A content provider allows data to be shared across applications. It encapsulates the data and provides methods for querying and modifying the data. There are built-in Android content providers for common data types like contacts, audio, images. A custom content provider can be created by extending the ContentProvider class. It must implement methods like query(), insert(), update(), delete() and return a Uri or number of rows affected. The provider is declared in the manifest and permissions can control access at the provider or URI level.
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...Christopher Frohoff
Object deserialization is an established but poorly understood attack vector in applications that is disturbingly prevalent across many languages, platforms, formats, and libraries.
In January 2015 at AppSec California, Chris Frohoff and Gabe Lawrence gave a talk on this topic, covering deserialization vulnerabilities across platforms, the many forms they take, and places they can be found. It covered, among other things, somewhat novel techniques using classes in commonly used libraries for attacking Java serialization that were subsequently released in the form of the ysoserial tool. Few people noticed until late 2015, when other researchers used these techniques/tools to exploit well known products such as Bamboo, WebLogic, WebSphere, ApacheMQ, and Jenkins, and then services such as PayPal. Since then, the topic has gotten some long-overdue attention and great work is being done by many to improve our understanding and developer awareness on the subject.
This talk will review the details of Java deserialization exploit techniques and mitigations, as well as report on some of the recent (and future) activity in this area.
http://www.meetup.com/Open-Web-Application-Security-Project-San-Diego-OWASP-SD/events/226242635/
Overview of Java RMI remoting.
RMI is a lightweight Java technology that provides access to remote methods, similar to RPC, but object-oriented. RMI basically provides remote object access for a client and object registration for servers.
RMI is both a Java API (java.rmi.* package) as well as a transport protocol definition for transporting RMI calls through a network.
RMI is a Java technology since it requires that client and server objects run in a JVM (Java Virtual Machine). By using IIOP as transport protocol, however, it is possible to connect RMI-clients to non-Java server objects (e.g. CORBA).
RMI defines the elements client, server, RMI registry where servers register their services and possibly a plain vanilla web server that can be used by clients to dynamically load object classes to access servers.
Jenkins plugin for Gerrit Code Review pipelinesLuca Milanesio
Introducing the brand new plugin that brings Gerrit Code Review into the Jenkins Pipeline world: simpler, faster and yet more powerful than ever. Gerrit becomes a first-class citizen into the Jenkins ecosystem by enabling a complete pipeline to fetch changes for review, building and submitting the relevant feedback as automated review comment to Gerrit. The new plugin comes from the CI validation workflow experience of the Gerrit Code Review project. The key aspects are stateless, configuration-less - apart from the standard SCM configuration settings. That means that multiple jobs and multiple branches of the same job, can have their own Gerrit integration defined and working out-of-the-box.
Java Multi Threading Concept
By N.V.Raja Sekhar Reddy
www.technolamp.co.in
Want more...
Like us @ https://www.facebook.com/Technolamp.co.in
subscribe videos @ http://www.youtube.com/user/nvrajasekhar
UNIT V CASE STUDY
Linux System – Design Principles, Kernel Modules, Process Management, Scheduling, Memory Management, Input-Output Management, File System, Inter-process Communication; Mobile OS – iOS and Android – Architecture and SDK Framework, Media Layer, Services Layer, Core OS Layer, File System.
This ppt gives a general idea about the multithreading concepts in the java programming language. hope you find it useful
P.S :
sorry there is a correction in one of the slides
where i have entered implements thread
it is wrong it is actually implements Runnable
thank you!
Overview - Functions of an Operating System – Design Approaches – Types of Advanced
Operating System - Synchronization Mechanisms – Concept of a Process, Concurrent
Processes – The Critical Section Problem, Other Synchronization Problems – Language
Mechanisms for Synchronization – Axiomatic Verification of Parallel Programs - Process
Deadlocks - Preliminaries – Models of Deadlocks, Resources, System State – Necessary and
Sufficient conditions for a Deadlock – Systems with Single-Unit Requests, Consumable
Resources, Reusable Resources.
OWASP SD: Deserialize My Shorts: Or How I Learned To Start Worrying and Hate ...Christopher Frohoff
Object deserialization is an established but poorly understood attack vector in applications that is disturbingly prevalent across many languages, platforms, formats, and libraries.
In January 2015 at AppSec California, Chris Frohoff and Gabe Lawrence gave a talk on this topic, covering deserialization vulnerabilities across platforms, the many forms they take, and places they can be found. It covered, among other things, somewhat novel techniques using classes in commonly used libraries for attacking Java serialization that were subsequently released in the form of the ysoserial tool. Few people noticed until late 2015, when other researchers used these techniques/tools to exploit well known products such as Bamboo, WebLogic, WebSphere, ApacheMQ, and Jenkins, and then services such as PayPal. Since then, the topic has gotten some long-overdue attention and great work is being done by many to improve our understanding and developer awareness on the subject.
This talk will review the details of Java deserialization exploit techniques and mitigations, as well as report on some of the recent (and future) activity in this area.
http://www.meetup.com/Open-Web-Application-Security-Project-San-Diego-OWASP-SD/events/226242635/
Overview of Java RMI remoting.
RMI is a lightweight Java technology that provides access to remote methods, similar to RPC, but object-oriented. RMI basically provides remote object access for a client and object registration for servers.
RMI is both a Java API (java.rmi.* package) as well as a transport protocol definition for transporting RMI calls through a network.
RMI is a Java technology since it requires that client and server objects run in a JVM (Java Virtual Machine). By using IIOP as transport protocol, however, it is possible to connect RMI-clients to non-Java server objects (e.g. CORBA).
RMI defines the elements client, server, RMI registry where servers register their services and possibly a plain vanilla web server that can be used by clients to dynamically load object classes to access servers.
Jenkins plugin for Gerrit Code Review pipelinesLuca Milanesio
Introducing the brand new plugin that brings Gerrit Code Review into the Jenkins Pipeline world: simpler, faster and yet more powerful than ever. Gerrit becomes a first-class citizen into the Jenkins ecosystem by enabling a complete pipeline to fetch changes for review, building and submitting the relevant feedback as automated review comment to Gerrit. The new plugin comes from the CI validation workflow experience of the Gerrit Code Review project. The key aspects are stateless, configuration-less - apart from the standard SCM configuration settings. That means that multiple jobs and multiple branches of the same job, can have their own Gerrit integration defined and working out-of-the-box.
Java Multi Threading Concept
By N.V.Raja Sekhar Reddy
www.technolamp.co.in
Want more...
Like us @ https://www.facebook.com/Technolamp.co.in
subscribe videos @ http://www.youtube.com/user/nvrajasekhar
UNIT V CASE STUDY
Linux System – Design Principles, Kernel Modules, Process Management, Scheduling, Memory Management, Input-Output Management, File System, Inter-process Communication; Mobile OS – iOS and Android – Architecture and SDK Framework, Media Layer, Services Layer, Core OS Layer, File System.
This ppt gives a general idea about the multithreading concepts in the java programming language. hope you find it useful
P.S :
sorry there is a correction in one of the slides
where i have entered implements thread
it is wrong it is actually implements Runnable
thank you!
Overview - Functions of an Operating System – Design Approaches – Types of Advanced
Operating System - Synchronization Mechanisms – Concept of a Process, Concurrent
Processes – The Critical Section Problem, Other Synchronization Problems – Language
Mechanisms for Synchronization – Axiomatic Verification of Parallel Programs - Process
Deadlocks - Preliminaries – Models of Deadlocks, Resources, System State – Necessary and
Sufficient conditions for a Deadlock – Systems with Single-Unit Requests, Consumable
Resources, Reusable Resources.
Data Transfer between Activities & DatabasesMuhammad Sajid
Data Transfer between Activities & Databases, Content Provider:
Content Provider will act as a central repository to store the data of the application in one place and make that data available for different applications to access whenever it’s required.
the Content Provider is a part of an android application and it will act as more like the relational database to store the app data. We can perform multiple operations like insert, update, delete and edit on the data stored in the content provider using insert(), update(), delete(), and query() methods.
The field of Text and Data Mining (TDM) is growing in importance with an increasing number of researchers interested in mining scholarly content. CrossRef Text and Data Mining Services launched in May 2014 and focuses on providing one common way to retrieve the full text of articles for the purposes of TDM for interested parties. This session will provide an introduction to and update on this service, and a short demonstration of it in action.
Development of Web Services for Android ApplicationsMd Ashraful Haque
A simple SOAP based web service has been developed that uses a android platform as an user interface from which a user access a database residing in the other server. the web service exposes web methods over the internet so that any other application can use those methods for own requirements.
Data Transfer between Activities & DatabasesMuhammad Sajid
Data Transfer between Activities & Databases, icon: This is displayed as icon for activity. You can check or save png image of name icon in drawable folder. android:icon="@drawable/icon"
• label: The label / title that appears at top in Toolbar of that particular Activity. You can check or edit label name by opening String XML file present inside Values folder
android:label = "@string/label“ or android:label = "New Activity“
Just like icon attribute, if you have not declared any label for your activity then it will be same as your parent activity
This presentation was provided by Laura Morse in informing participants about progress made on the Open Discovery Initiative at the NISO Standards Update event held during ALA Midwinter, Saturday, January 25, 2020.
This presentation was given by Bobbi Patham of Springer Nature, at the NISO Annual Meeting and Standards Update on June 25. The event was held as a part of ALA Annual 2021.
Similar to Custom content provider in android (20)
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Enhancing Performance with Globus and the Science DMZGlobus
ESnet has led the way in helping national facilities—and many other institutions in the research community—configure Science DMZs and troubleshoot network issues to maximize data transfer performance. In this talk we will present a summary of approaches and tips for getting the most out of your network infrastructure using Globus Connect Server.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Le nuove frontiere dell'AI nell'RPA con UiPath Autopilot™UiPathCommunity
In questo evento online gratuito, organizzato dalla Community Italiana di UiPath, potrai esplorare le nuove funzionalità di Autopilot, il tool che integra l'Intelligenza Artificiale nei processi di sviluppo e utilizzo delle Automazioni.
📕 Vedremo insieme alcuni esempi dell'utilizzo di Autopilot in diversi tool della Suite UiPath:
Autopilot per Studio Web
Autopilot per Studio
Autopilot per Apps
Clipboard AI
GenAI applicata alla Document Understanding
👨🏫👨💻 Speakers:
Stefano Negro, UiPath MVPx3, RPA Tech Lead @ BSP Consultant
Flavio Martinelli, UiPath MVP 2023, Technical Account Manager @UiPath
Andrei Tasca, RPA Solutions Team Lead @NTT Data
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
2. What is a Content Provider?
• Store and retrieve data and make it accessible
to all applications
• Only way to share data across applications
o There's no common storage area that all Android
packages can access
• Two types of content providers
o Android's built-in content providers
o Custom content providers we create
3. Why?
• Sometimes it is required to share data across
applications. This is where content providers
become very useful.
5. Android's Built-in Content Providers
• Android ships with a number of content
providers for common data types
o audio, video, images, personal contact
information, and so on
o android.provider package
• We can query these providers for the data
they contain
6. Android's Built-in Content Providers
• Browser
o Browser bookmarks, browser history
• CallLog
o Missed calls, call details
• Contacts
o Contact details
• MediaStore
o Media files
• Settings
o Device settings and preferences
7. How do you make your data public?
• Two options
o You can create your own content provider
(extending ContentProvider class) or
o You can add the data to an existing provider — if
there's one that controls the same type of data
and you have permission to write to it.
8. Content Provider Implementation &
Usage Model
• All content providers implement a common
interface for
o querying the provider and returning results
o adding
o altering
o deleting
• How a content provider actually stores its data
under the cover is up to its designer.
• Clients access content providers indirectly through
ContentResolver
9. Data Model
• Content providers expose their data as a
simple table (like in a database) model
o Each row is a record and each column is data of a
particular type and meaning
o Every record includes a numeric _ID field that
uniquely identifies the record within the table
10. Content Provider
• Each content provider exposes a public URI
(wrapped as a Uri object) that uniquely
identifies its data set.
o A content provider that controls multiple data
sets (multiple tables) exposes a separate URI for
each one.
• All URIs for providers begin with the string
"content://".
o The “content:” scheme identifies the data as
being controlled by a content provider.
11. Built-in URI Definitions
• Android defines CONTENT_URI constants for
all the providers that come with the platform.
• For example, the URI for the table that
matches phone numbers to people and the
URI for the table that holds pictures of people
(both controlled by the Contacts content
provider) are:
android.provider.Contacts.Phones.CONTENT_URI
android.provider.Contacts.Photos.CONTENT_URI
12. URI
• The URI constant is used in all interactions
with the content provider
o Every ContentResolver method takes the URI as
its first argument.
• It's what identifies which provider the
ContentResolver should talk to and which
table of the provider is being targeted.
13. URI Structure
A: Standard prefix indicating that the data is
controlled by a content provider. It's never
modified.
B: The authority part of the URI; it identifies the
content provider.
C: The path that the content provider uses to
determine what kind of data (which table) is being
requested.
D: The ID of the specific record being requested
14. What a Query Returns
• A query returns a set of zero or more records
• The retrieved data is exposed by a Cursor
object that can be used to iterate backward or
forward through the result set.
o You can use Cursor object only to read the data.
o To add, modify, or delete data, you must use a
ContentResolver object.
18. Developing a Custom Content Provider
1. Extend the
ContentProvider
class.
2. In the onCreate()
method, create a
new instance of the
database helper
class.
20. Custom Content Provider...
Suppose, we need to provide access to 2
tables through this single content provider. As
we have only one method per CRUD
operation, we need a way to differentiate
between accesses to these two tables.
3. We need to define content URI paths to each
table. These are defined in a public final class
which can be used by both provider and user
as a contract: (see next slide)
22. Custom Content Provider...
Now comes the issue of differentiating
between paths. The idea is to match a URI and
then taking appropriate actions for the
corresponding table path.
4. Add a UriMatcher to the provider and add
expected URI patterns to it.
5. In the query() method, get the appropriate
table name from the URI.
24. Custom Content Provider...
6. Now write the actual query method:
• You should add this URI to notification
observables by calling setNotificationUri() so that
if this cursor is directly used in a ListView,
updating or inserting or deleting data in the table
represented by this URI would notify the ListView
of this data change
25. Custom Content Provider...
7. insert, update and delete methods are
similar.
• insert() returns the Uri with the newly inserted ID
appended.
• update() and delete() returns the number of
rows affected.
• You should call
notifyChangeToContentObservers(uri); before
returning from these methods.
26. Custom Content Provider...
We need to provide MIME type of the data returned by a URI.
8. The overridden method getType(Uri uri) needs to be
filled-in.
– For content URIs that point to a row or rows of table data, getType()
should return a MIME type in Androids vendor-specific MIME format:
• Type part: vnd
• Subtype part:
– If the URI pattern is for a single row: android.cursor.item/
– If the URI pattern is for more than one row: android.cursor.dir/
• Provider-specific part: vnd.<name>.<type>
– You supply the <name> and <type>.
– The <name> value should be globally unique, and the <type> value should be
unique to the corresponding URI pattern.
– A good choice for <name> is your companys name or some part of your
applications Android package name.
– A good choice for the <type> is a string that identifies the table associated with
the URI.
30. Custom Content Provider...
10. Finally, we need to define permissions for
applications who wish to access the
provider.
Different forms of permissions:
• Single read-write provider-level permission
– One permission that controls both read and write access to the
entire provider, specified with the android:permission attribute of the
<provider> element in manifest.xml.
• Separate read and write provider-level permission
– A read permission and a write permission for the entire provider.
– Specified with the android:readPermission and
android:writePermission attributes of the <provider> element.
– They take precedence over the permission required by
android:permission.
31. Custom Content Provider...
• Path-level permission
– Read, write, or read/write permission for a content
URI in your provider.
– You specify each URI you want to control with a
<path-permission> child element of the <provider>
element.