It can be complicated learning the ins and outs of any technology stack. When this complexity is compounded by needing to understand how to secure our applications, it can be daunting.
In this talk we will discuss how to rapidly and correctly apply Spring Security to an existing application. Along the way we will demo security exploits and see how to mitigate them, answer frequently asked questions, and learn established best practices.
Whether you are new to Spring Security or a seasoned Spring Security user, this presentation is a must.
It can feel overwhelming to try to improve these situations, but it can be done. In this talk, we will look at the tools and techniques to take an existing legacy application with no automation and no operational insight, and bring it fully into a complete DevOps solution.
Por: Jummy Bogard
How fast can you onboard a new team member with VAGRANT ?Vivek Parihar
As the number of developers on a project, the number of projects in an Organization, or the complexity of a single project increases, it also becomes increasingly difficult to keep our development environments operational. From changing dependencies and differing server versions to running completely different operating systems specially windows machines of FrontEnd team, keeping the process of getting a running development environment sane and repeatable is non-trivial.
Getting the development environments identically setup can be a huge undertaking. On top of that, some people use Mac while others Use Linux or Windows. Before you know it, developers will be throwing computers through walls exhausted from constantly configuring and configuring. Windows machine devs yelling WTF is this Imagemagick , people using Mac asking which is better macports vs homebrew vs fink.
Vagrant solves all of this by introducing a common configuration format and workflow for describing and building development environments repeatably across Mac OS X, Windows, or Linux.
At some point, the code you write today will be deleted and replaced with something new. This talk will discuss the life cycle of a large code base, and how to manage it over time to accommodate rewrites, giving examples from a major rewrite of the Firefox build and release pipeline over the last two years. You'll learn how to replace components of a running distributed system while keeping it operational, the proverbial replacing the wing of an airplane in flight.
I am a passionate reader of topics on new trends and best practices in software development. In my spare time, i like to read essays, listen podcasts, view webinars and examine source code of other developers, in order to learn from them.
Every time I find a quote that proves motivating for me and other developers, I try to save it, and then share it with my friends and classmates.
This work is a collection of twenty quotations that have impacted positively on my work style and way of thinking. The order they are published do not due to any selection criteria, it's just the order they were read and filed.
It can be complicated learning the ins and outs of any technology stack. When this complexity is compounded by needing to understand how to secure our applications, it can be daunting.
In this talk we will discuss how to rapidly and correctly apply Spring Security to an existing application. Along the way we will demo security exploits and see how to mitigate them, answer frequently asked questions, and learn established best practices.
Whether you are new to Spring Security or a seasoned Spring Security user, this presentation is a must.
It can feel overwhelming to try to improve these situations, but it can be done. In this talk, we will look at the tools and techniques to take an existing legacy application with no automation and no operational insight, and bring it fully into a complete DevOps solution.
Por: Jummy Bogard
How fast can you onboard a new team member with VAGRANT ?Vivek Parihar
As the number of developers on a project, the number of projects in an Organization, or the complexity of a single project increases, it also becomes increasingly difficult to keep our development environments operational. From changing dependencies and differing server versions to running completely different operating systems specially windows machines of FrontEnd team, keeping the process of getting a running development environment sane and repeatable is non-trivial.
Getting the development environments identically setup can be a huge undertaking. On top of that, some people use Mac while others Use Linux or Windows. Before you know it, developers will be throwing computers through walls exhausted from constantly configuring and configuring. Windows machine devs yelling WTF is this Imagemagick , people using Mac asking which is better macports vs homebrew vs fink.
Vagrant solves all of this by introducing a common configuration format and workflow for describing and building development environments repeatably across Mac OS X, Windows, or Linux.
At some point, the code you write today will be deleted and replaced with something new. This talk will discuss the life cycle of a large code base, and how to manage it over time to accommodate rewrites, giving examples from a major rewrite of the Firefox build and release pipeline over the last two years. You'll learn how to replace components of a running distributed system while keeping it operational, the proverbial replacing the wing of an airplane in flight.
I am a passionate reader of topics on new trends and best practices in software development. In my spare time, i like to read essays, listen podcasts, view webinars and examine source code of other developers, in order to learn from them.
Every time I find a quote that proves motivating for me and other developers, I try to save it, and then share it with my friends and classmates.
This work is a collection of twenty quotations that have impacted positively on my work style and way of thinking. The order they are published do not due to any selection criteria, it's just the order they were read and filed.
Javaland 2017: "You´ll do microservices now". Now what?André Goliath
The slides for my talk at JavaLand 2017. Note: The slides are in english, only the title is german. The talk is all about do's and dont's in microservice landscapes.
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsYevgeniy Brikman
"All happy cloud deployments are alike; each unhappy cloud deployment is unhappy in its own way." — Leo Tolstoy, Site Reliability Engineer
At Gruntwork, I've had the chance to see the cloud adoption journeys of hundreds of companies, from tiny startups to Fortune 50 giants. I've seen those journeys go well. I've seen those journeys go poorly. In this talk, I discuss a few of the ways cloud adoption can go horribly wrong (massive cost overruns, endless death marches, security disasters), and more importantly, how you can get it right.
To help you get it right, we looked at the cloud journeys that were successful and extracted from them the patterns they had in common. We distilled all this experience down into something called the Gruntwork Production Framework, which defines five concrete steps you can follow to adopt the cloud at your own company—and hopefully, to end up with your very own happy cloud deployment.
Node.js has become one of the main tools developers use to create backends for their web apps. Read on to get some tips on how to make the most of this framework.
Node.js has become one of the main tools developers use to create backends for their web apps. Read on to get some tips on how to make the most of this framework.
https://www.solutionanalysts.com/blog/8-valuable-tips-to-master-best-code-practices-in-node-js/
From JavaSpaces, JINI and GigaSpaces to SpringBoot, Akka – reactive and microservice pitfalls.
http://blog.mitemitreski.com/2014/11/java2days-2014-from-javaspaces-jini-and.html#.VHPK7x9jOCg
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf
The quick rise of Continuous Delivery in the enterprise means that common problems are often approached the other way round. Concepts like Feature Flags and Testing In Production caused several headaches to developers and QA engineers, especially where they have a wealth of experience about traditional development.
There are some challenges and approaches which are very common, and they still scare newcomers. Let's have a look at a few of these, with the most common solutions.
Release software is no less important than activities that precede it.
The Continuous Delivery is a set of practices and methodologies that build an ecosystem for the software development lifecycle.
We will see how to build this ecosystem around the applications developed, for which this release activities becomes a low-risk, inexpensive, fast and predictable.
Erik Costlow, Product Evangelist at Contrast Security, was Oracle's principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. He is working to broaden this approach to security with Contrast Security. Before becoming involved in technology, Erik was a circus performer who juggled fire on a three-wheel vertical unicycle.
Microsoft Vulnerability Research - How to be a finder as a vendorJeremy Brown
You may think of Microsoft as a company that fixes vulnerabilities, but we frequently find security issues in other vendors’ products as well. Microsoft Vulnerability Research (MSVR) was created to help ensure that our company demonstrates the same behavior, in the role of a finder, that we’d like to see from other companies and researchers from all over the world. We make sure that our reports are complete and accurate and communicated securely and effectively to the right place. This presentation will cover how and why MSVR was created, an in-depth look at our operations and what we’ve learned so far with this program. We’ll also discuss how your company can have a centralized program to do the same. We’ll finish things off with a run through of an example vulnerability that one of our finders discovered, reported through MSVR, and what is was like working to get it fixed with an advisory we released thereafter.
MS Experiences 17 - Xamarin: Future of Mobile DevelopmentJames Montemagno
Xamarin enabled C # developers to become native iOS, Android, and Windows mobile app developers overnight. In this session, learn how to leverage your existing .NET and C # skills to create iOS and Android mobile apps in Visual Studio with Xamarin. In addition to allowing you to write your iOS and Android apps in C #, Xamarin lets you reuse existing .NET libraries and share your business logic across iOS, Android, and Windows apps. During this session we cover the Xamarin platform and how to create native iOS, Android, and Windows apps in C #. See what is new and next for Xamarin development inside of Visual Studio. Moreover, we focus on the code, with several live coding adventures throughout the entire session and showing you the latest and greatest in native cross-platform development.
CODE BLUE 2014 : Microsoft Vulnerability Research: How to be a Finder as a Ve...CODE BLUE
Here at Microsoft, our people often find security issues in other vendors' products, fueling the need for a coordinated approach to working with those vendors to get those bugs fixed. Microsoft Vulnerability Research (MSVR) was created to help ensure that our company demonstrates the same management, in the role of a finder, that we'd like to see from other companies and researchers when reporting vulnerabilities. MSVR has played an important role working with internal bug hunters to fix many vulnerabilities in top software during the lifetime of this proactive program. After you know how we work, you how you can start a vulnerability coordination program at your company too.
Javaland 2017: "You´ll do microservices now". Now what?André Goliath
The slides for my talk at JavaLand 2017. Note: The slides are in english, only the title is german. The talk is all about do's and dont's in microservice landscapes.
Cloud adoption fails - 5 ways deployments go wrong and 5 solutionsYevgeniy Brikman
"All happy cloud deployments are alike; each unhappy cloud deployment is unhappy in its own way." — Leo Tolstoy, Site Reliability Engineer
At Gruntwork, I've had the chance to see the cloud adoption journeys of hundreds of companies, from tiny startups to Fortune 50 giants. I've seen those journeys go well. I've seen those journeys go poorly. In this talk, I discuss a few of the ways cloud adoption can go horribly wrong (massive cost overruns, endless death marches, security disasters), and more importantly, how you can get it right.
To help you get it right, we looked at the cloud journeys that were successful and extracted from them the patterns they had in common. We distilled all this experience down into something called the Gruntwork Production Framework, which defines five concrete steps you can follow to adopt the cloud at your own company—and hopefully, to end up with your very own happy cloud deployment.
Node.js has become one of the main tools developers use to create backends for their web apps. Read on to get some tips on how to make the most of this framework.
Node.js has become one of the main tools developers use to create backends for their web apps. Read on to get some tips on how to make the most of this framework.
https://www.solutionanalysts.com/blog/8-valuable-tips-to-master-best-code-practices-in-node-js/
From JavaSpaces, JINI and GigaSpaces to SpringBoot, Akka – reactive and microservice pitfalls.
http://blog.mitemitreski.com/2014/11/java2days-2014-from-javaspaces-jini-and.html#.VHPK7x9jOCg
WinOps Conf 2016 - Matteo Emili - Development and QA Dilemmas in DevOpsWinOps Conf
The quick rise of Continuous Delivery in the enterprise means that common problems are often approached the other way round. Concepts like Feature Flags and Testing In Production caused several headaches to developers and QA engineers, especially where they have a wealth of experience about traditional development.
There are some challenges and approaches which are very common, and they still scare newcomers. Let's have a look at a few of these, with the most common solutions.
Release software is no less important than activities that precede it.
The Continuous Delivery is a set of practices and methodologies that build an ecosystem for the software development lifecycle.
We will see how to build this ecosystem around the applications developed, for which this release activities becomes a low-risk, inexpensive, fast and predictable.
Erik Costlow, Product Evangelist at Contrast Security, was Oracle's principal product manager for Java 8 and 9, focused on security and performance. His security expertise involves threat modeling, code analysis, and instrumentation of security sensors. He is working to broaden this approach to security with Contrast Security. Before becoming involved in technology, Erik was a circus performer who juggled fire on a three-wheel vertical unicycle.
Microsoft Vulnerability Research - How to be a finder as a vendorJeremy Brown
You may think of Microsoft as a company that fixes vulnerabilities, but we frequently find security issues in other vendors’ products as well. Microsoft Vulnerability Research (MSVR) was created to help ensure that our company demonstrates the same behavior, in the role of a finder, that we’d like to see from other companies and researchers from all over the world. We make sure that our reports are complete and accurate and communicated securely and effectively to the right place. This presentation will cover how and why MSVR was created, an in-depth look at our operations and what we’ve learned so far with this program. We’ll also discuss how your company can have a centralized program to do the same. We’ll finish things off with a run through of an example vulnerability that one of our finders discovered, reported through MSVR, and what is was like working to get it fixed with an advisory we released thereafter.
MS Experiences 17 - Xamarin: Future of Mobile DevelopmentJames Montemagno
Xamarin enabled C # developers to become native iOS, Android, and Windows mobile app developers overnight. In this session, learn how to leverage your existing .NET and C # skills to create iOS and Android mobile apps in Visual Studio with Xamarin. In addition to allowing you to write your iOS and Android apps in C #, Xamarin lets you reuse existing .NET libraries and share your business logic across iOS, Android, and Windows apps. During this session we cover the Xamarin platform and how to create native iOS, Android, and Windows apps in C #. See what is new and next for Xamarin development inside of Visual Studio. Moreover, we focus on the code, with several live coding adventures throughout the entire session and showing you the latest and greatest in native cross-platform development.
CODE BLUE 2014 : Microsoft Vulnerability Research: How to be a Finder as a Ve...CODE BLUE
Here at Microsoft, our people often find security issues in other vendors' products, fueling the need for a coordinated approach to working with those vendors to get those bugs fixed. Microsoft Vulnerability Research (MSVR) was created to help ensure that our company demonstrates the same management, in the role of a finder, that we'd like to see from other companies and researchers when reporting vulnerabilities. MSVR has played an important role working with internal bug hunters to fix many vulnerabilities in top software during the lifetime of this proactive program. After you know how we work, you how you can start a vulnerability coordination program at your company too.
Async Debugging A Practical Guide to survive !Mirco Vanini
The speech talk about the specialised tools inside visual studio to survive from async code bugs with special look about how to write a right async code
Async Debugging - A Practical Guide to survive !Mirco Vanini
The speech talk about the specialised tools inside visual studio to survive from async code bugs with special look about how to write a right async code
An introduction about how to migration from .NET Full FW to .NET Core 3.0 for your WPF & Windows Forms applications and the incrementally modernizing with Windows 10 features
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Goodbye Windows 11: Make Way for Nitrux Linux 3.5.0!SOFTTECHHUB
As the digital landscape continually evolves, operating systems play a critical role in shaping user experiences and productivity. The launch of Nitrux Linux 3.5.0 marks a significant milestone, offering a robust alternative to traditional systems such as Windows 11. This article delves into the essence of Nitrux Linux 3.5.0, exploring its unique features, advantages, and how it stands as a compelling choice for both casual users and tech enthusiasts.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Dr. Sean Tan, Head of Data Science, Changi Airport Group
Discover how Changi Airport Group (CAG) leverages graph technologies and generative AI to revolutionize their search capabilities. This session delves into the unique search needs of CAG’s diverse passengers and customers, showcasing how graph data structures enhance the accuracy and relevance of AI-generated search results, mitigating the risk of “hallucinations” and improving the overall customer journey.
Debugger Tips and Tricks for .Net developers with Microsoft Visual Studio 2017
1. saturday 2018
DEBUGGER TIPS AND TRICKS FOR .NET
DEVELOPERS WITH MICROSOFT VISUAL
STUDIO 2017
Mirco Vanini
#vssatpn
2. INTRO
“Everyone knows that debugging is twice as hard as writing a program in
the first place. So if you're as clever as you can be when you write it, how
will you ever debug it?”
Brian Kernighan, Computer Scientist
“As soon as we started programming, we found to our surprise that it wasn't
as easy to get programs right as we had thought. Debugging had to be
discovered. I can remember the exact instant when I realized that a large
part of my life from then on was going to be spent in finding mistakes in my
own programs.”
Sir Maurice Wilkes, Computer Scientist
4. PERFTIPS
Quickly measure time between breaks
Excludes major debugger related overhead
Time stopped under the debugger (e.g. stopped at a breakpoint)
Symbol loading
Etc.
Best suited for order of magnitude measurements
Greatest accuracy on CLR 4.6 and Windows 10
http://blogs.msdn.com/b/visualstudioalm/archive/2014/08/18/perftips-performance-information-at-a-glance-while-
debugging-with-visual-studio.aspx
8. DEMO
UI Debugging Tools for XAML
Inspect the live visual tree while
debugging
> Updates in real time
> Jump to source
Live property explorer
> See any element’s properties in real
time
Selection by clicking on the app
9. DEMO
Diagnostic Tools window
Memory and CPU graphs
Memory tooling
Debugger break event history
Output window content*
IntelliTrace events*
*Enterprise SKU only
10. WHO I AM
Mirco Vanini
Microsoft® MVP Windows Development
AllSeen Alliance - AllJoyn® Ambassador
Open Connectivity Foundation - OCF® Ambassador
www.proxsoft.it
info@proxsoft.it
@MircoVanini