django forms are becoming disconnected form the frontend as we move towards API heavy systems. We attempt to bridge the gap by delivering form definition over API, render it in the frontend dynamically using Backbone & Handlebars, provide mechanism for submitting & validating forms over API.
Python supports multiple programming paradigms, including object-oriented, imperative and functional programming or procedural styles. It features a dynamic type system and automatic memory management and has a large and comprehensive standard library.
A slightly modified version of original "An introduction to Python
for absolute beginners" slides. For credits please check the second page. I used this presentation for my school's internal Python course. thank you forviewing
Provides an introductory level understanding of the Python Programming Language and language features. Serves as a guide for beginners and a reference to Python basics and language use cases.
Python supports multiple programming paradigms, including object-oriented, imperative and functional programming or procedural styles. It features a dynamic type system and automatic memory management and has a large and comprehensive standard library.
A slightly modified version of original "An introduction to Python
for absolute beginners" slides. For credits please check the second page. I used this presentation for my school's internal Python course. thank you forviewing
Provides an introductory level understanding of the Python Programming Language and language features. Serves as a guide for beginners and a reference to Python basics and language use cases.
C# - Constants and Literals. The constants refer to fixed values that the program may not alter during its execution. These fixed values are also called literals. Constants can be of any of the basic data types like an integer constant, a floating constant, a character constant, or a string literal.
This is a good opportunity for those who want to learn Selenium and wondering where to start from. This presentation covers the topics related to Selenium IDE and locators. This would help in understanding the more complex Selenium Webdriver that will be taken up in next session.
As the API Integrations Specialist at iQmetrix, I’m a frequent user of Postman. Postman has helped me streamline our onboarding and integration processes. Working with pre-request scripts, I can create environment templates that can be quickly updated with the environment variables required for the rest of the flow. I have designed Postman Collections that include both iQmetrix and partner APIs, allowing me to work with the Postman Collection Runner. With these processes in place, tasks that once took hours now only take a few minutes to complete. Using these sharable tools, I am able to create resources, share them with other teams, and create clear documentation with examples for use in client training scenarios.
This intermediate-level Postman training is geared specifically for API testers and other stakeholders invested in the health of your APIs, including product managers, business managers, DevOps practitioners, and more.
“Continuous quality” is a holistic mindset for API testing, and in this session, we’ll discuss continuous quality principles as we walk through some advanced testing workflows and recommended practices for testing in Postman.
PHP string function helps us to manipulate string in various ways. There are various types of string function available. Here we discuss some important functions and its use with examples.
Life in a Queue - Using Message Queue with djangoTareque Hossain
Brief introduction on message queue and how its relevant in web applications
How to tell if your web application could benefit from message queue
Common example of tasks that could benefit from message queues
Choosing a broker/protocol
What broker/protocol PBS Education chose and why
Message queue solution architecture
Brief introduction on celery/carrot
Writing a message queue task using celery
How to invoke a message queue taks
What happens when you invoke a task (walk through architecture)
How to write tasks efficiently
What are the things that are good to know when writing tasks (things we experienced at PBS Education)
C# - Constants and Literals. The constants refer to fixed values that the program may not alter during its execution. These fixed values are also called literals. Constants can be of any of the basic data types like an integer constant, a floating constant, a character constant, or a string literal.
This is a good opportunity for those who want to learn Selenium and wondering where to start from. This presentation covers the topics related to Selenium IDE and locators. This would help in understanding the more complex Selenium Webdriver that will be taken up in next session.
As the API Integrations Specialist at iQmetrix, I’m a frequent user of Postman. Postman has helped me streamline our onboarding and integration processes. Working with pre-request scripts, I can create environment templates that can be quickly updated with the environment variables required for the rest of the flow. I have designed Postman Collections that include both iQmetrix and partner APIs, allowing me to work with the Postman Collection Runner. With these processes in place, tasks that once took hours now only take a few minutes to complete. Using these sharable tools, I am able to create resources, share them with other teams, and create clear documentation with examples for use in client training scenarios.
This intermediate-level Postman training is geared specifically for API testers and other stakeholders invested in the health of your APIs, including product managers, business managers, DevOps practitioners, and more.
“Continuous quality” is a holistic mindset for API testing, and in this session, we’ll discuss continuous quality principles as we walk through some advanced testing workflows and recommended practices for testing in Postman.
PHP string function helps us to manipulate string in various ways. There are various types of string function available. Here we discuss some important functions and its use with examples.
Life in a Queue - Using Message Queue with djangoTareque Hossain
Brief introduction on message queue and how its relevant in web applications
How to tell if your web application could benefit from message queue
Common example of tasks that could benefit from message queues
Choosing a broker/protocol
What broker/protocol PBS Education chose and why
Message queue solution architecture
Brief introduction on celery/carrot
Writing a message queue task using celery
How to invoke a message queue taks
What happens when you invoke a task (walk through architecture)
How to write tasks efficiently
What are the things that are good to know when writing tasks (things we experienced at PBS Education)
An advanced forms presentation given with Miguel Araujo (marajop) at DjangoCon 2011. The transcript and slides is aimed at getting into Django Core, and Jacob Kaplan-Moss has stated this is his plan.
AEP provides a range of options for developing web applications. Understanding these options, their strengths and the decision making process involved in choosing the right strategy is key to leveraging the power of the platform and ensuring you achieve your goals and do so on schedule. From simple reporting protocols developed exclusively using Pipeline Pilot through to Rich Internet Applications built using JavaScript and ExtJS, we'll take a look at the work involved, required skillsets and time considerations to ensure you make the right choice for your project.
This sessions if for everybody that always wanted to know about SharePoint development, but didn’t have anyone to ask, or didn’t have opportunity to try on their own. We’ll show how to start with SharePoint development, what API to use, when to use client API, is server side object model deprecated, how to setup development environment and more tips & tricks which are not usually mentioned.
Server and client rendering of single page appsThomas Heymann
How we built a micro-service for Wish List that renders a shared client/server-side single page app and what we've learned along the way.
Source for View Assembler mentioned in the talk on GitHub:
http://github.com/NET-A-PORTER/backbone-assembler
One of the greatest challenges to developing an API is ensuring that your API lasts. After all, you don’t want to have to release and manage multiple versions of your API just because you weren’t expecting users to use it a certain way, or because you didn’t anticipate far enough down the roadmap. In this session, we’ll talk about the challenge of API Longevity, as well as ways to increase your API lifecycle including having a proper mindset, careful design, agile user experience and prototyping, best design practices including hypermedia, and the challenge of maintaining persistence.
The future of web development write once, run everywhere with angular.js and ...Mark Roden
This slide deck was used in support of BTE 102 - The future of web development write once, run everywhere with angular.js and domino at IBMConnectED 2015
Presentation was given with Mark Leusink
How to Connect to Any REST API (Without Writing Any Code)Safe Software
REST APIs are supposed to be easy to build and use – so why are they so complicated to figure out?
There’s a lot to think about when it comes to APIs. The different methods of authentication, error handling, security, and the coding required.
If you’ve ever felt intimidated by APIs and how to connect to your preferred application, we can help. Because ultimately, APIs can make you operate more efficiently, provide opportunities for automation, give you access to new data, and make your enterprise more agile.
With FME, you get all the benefits of APIs without ever having to code. It’s one of the most customizable solutions. Learn how to get started in this webinar.
Presented at djangocon 2011. Covers best practices for designing/ building RESTful APIs. Discusses the enhanced version of django-piston used by PBS Education.
Kernel Multiplexer or KMux is a system call interposition framework that intercepts the communciation between user and kernel space in order to extend, enhance or replace kernel extensions. It has very low overhead and can be configured to achieve fine grained control over individual processes in a system.
Project presentation on a module built to provide communication between Linux and Composite, an experimental OS in development at GWU Computer Science Dept.
My presentation on the paper: Xen and the Art of Virtualization by Paul Barham, Boris Dragovic, Keir Fraser, Steven Hand, Tim Harris, Alex Ho, Rolf Neugebauer, Ian Pratt, Andrew Warfield. Prepared for CSCI 297 - Advanced Operating System at GWU, Spring 2010
DjangoCon 2009: Lightning Talk presentation on django-config, a simple architecture to incorporate multiple configurations in django.
Check out the project from github: http://bit.ly/django-config
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
3. Lets talk about forms
django Forms
And how we can use them in
this day & age of APIs!
4. What can you expect…
• What’s wrong with forms as it is
• How we use forms
• Issues using form in an API
world
• Approaches for tackling the
issues
• The solution
5. The good old days..
• Write up some HTML
• Throw some fancy template tags in
there
{{ my_awesome_form.as_p }}
• WIN
8. Nuevo mundo..
• Django forms live on API server
– Validates/ saves API requests
– Doesn’t get rendered via template
• You’ve been writing forms in the
frontend
– Hardcoded HTML
– Trying to match up data that API expects
9. API Clients
• Your website no longer lives on the same
application space as the API
• Common API clients
– A JavaScript MVC powered website
– An android app
– An iOS app
11. The Issue
• You can serve most platforms with an
HTML app
– Write form in HTML on your webapp
• If you write native application for mobile
– You recreate forms using the interfaces
available
12. The Issue
• These interfaces you write
– Don’t have any idea about the django
forms residing on the API server
– Only know what data to collect when you
explicitly code them on each device
• There’s a disconnect
13. Houston we have a problem..
http://epicdemotivational.com/tag/beer/page/2/
15. Lets take a step back
ˈ rm (noun)
fȯ
a printed or typed document with
blank spaces for insertion of
required or requested information
Entry #4 at http://www.merriam-webster.com/dictionary/form
16. In the world of HTML
Part of an HTML document with input
interfaces for inserting required or
requested information
17. In the world of web apps
• A form is the interface we provide the
application user to collect information
• It’s essential to any application where we
collect data
19. django Forms
• A construct that:
– Binds data (request.POST)
– Validates data (clean)
– Processes data (save)
– Renders interface (as_p)
20. django Forms
• ModelForm
– Turns your model into a form
– Easiest way to get an interface for your
data
• Widgets
– Define specific properties for interface
element
– Separates presentation from data types
21. Why not just render via template?
You can’t if:
– You only use django to power your API and
the consumers are arbitrary
– You run several django API servers each
dealing with different data space
22. Think about this architecture
Profile API
Analytics API
Content API
Admin App
User App
23. Your services are distributed
• Web applications we design are
increasingly becoming:
– Separated between presentation and data
layer via API
– Dependent on multiple API endpoints
– Rich and complex in interface
24. Your services are distributed
• Your site content is retrieved using the
Content API
– You collect user feedback on content using
forms
– You provide admin interface to manage
content using forms
25. Your services are distributed
• Information for users are stored and
retrieved using Profile API
– You allow log in, creation and update of
profiles using forms
– You provide admin interface to manage
profiles using forms
26. Your services are distributed
• Site performance and user traffic is
recorded to Analytics API
– You provide admin interface to access and
create custom reports using forms
27. Think again.
Profile API
Analytics API
Content API
Admin App
User App
28. The Issue (contd.)
• At WiserTogether we love APIs & have
a similar distributed setup
• We’ve been hardcoding forms in the
frontend, collecting data and sending to
API
29. The Issue (contd.)
• Whenever a data point in the backend
changed, we had to update the form
• We have multiple clients who require
different set of fields present on
registration forms
– Again, hardcoding in frontend
31. What to do..
• django forms is used to validate and
process our API data
• We wanted django forms to
determine our frontend interface
– But it was completely agnostic about
backend forms!
32. What to do..
• Deliver form definition over API
• Render interface in the frontend from
the retrieved definition
– No more hardcoding
– Forms in the user facing application
changes as soon as backend form
changes
33. What to do..
• Adjust form in whatever way
necessary
– Add/ remove fields from registration
form
– Frontend renders form exactly the way
you want
– No code change necessary in frontend
34. What to do..
• Contain form definition in one spot
• Allow a single central point to control
interface on all applications
• Allow different API consumers to
retrieve form definition
– And render interface appropriate for the
platform or device
37. Step 2
• Devise methods to handle the
following over API:
– Deliver form definition
– Receive form data
– Validate form and deliver errors
– If valid save the form
38. Step 3
• Handle forms in the frontend using
API data
– Render form
– Submit data
– If not valid, then display errors
– If valid, then display success
message, reload page or redirect as
necessary
40. django Remote Forms
• Extracts all information from a given
django form or model form instance
• Goes through each field & widget to
extract all necessary information
• Presents the information as
dictionary for further manipulation &
easy serialization into JSON
43. Step 2
• Devise methods to handle the
following over API:
– Deliver form definition
– Receive form data
– Validate form and deliver errors
– If valid save the form
44.
45. Points to Ponder
• Handle CSRF yourself of using X-
CSRFToken
– django CSRF middleware is not JSON
friendly
• Encapsulate form processing in save
method, similar to Model Form
46. Step 3
• Handle forms in the frontend using
API data
– Render form
– Submit data
– If not valid, then display errors
– If valid, then display success
message, reload page or redirect as
necessary
47. HTML/JS/CSS Implementation
• We created a set of rendering and
data handling tools for the frontend
using:
• In future, we’ll be working towards
iOS implementations as well
48. Backbone Form Handler
• Renders forms based on definition
received over API
• Uses Handlebars template for
rendering:
– Core form structure (form tag, fields
container, global errors)
– Field & widget structure (help text, errors)
• Error rendering
49. Backbone Form Handler
• Allows instant validation
– Similar to autocomplete
– Field can be validated as soon as you
move to next one
• Allows preloading of data
• Disallow editing of fields
– Including selects, radio and checkboxes
• Provide submit buttons (if not supplied)
51. Sample Backbone View
Instantiate
form model
Instantiate
form view
Initiate rendering
by fetching the
form definition
52.
53. django Remote Admin
• A reviewer expressed interest
– Use remote forms to expose django admin
interface over API
• So I implemented a set of API endpoints
– Exposes django admin app/model/instance
data
– Exposes admin forms
• And wrote a backbone app implementing
django admin
54. Goals of django Remote Admin
• Allow administration of django
projects over API
• No more ties to the same old
interface!
• Use awesome Handlebars snippets of
your own to spice up the interface
55. How does it work?
• Cycle through admin site registry
– Extract app/model info and expose over
API
• Create ModelForm from the model
– Expose over API using django remote
forms
• The backbone app calls the API
– Allows browsing apps/ models
– Allows creating/editing model instances
56. Further Work
• django Remote Forms
– Implement file/ image uploading over
API
• django Remote Admin
– Load form/widget customizations from
Admin classes
– Implement pagination for foreign key
loader
57. Demo
• Ask me about WiserTogether
– github.com/WiserTogether/django-remote-forms
– github.com/tarequeh/django-remote-admin
• Follow my tweets @tarequeh
• Shout out to Carlo Costino
• ind this presentation
– slideshare.net/tarequeh
58. Q/A
• Ask me about WiserTogether
– github.com/WiserTogether/django-remote-forms
– github.com/tarequeh/django-remote-admin
• Follow my tweets @tarequeh
• Shout out to Carlo Costino
• ind this presentation
– slideshare.net/tarequeh
Editor's Notes
We are a small health care startup and we provide a platform through which users can make better decisions about their healthcare options
But we are here today to talk about forms, particularly django forms.
I’ll discuss the following things..
Remember the times when the only form on your site was a comments page?
Here we see He-Man riding warrior pony serving API using django and says I give you API! And all the consumers love it
But the problem of reproducing forms on the frontend is much more than not being able to render it via django template
Here’s a clear manifestation of forms on different platforms. On the far right we have the login/registration form on Twitter’s homepage, which is strikingly similar to the interfaces on these devices!
So let’s get back to the issue of form rendering
This is a simple authentication form that asks for your email and password, has a few clean methods to distill the data and some additional helper methods
LOVE django forms
ModelForms and Widgets are two great aspect of django, one promotes DRY and the other provides separation of logic
And much more
3 independent django projects and 2 independent webapps
And much more
And much more
And much more
And much more
And much more
More hardcoding to accommodate different versions of the same form
More hardcoding to accommodate different versions of the same form
More hardcoding to accommodate different versions of the same form
Let’s go over each of the steps in detail..
And our solution…
I want to emphasize on the fact that I’m not a big fan of sending HTML over API. Particularly not for forms, since the consumer of the API may or may not render the form using HTML
Lets take a look at what a view capable of providing such API functionalities look like. I promise it’s not too complex.
Finally step 3
So we went ahead and implemented a solution for the web applications
The primary construct that’s responsible for managing the remote forms is a special Backbone model/view combo that we call the Backbone Form Handler
Lets take a look at the handelbars part of this solution
As you can see, we are using little snippets of Handlebars for different form fields. Similar to form widgets.
More hardcoding to accommodate different versions of the same form
Please feel free to use the examples in any way that suits your needs. They are not meant to be out of the box solution and currently doesn’t have much documentation
Please feel free to use the examples in any way that suits your needs. They are not meant to be out of the box solution and currently doesn’t have much documentation