trust: Microservices, GraphQL and security challengesMohammed A. Imran
In graph we trust: Microservices, GraphQL and security challenges - Mohammed A. Imran
Microservices, RESTful and API-first architectures are rage these days and rightfully so, they solve some of the challenges of modern application development. Microservices enable organisations in shipping code to production faster and is accomplished by dividing big monolithic applications into smaller but specialised applications. Though they provide great benefits, they are difficult to debug and secure in complex environments (different API versions, multiple API calls and frontend/backend gaps etc.,). GraphQL provides a powerful way to solve some of these challenges but with great power, comes great responsibility. GraphQL reduces the attack surface drastically(thanks to LangSec) but there are still many things which can go wrong.
This talk will cover the risks associated with GraphQL, challenges and solutions, which help in implementing Secure GraphQL based APIs. We will start off with introduction to GraphQL and its benefits. We then discuss the difficulty in securing these applications and why traditional security scanners don’t work with them. At last, we will cover solutions which help in securing these API by shifting left in DevOps pipeline.
We will cover the following as part of this presentation:
GraphQL use cases and how unicorns use them
Benefits and security challenges with GraphQL
Authentication and Authorisation
Resource exhaustion
Backend complexities with microservices
Need for tweaking conventional DevSecOps tools for security assurance
Security solutions which works with GraphQL
Approaching the unknown - Windows Phone application security assessment guideSecuRing
Windows Phone should be gone by now.
But somehow it survived, hanging around few percent of mobile OS market share. Maybe good camera which is in those phones does it.
Sometimes even an application dedicated to WP platform shows up on pentest.
How to do it?
What tools to use?
What to check?
This talk will give you an overview of WP application security assessment, including some tips & tricks as well.
We will cover topics like:
- application internal structure
- data storage
- traffic interception
- testing on emulator vs testing on rooted phone
- code analysis of WP application
- overview of security mechanisms available on WP
There even will be a real phone with Windows Phone on it to see.
It has been possible to instantly push information from a web server to a web browser for around 15 years, but it's 2015 and real-time web technology has been mainstream for a while thanks to the experiences offered by applications like Twitter, Facebook, Uber, Google Docs and the rise of the Internet of Things (IoT). Technology advancements have also played their part with raw technology improvements such as WebSockets, and solutions like Socket.IO, SignalR, Faye, Firebase and Pusher.
In this talk I'll cover the past, present and future of client and server communication technology, the realtime web and provide a number of use cases and demonstrations of how the technology is actually used today (it's not just chat and spaceship games).
Serverless applications in Python sounds, strange isn’t? In this talk I’ll explain how to build not only crop images or select data from DynamoDB, but build real application, what kind of troubles are we should expect, how to make decision is your task fit into serverless architecture in Python or may be you should use, general approach. How fast serverless applications written in Python, and more important how to scale it.
[CB16] Facebook Malware: Tag Me If You Can by Ido Naor & Dani GolandCODE BLUE
On June, thousands of Facebook users complained that they had been infected by a virus through their accounts after they received a message from a Facebook friend claiming they had mentioned them in a comment. Kaspersky Lab researcher Ido Naor and Dani Goland, CEO & founder of Undot, decided to investigate. They quickly discovered that the message had in fact been initiated by attackers and unleashed a two-stage attack on recipients. The first stage of the attack started when the user clicked on the “mention”. A malicious file seized control of their browsers, terminating its legitimate session and replacing it with a malicious one that captured their entire web traffic. The second stage included a highly sophisticated script that took over victims Facebook and Google Drive accounts. After puzzling the script, they managed to extract the proverbial needle from a haystack: an unknown Facebook vulnerability that allowed an attacker to exploit the notifications functionality.
In this talk, Dani and Ido will dive into the bites and bytes of the campaign and explaining how the attackers exploited Facebook to spread the malware.
--- Ido Naor
Ido is a senior security researcher at the Global Research & Analysis Team (GReAT), Kaspersky Lab. He joined Kaspersky two years ago and is leading the regional research in Israel.
Ido specializes in malware analysis, penetration testing and software reverse engineering and has been credited for his work by major enterprises such as: Google, Facebook, Linkedin, Alibaba and more.
Aside from research, Ido is a martial arts expert and a father of two daughters.
--- Dani Goland
Dani is the CEO and founder of Undot, an Israeli-based startup that developed a unified remote-control application to control home appliances.
Dani has more than a decade of experience in programming on a variety of frameworks and languages.
Aside from managing Undot, Dani is a frequent competitor in Hackathons (programming competitions) and won 1st places at HackTrackTLV 2016 and eBay Hackathon 2015.
MR201504 Web Defacing Attacks Targeting WordPressFFRI, Inc.
Large number web sites defacing for various purposes are increasing.
Many used technique within of the these attacks is targeting a popular product or these plug-ins like WordPress.
In this report, was analyses about vulnerability that made 18,000 websites victims by exploiting “Slider Revolution".
The point different from general attacks like SQL injection is that using normal function.
Many of these vulnerabilities within of the CMS product are often in where there are assume used by admin.
So, Limit of access to "/wp-admin" or "/admin" by editing ".htaccess" is very important.
C* Summit 2013: Cassandra on Cloud Foundry by Renat Khasanshyn and Cornelia D...DataStax Academy
Speakers: Renat Khasanshyn, Founder and CEO at Altoros and Cornelia Davis, Senior Technologist at Pivotal
Coupling Cassandra with a Platform as a Service may significantly simplify the process of deploying Cassandra and applications that utilize it, reduce the cost of managing Cassandra within the organization, and to allow infrastructure service providers a simple path to offering database as a service to their customers. Attendees will learn why and when use Cassandra atop of Cloud Foundry, the history of Cassandra service within Cloud Foundry, the State of Cassandra integration with Cloud Foundry, how to create and manage Cassandra nodes on Cloud Foundry and what to expect in the next 6 months.
Public, private, and hybrid; software, platform, and infrastructure. A discussion of the current state of the Platform-as-a-Service space, and why the keys to success lie in enabling developer productivity, and providing openness and choice. This presentation considers the success of Open Source in general, looks at the Cloud Foundry project, and explains why Cloud Foundry-based PaaSes are the best places to host your applications written in Java and other JVM-based languages.
Presented at GOTO Aarhus 2013
The presentation focuses on infrastructure types suitable for Cloud Foundry. It also explains the mechanism of communication between the PaaS and different cloud providers.
Background slides from my #DevRelCon 2016 on tools, techniques and approaches used @TwitterDev in the past several years building out a series of developer communities. Contains Star Wars references.
It has been possible to instantly push information from a web server to a web browser for at least 10 years, but this technology has finally gone mainstream thanks to technologies like WebSockets and solutions like SignalR, socket.io, Faye and Pusher. In this sessions I'll cover the past, present and future of client/server communication technology, the realtime web and provide a number of use cases and demonstrations of how the technology is actually used today (it's not just chat and spaceship games).
People using your web app also use many other online services. You'll often want to pull data from those other services into your app, or publish data from your app out to other services. In this talk, Randy will explain the terminology you need to know, share best practices and techniques for integrating, and walk through two real-world examples. You'll leave with code snippets to help you get started integrating.
Goodle Developer Days Munich 2008 - Open Social UpdatePatrick Chanezon
Updates about the OpenSocial ecosystem at Google developer days Munich, including presentations from Xing, Lokalisten, netlog and Viadeo..
OpenSocial is an open specification defining a common API that works on many different social websites, including MySpace, Plaxo, Hi5, Ning, orkut, Friendster Salesforce.com and LinkedIn, among others. This allows developers to learn one API, then write a social application for any of those sites: Learn once, write anywhere.
In addition, in order to make it easier for developers of social sites to implement the API and make their site an OpenSocial container, the Apache project Shindig provides reference implementations for OpenSocial containers in two languages (Java, PHP). Shindig will define a language specific Service Provider Interface (SPI) that a social site can implement to connect Shindig to People, Persistence and Activities backend services for the social site. Shindig will then expose these services as OpenSocial JavaScript and REST APIs.
In this session we will explain what OpenSocial is, show examples of OpenSocial containers and applications, demonstrate how to create an OpenSocial application, and explain how to leverage Apache Shindig in order to implement an OpenSocial container.
A presentation for Dundee University's Hack Day explaining the technologies to use and how to hack your own APIs by using Yahoo! Pipes and scraping RSS feeds.
PHP Experience 2016 - [Palestra] Experiências e casos de uso com as APIs TwitteriMasters
Juliana Chahoud, Developer Advocate & Partner Engineer do Twitter, fez a palestra "Experiências e casos de uso com as APIs Twitter", no PHP Experience 2016.
O iMasters PHP Experience 2016 aconteceu nos dias 21 e 22 de Março de 2015, no Hotel Tivoli em São Paulo-SP
http://phpexperience2016.imasters.com.br/
Matthew Russell's "Unleashing Twitter Data for Fun and Insight" presentation from Strata 2011. Matthew Russell's "Unleashing Twitter Data for Fun and Insight" presentation from Strata 2011. See http://strataconf.com/strata2011/public/schedule/detail/17714 for an overview of the talk.
Social Developers London update for Twitter Developers Angus Fox
Social Developers London Presetation featuring @recorditapp, @STTLibrary, and Real-time demos with Node.js and WebSockets from @romainhuet and Stewart Harper (see links)
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS TodayHeroku
Webinar recording here: https://www.heroku.com/tech-sessions/creating-secure-web-apps
Secure internet communication is one of the most important issues facing technology practitioners these days. But for many software development teams, it’s an afterthought. Almost every week there’s a new headline about web security: Google Chrome flagging non-HTTPS sites as insecure, Apple requiring iOS apps’ API communication to use HTTPS, and Google giving search ranking preference to HTTPS.
Join Josh Aas, Executive Director of Let's Encrypt, and Chris Castle, Developer Advocate from Heroku, as they take you on a quick tour of what you, as a developer, need to know about HTTPS today plus show you how Let's Encrypt and Heroku are making it easier than ever for all developers to add HTTPS to their web apps.
Workshop KrakYourNet2016 - Web applications hacking Ruby on Rails example Anna Klepacka
Web Applications Hacking – Ruby on Rails example.
Attack web applications by using SQL attacks, CSRF, XSS. You will learn how to extract information by generating API json / xml and how to use cookies to code injection.
Understanding how to run Microservices at scale is becoming a key success factor for organisations. Mesos makes it easy to deploy robust architectures in the Cloud. Today's technologies offer simple solutions to create RESTfull services, containerize them and deploy them in Mesos but is this the best way to expose Microservices ? As the number of Microservices increase the inter-communication between them becomes more complicated, and we soon realize we have new questions awaiting our answers: how do Microservices authenticate ? how to monitor who's using their APIs ? how to protect them from attacks ? how to set throttling and rate limiting rules across a cluster ? How to control which service allows public access and which one is private ? Come and learn a scalable architecture to manage Microservices in Mesos by integrating an API Management layer inside your Mesos clusters.
Os últimos anos conferiram à web uma nova dinâmica. Novos produtos e soluções inundam a nossa atenção a toda a hora, mas a verdadeira killer feature é a facilidade com que se constroem novos serviços sobre APIs. Building platforms é uma apresentação orientada a
developers sobre APIs e plataformas como Microformats, OpenID, OAuth.
The web has changed! Users spend more time on mobile than on desktops and expect to have an amazing user experience on both. APIs are the heart of the new web as the central point of access data, encapsulating logic and providing the same data and same features for desktops and mobiles.
In this workshop, Paula and Antonio will show you how to create complex APIs in an easy and quick way using API Platform built on Symfony.
Repository: https://github.com/locastic/wscAPI2017
API Documentation Workshop tcworld India 2015Tom Johnson
This is a workshop I gave on API documentation at tcworld India 2015. The workshop covers 3 main areas:
- General overview of API documentation
- Deep dive into REST API documentation
- Deep dive into Javadoc documentation
Similar to Connecting to the Pulse of the Planet with the Twitter Platform (20)
Combining Context with Signals in the IoT (longer version)Andy Piper
The Internet of Things is about signals; the amazing information shared on Twitter can provide context. Find out how projects use Twitter as a great place to connect their IoT data with the real world.
Presented at GOTO Amsterdam, June 2014
From Cloud Computing to Platform as a Service – BCS OxfordshireAndy Piper
A short history of cloud computing, and why Platform as a Service (PaaS) is an important aspect of this technology. Presented at bcs Oxfordshire, February 2014
The Internet of Things is Made of SignalsAndy Piper
People. Devices. Smart objects. Things. All of these create data, or signals. Signals, and responding to them in intelligent ways, are what drives behaviour. We’ll look at how the Internet of Things is, in fact, made up of signals – and some of the technology considerations to think about.
Presentation from Thingmonk 2013
How to Write a Web App in fewer than 140 CharactersAndy Piper
Have you seen Spring lately? Using Spring Boot and Groovy, you can create a simple web app that fits inside a tweet.
There's MUCH more to Spring Boot than a simple app like this, but this was just a 5 minute lightning talk!
Lightning Talk from LJC Open Conference 2013
Show drafts
volume_up
Empowering the Data Analytics Ecosystem: A Laser Focus on Value
The data analytics ecosystem thrives when every component functions at its peak, unlocking the true potential of data. Here's a laser focus on key areas for an empowered ecosystem:
1. Democratize Access, Not Data:
Granular Access Controls: Provide users with self-service tools tailored to their specific needs, preventing data overload and misuse.
Data Catalogs: Implement robust data catalogs for easy discovery and understanding of available data sources.
2. Foster Collaboration with Clear Roles:
Data Mesh Architecture: Break down data silos by creating a distributed data ownership model with clear ownership and responsibilities.
Collaborative Workspaces: Utilize interactive platforms where data scientists, analysts, and domain experts can work seamlessly together.
3. Leverage Advanced Analytics Strategically:
AI-powered Automation: Automate repetitive tasks like data cleaning and feature engineering, freeing up data talent for higher-level analysis.
Right-Tool Selection: Strategically choose the most effective advanced analytics techniques (e.g., AI, ML) based on specific business problems.
4. Prioritize Data Quality with Automation:
Automated Data Validation: Implement automated data quality checks to identify and rectify errors at the source, minimizing downstream issues.
Data Lineage Tracking: Track the flow of data throughout the ecosystem, ensuring transparency and facilitating root cause analysis for errors.
5. Cultivate a Data-Driven Mindset:
Metrics-Driven Performance Management: Align KPIs and performance metrics with data-driven insights to ensure actionable decision making.
Data Storytelling Workshops: Equip stakeholders with the skills to translate complex data findings into compelling narratives that drive action.
Benefits of a Precise Ecosystem:
Sharpened Focus: Precise access and clear roles ensure everyone works with the most relevant data, maximizing efficiency.
Actionable Insights: Strategic analytics and automated quality checks lead to more reliable and actionable data insights.
Continuous Improvement: Data-driven performance management fosters a culture of learning and continuous improvement.
Sustainable Growth: Empowered by data, organizations can make informed decisions to drive sustainable growth and innovation.
By focusing on these precise actions, organizations can create an empowered data analytics ecosystem that delivers real value by driving data-driven decisions and maximizing the return on their data investment.
Techniques to optimize the pagerank algorithm usually fall in two categories. One is to try reducing the work per iteration, and the other is to try reducing the number of iterations. These goals are often at odds with one another. Skipping computation on vertices which have already converged has the potential to save iteration time. Skipping in-identical vertices, with the same in-links, helps reduce duplicate computations and thus could help reduce iteration time. Road networks often have chains which can be short-circuited before pagerank computation to improve performance. Final ranks of chain nodes can be easily calculated. This could reduce both the iteration time, and the number of iterations. If a graph has no dangling nodes, pagerank of each strongly connected component can be computed in topological order. This could help reduce the iteration time, no. of iterations, and also enable multi-iteration concurrency in pagerank computation. The combination of all of the above methods is the STICD algorithm. [sticd] For dynamic graphs, unchanged components whose ranks are unaffected can be skipped altogether.
Data Centers - Striving Within A Narrow Range - Research Report - MCG - May 2...pchutichetpong
M Capital Group (“MCG”) expects to see demand and the changing evolution of supply, facilitated through institutional investment rotation out of offices and into work from home (“WFH”), while the ever-expanding need for data storage as global internet usage expands, with experts predicting 5.3 billion users by 2023. These market factors will be underpinned by technological changes, such as progressing cloud services and edge sites, allowing the industry to see strong expected annual growth of 13% over the next 4 years.
Whilst competitive headwinds remain, represented through the recent second bankruptcy filing of Sungard, which blames “COVID-19 and other macroeconomic trends including delayed customer spending decisions, insourcing and reductions in IT spending, energy inflation and reduction in demand for certain services”, the industry has seen key adjustments, where MCG believes that engineering cost management and technological innovation will be paramount to success.
MCG reports that the more favorable market conditions expected over the next few years, helped by the winding down of pandemic restrictions and a hybrid working environment will be driving market momentum forward. The continuous injection of capital by alternative investment firms, as well as the growing infrastructural investment from cloud service providers and social media companies, whose revenues are expected to grow over 3.6x larger by value in 2026, will likely help propel center provision and innovation. These factors paint a promising picture for the industry players that offset rising input costs and adapt to new technologies.
According to M Capital Group: “Specifically, the long-term cost-saving opportunities available from the rise of remote managing will likely aid value growth for the industry. Through margin optimization and further availability of capital for reinvestment, strong players will maintain their competitive foothold, while weaker players exit the market to balance supply and demand.”
Levelwise PageRank with Loop-Based Dead End Handling Strategy : SHORT REPORT ...Subhajit Sahu
Abstract — Levelwise PageRank is an alternative method of PageRank computation which decomposes the input graph into a directed acyclic block-graph of strongly connected components, and processes them in topological order, one level at a time. This enables calculation for ranks in a distributed fashion without per-iteration communication, unlike the standard method where all vertices are processed in each iteration. It however comes with a precondition of the absence of dead ends in the input graph. Here, the native non-distributed performance of Levelwise PageRank was compared against Monolithic PageRank on a CPU as well as a GPU. To ensure a fair comparison, Monolithic PageRank was also performed on a graph where vertices were split by components. Results indicate that Levelwise PageRank is about as fast as Monolithic PageRank on the CPU, but quite a bit slower on the GPU. Slowdown on the GPU is likely caused by a large submission of small workloads, and expected to be non-issue when the computation is performed on massive graphs.
Explore our comprehensive data analysis project presentation on predicting product ad campaign performance. Learn how data-driven insights can optimize your marketing strategies and enhance campaign effectiveness. Perfect for professionals and students looking to understand the power of data analysis in advertising. for more details visit: https://bostoninstituteofanalytics.org/data-science-and-artificial-intelligence/
25. Vine embeds
GET https://vine.co/oembed.json
Returns oEmbed JSON data matching your query.
Data id: OvjwJIWQV2t
maxheight: 600
maxwidth: 600
omit_script
29. Cards
<meta name="twitter:card" content="summary">
<meta name="twitter:site" content="@nytimes">
<meta name="twitter:creator" content="@SarahMaslinNir">
<meta name="twitter:title" content="Parade of Fans for Houston’s Funeral">
<meta name="twitter:description" content="The guest list and parade of limousines ..”>
<meta name="twitter:image" content="http://graphics8.nytimes.com/images/2012/02/19/us/
19whitney-span/19whitney-span-article.jpg">
30. Photo Card
Player Card
Summary Card
Large Image
Summary Card
App Card
General Assembly @GA
4 Jun
Learn HTML, CSS, JavaScript in 10 Saturdays in SF — impress
friends, potential employers, Twitter followers:
cards.twitter.com/cards/2tg4az/1p
Hide promotion Reply Retweet Favorite More
10-Week Front-End Web Development Course in San Francisco
Accept this offer by sharing your email address with General Assembly
Sarah Lindberg
@selindberg
Sar***@***email.com
Request More Info
View advertiser privacy policy
Lead Gen Card
Gallery Card
Product Card
34. Streaming APIs let you ingest
what’s happening right now
POST https://stream.twitter.com/1.1/statuses/filter.json
Returns Tweets matching your criteria.
Data follow: 3946301
track: #phphants
locations: 2.1733,41.3633,2.1933,41.4033
language: en
35. Streaming APIs let you ingest
what’s happening right now
GET https://stream.twitter.com/1.1/statuses/sample.json
Returns ~1% of all firehose data, statistically relevant.
GET https://stream.twitter.com/1.1/statuses/firehose.json
Returns all firehose data, requires business deal.
36. Streaming APIs let you ingest
what’s happening right now
{"created_at":"Sun Dec 01 21:44:59 +0000 2013","id":407264085194330112,"id_str":"407264085194330112","text":"u201c@DM_Minions: The minion mobile! http://t.co/Tq8AQoXcVyu201d shall I get
it, @CourtneyLouu ud83dude0fud83dude18","source":"u003ca href="http://twitter.com/download/iphone" rel="nofollow"u003eTwitter for iPhoneu003c/a
u003e","truncated":false,"in_reply_to_status_id":407263303405023232,"in_reply_to_status_id_str":"407263303405023232","in_reply_to_user_id":
948825632,"in_reply_to_user_id_str":"948825632","in_reply_to_screen_name":"DM_Minions","user":{"id":
404024178,"id_str":"404024178","name":"emilyjade","screen_name":"_emilyjade","location":"","url":null,"description":"'what is essential, is invisible to the
eye'","protected":false,"followers_count":156,"friends_count":287,"listed_count":0,"created_at":"Thu Nov 03 10:18:49 +0000 2011","favourites_count":
379,"utc_offset":null,"time_zone":null,"geo_enabled":true,"verified":false,"statuses_count":
8506,"lang":"en","contributors_enabled":false,"is_translator":false,"profile_background_color":"EBEBEB","profile_background_image_url":"http://abs.twimg.com/images/themes/theme7/
bg.gif","profile_background_image_url_https":"https://abs.twimg.com/images/themes/theme7/bg.gif","profile_background_tile":false,"profile_image_url":"http://pbs.twimg.com/
profile_images/378800000811908687/bc82e20db7c7812a1f61f72998f948e9_normal.jpeg","profile_image_url_https":"https://pbs.twimg.com/profile_images/378800000811908687/
bc82e20db7c7812a1f61f72998f948e9_normal.jpeg","profile_banner_url":"https://pbs.twimg.com/profile_banners/404024178/
1385914936","profile_link_color":"990000","profile_sidebar_border_color":"DFDFDF","profile_sidebar_fill_color":"F3F3F3","profile_text_color":"333333","profile_use_background_image":true,"def
ault_profile":false,"default_profile_image":false,"following":null,"follow_request_sent":null,"notifications":null},"geo":{"type":"Point","coordinates":
[51.35264663,-1.15710757]},"coordinates":{"type":"Point","coordinates":[-1.15710757,51.35264663]},"place":{"id":"d009bfdb11c20f3e","url":"https://api.twitter.com/1.1/geo/id/
d009bfdb11c20f3e.json","place_type":"city","name":"Basingstoke and Deane","full_name":"Basingstoke and Deane, Hampshire","country_code":"GB","country":"United Kingdom","contained_within":
[],"bounding_box":{"type":"Polygon","coordinates":[[[-1.4601689999999998,51.133537999999994],[-1.4601689999999998,51.383949],[-0.9748119999999999,51.383949],
[-0.9748119999999999,51.133537999999994]]]},"attributes":{}},"contributors":null,"retweet_count":0,"favorite_count":0,"entities":{"hashtags":[],"symbols":[],"urls":[],"user_mentions":
[{"screen_name":"DM_Minions","name":"DespicableMe Minions","id":948825632,"id_str":"948825632","indices":[1,12]},{"screen_name":"CourtneyLouu","name":"coourts","id":
43456930,"id_str":"43456930","indices":[73,86]}],"media":[{"id":407263303325335552,"id_str":"407263303325335552","indices":[33,55],"media_url":"http://pbs.twimg.com/media/
Babj0QzCQAAMrX4.jpg","media_url_https":"https://pbs.twimg.com/media/Babj0QzCQAAMrX4.jpg","url":"http://t.co/Tq8AQoXcVy","display_url":"pic.twitter.com/
Tq8AQoXcVy","expanded_url":"http://twitter.com/DM_Minions/status/407263303405023232/photo/1","type":"photo","sizes":{"small":{"w":339,"h":236,"resize":"fit"},"large":{"w":958,"h":
666,"resize":"fit"},"thumb":{"w":150,"h":150,"resize":"crop"},"medium":{"w":599,"h":417,"resize":"fit"}},"source_status_id":
407263303405023232,"source_status_id_str":"407263303405023232"}]},"favorited":false,"retweeted":false,"possibly_sensitive":false,"filter_level":"medium","lang":"en"}
{"created_at":"Sun Dec 01 21:44:59 +0000 2013","id":407264086347747328,"id_str":"407264086347747328","text":"@DannyArratoon already eaten it but you can bring me another
one?","source":"u003ca href="http://twitter.com/download/iphone" rel="nofollow"u003eTwitter for iPhoneu003c/au003e","truncated":false,"in_reply_to_status_id":
407263944844533761,"in_reply_to_status_id_str":"407263944844533761","in_reply_to_user_id":210579473,"in_reply_to_user_id_str":"210579473","in_reply_to_screen_name":"DannyArratoon","user":
{"id":495068253,"id_str":"495068253","name":"eleanor","screen_name":"ell_eysselinck","location":"london","url":null,"description":null,"protected":false,"followers_count":
430,"friends_count":345,"listed_count":0,"created_at":"Fri Feb 17 15:23:34 +0000 2012","favourites_count":3934,"utc_offset":
0,"time_zone":"London","geo_enabled":true,"verified":false,"statuses_count":
7800,"lang":"en","contributors_enabled":false,"is_translator":false,"profile_background_color":"000000","profile_background_image_url":"http://a0.twimg.com/profile_background_images/
635582704/nud5dpj44ngj5bgv5k55.jpeg","profile_background_image_url_https":"https://si0.twimg.com/profile_background_images/635582704/
nud5dpj44ngj5bgv5k55.jpeg","profile_background_tile":true,"profile_image_url":"http://pbs.twimg.com/profile_images/378800000812022272/
b0218f45cb51525440be4f5782aaba6b_normal.jpeg","profile_image_url_https":"https://pbs.twimg.com/profile_images/378800000812022272/
b0218f45cb51525440be4f5782aaba6b_normal.jpeg","profile_banner_url":"https://pbs.twimg.com/profile_banners/495068253/
1378837388","profile_link_color":"EB091C","profile_sidebar_border_color":"C0DEED","profile_sidebar_fill_color":"DDEEF6","profile_text_color":"333333","profile_use_background_image":true,"def
ault_profile":false,"default_profile_image":false,"following":null,"follow_request_sent":null,"notifications":null},"geo":{"type":"Point","coordinates":
[51.37097685,-0.21992044]},"coordinates":{"type":"Point","coordinates":[-0.21992044,51.37097685]},"place":{"id":"8840213b5fc1032a","url":"https://api.twitter.com/1.1/geo/id/
8840213b5fc1032a.json","place_type":"city","name":"Sutton","full_name":"Sutton, London","country_code":"GB","country":"United Kingdom","contained_within":[],"bounding_box":
{"type":"Polygon","coordinates":[[[-0.24586899999999998,51.321324999999995],[-0.24586899999999998,51.393378999999996],[-0.117306,51.393378999999996],
[-0.117306,51.321324999999995]]]},"attributes":{}},"contributors":null,"retweet_count":0,"favorite_count":0,"entities":{"hashtags":[],"symbols":[],"urls":[],"user_mentions":
[{"screen_name":"DannyArratoon","name":"Danny","id":210579473,"id_str":"210579473","indices":[0,14]}]},"favorited":false,"retweeted":false,"filter_level":"medium","lang":"en"}
{"created_at":"Sun Dec 01 21:44:59 +0000 2013","id":407264087085953025,"id_str":"407264087085953025","text":"@brontemaria22 #firstin","source":"u003ca href="http://twitter.com/download
/iphone" rel="nofollow"u003eTwitter for iPhoneu003c/au003e","truncated":false,"in_reply_to_status_id":
407262865251643392,"in_reply_to_status_id_str":"407262865251643392","in_reply_to_user_id":771468884,"in_reply_to_user_id_str":"771468884","in_reply_to_screen_name":"brontemaria22","user":
{"id":442104599,"id_str":"442104599","name":"zolf","screen_name":"FleurMarie32","location":"","url":null,"description":null,"protected":false,"followers_count":360,"friends_count":
238,"listed_count":0,"created_at":"Tue Dec 20 19:13:40 +0000 2011","favourites_count":563,"utc_offset":null,"time_zone":null,"geo_enabled":true,"verified":false,"statuses_count":
3092,"lang":"en","contributors_enabled":false,"is_translator":false,"profile_background_color":"BADFCD","profile_background_image_url":"http://a0.twimg.com/profile_background_images/
40. REST APIs let you perform actions
and access what happened
41. The Twitter API
Over 100 REST API endpoints
• Tap into Twitter data
‣ GET /search/tweets
• Engage users socially
‣ POST /statuses/update
42. REST APIs let you perform actions
and access what happened
Tweets & Media GET statuses/lookup
POST statuses/update
POST media/upload
Timelines GET statuses/home_timeline
GET statuses/user_timeline
GET statuses/mentions_timeline
Search GET tweets/search
Following GET friends/list
And many more: Users, Favorites, Direct Messages, Block/Mute, Followers, Lists, Trends, Geo…