1) When a user enters a website address like Facebook into their browser, their computer first looks up the IP address of the domain name using DNS.
2) It then sends an HTTP request over TCP/IP to the web server's IP address through multiple network hops using routing protocols like BGP.
3) The web server receives the request, processes it, and sends an HTTP response back to the user's computer containing the requested content.
This document discusses client-server interaction on the internet. It describes common protocols like IP addresses, MAC addresses, DNS, HTTP, and HTTPS. It provides examples of HTTP requests and responses. It also covers cookies and how they are used to maintain state between requests.
The document provides an overview of web technologies, including:
- The basic client-server model of the web where clients (browsers) make HTTP requests to servers, which return data like web pages.
- Key aspects of HTTP requests and responses like headers, status codes, and encoding of returned HTML content.
- How the client-server communication is repeated for each file that makes up a full web page.
This document provides instructions for installing Debian Lenny 5.0 on a computer. It outlines the steps to choose the language and location during setup, configure the computer hostname and clock, partition the disk for installation, set passwords for the root and regular user accounts, choose standard software selection, and install the GRUB boot loader. The installation process involves answering prompts at each step to complete the configuration.
This document provides steps and recommendations for conducting anonymous and secure online activities. It recommends using Tor-based email providers and PGP encryption. It also discusses using VPNs and virtual private servers (VPS) accessed via Remote Desktop Protocol (RDP). It recommends anonymizing payments with cryptocurrencies like Bitcoin and Monero. It provides links for encrypting devices and data, spoofing hostnames, and using the Tails operating system to conduct activities privately from a USB drive.
The document discusses the 7-Zip file compression utility. It provides instructions on how to install and use 7-Zip on Linux distributions like Ubuntu and Fedora. Key points include:
- 7-Zip is not installed by default on Linux but can be installed using package managers or by downloading installers.
- The commands to use 7-Zip may differ across distributions, such as 7zr for Ubuntu and 7za for Fedora.
- 7-Zip provides high compression levels and supports various compression algorithms like LZMA, but can be slower than other utilities for maximum compression.
- Other Linux utilities like Tar can also compress files but provide lower compression levels than 7-Zip.
Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...Leonel Morgado
The document discusses session support in the HTTP protocol. It provides examples of HTTP requests and responses between a client and amazon.co.uk website. The responses set cookies to manage the session and client state, including session IDs and expiration times. Related readings are listed on HTTP, cookieless ASP.NET, and HTTP state management mechanisms.
Rawnet Lightning talk 'How the Internet Works'Rawnet
The document discusses how the internet works by explaining that it is a decentralized global network of computers created by DARPA in the 1960s. It then describes how loading a website involves opening a socket to the server and sending an HTTP request, which is routed using DNS to map domain names to IP addresses and routing protocols to direct traffic between networks. Content delivery networks are also mentioned as optimizing website load times.
This document discusses client-server interaction on the internet. It describes common protocols like IP addresses, MAC addresses, DNS, HTTP, and HTTPS. It provides examples of HTTP requests and responses. It also covers cookies and how they are used to maintain state between requests.
The document provides an overview of web technologies, including:
- The basic client-server model of the web where clients (browsers) make HTTP requests to servers, which return data like web pages.
- Key aspects of HTTP requests and responses like headers, status codes, and encoding of returned HTML content.
- How the client-server communication is repeated for each file that makes up a full web page.
This document provides instructions for installing Debian Lenny 5.0 on a computer. It outlines the steps to choose the language and location during setup, configure the computer hostname and clock, partition the disk for installation, set passwords for the root and regular user accounts, choose standard software selection, and install the GRUB boot loader. The installation process involves answering prompts at each step to complete the configuration.
This document provides steps and recommendations for conducting anonymous and secure online activities. It recommends using Tor-based email providers and PGP encryption. It also discusses using VPNs and virtual private servers (VPS) accessed via Remote Desktop Protocol (RDP). It recommends anonymizing payments with cryptocurrencies like Bitcoin and Monero. It provides links for encrypting devices and data, spoofing hostnames, and using the Tails operating system to conduct activities privately from a USB drive.
The document discusses the 7-Zip file compression utility. It provides instructions on how to install and use 7-Zip on Linux distributions like Ubuntu and Fedora. Key points include:
- 7-Zip is not installed by default on Linux but can be installed using package managers or by downloading installers.
- The commands to use 7-Zip may differ across distributions, such as 7zr for Ubuntu and 7za for Fedora.
- 7-Zip provides high compression levels and supports various compression algorithms like LZMA, but can be slower than other utilities for maximum compression.
- Other Linux utilities like Tar can also compress files but provide lower compression levels than 7-Zip.
Metodologias de Programação IV - Aula 4, Secção 2 - Suporte para sessões no p...Leonel Morgado
The document discusses session support in the HTTP protocol. It provides examples of HTTP requests and responses between a client and amazon.co.uk website. The responses set cookies to manage the session and client state, including session IDs and expiration times. Related readings are listed on HTTP, cookieless ASP.NET, and HTTP state management mechanisms.
Rawnet Lightning talk 'How the Internet Works'Rawnet
The document discusses how the internet works by explaining that it is a decentralized global network of computers created by DARPA in the 1960s. It then describes how loading a website involves opening a socket to the server and sending an HTTP request, which is routed using DNS to map domain names to IP addresses and routing protocols to direct traffic between networks. Content delivery networks are also mentioned as optimizing website load times.
This document provides information about Common Gateway Interface (CGI) programming and how web browsers communicate with web servers. It discusses how browsers make requests to servers, how servers respond, and how form data is transmitted from browsers to CGI programs using GET and POST methods. It also covers cookies, file uploads, and provides examples of simple CGI programs in Perl and Python.
The document discusses techniques for bypassing the Citrix Web Application Firewall (WAF). It includes three examples of HTTP requests targeting a vulnerable script: a GET request, a POST request, and an improved POST request that includes a multipart/form-data encoding and SQL injection payload to retrieve the database name. The document concludes with a link to additional information on Citrix WAF bypass techniques.
HTTP is a protocol for transmitting and receiving information on the internet. It allows clients to send requests to servers and receive responses. Common HTTP requests are GET and POST. CGI (Common Gateway Interface) is a standard for interfacing external applications with information servers like HTTP servers. It allows programs to be run on a server and to handle requests that are similar to HTML forms. When a CGI program is executed, it has access to environment variables containing information about the request.
Web Application Security 101 - 02 The BasicsWebsecurify
In part 2 of Web Application Security 101 we cover the basics of HTTP, HTML, XML, JSON, JavaScript, CSS and more in order to get you up to speed with the technology. This knowledge will be used during the rest of the course to explore the various security aspects effecting web applications today.
The document provides an overview of basic web security concepts including:
1. It defines common web terms like front-end, back-end, cookies, sessions, URLs, HTTP methods, headers and status codes.
2. It discusses how cookies and sessions are used to track users and maintain state on the web.
3. It covers potential information leaks from files like robots.txt, hidden files and directories as well as techniques for searching websites like Google hacking.
4. It introduces common web vulnerabilities like XSS, CSRF and discusses how attacks are carried out and potential impacts. It also notes some PHP quirks that could be exploited if not understood.
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveCheckmarx
Presented by Paulo Silva, Security Researcher at Checkmarx on October 31, 2018 at Polytechnic Institute of Cávado and Ave.
Learn all about the OWASP Top 10 from his talk:
Part I
Web Application architecture
The HTTP protocol
HTTP Request walk-through
Part II
What is OWASP
What is the OWASP TOP 10
OWASP Top 10 walk - through
The document is an audit report of the website http://mymusicplease.fr:80 that was scanned for vulnerabilities. The 47-minute scan found a total of 47 alerts across several categories like blind SQL injection, cross-site scripting, SQL injection, and more. Specific issues were found on pages like /vote.php, /connexion.php and details of the vulnerabilities on each page are provided.
Oss web application and network securityRishabh Mehan
The document provides an overview of web application and network security. It begins with definitions of web applications and how requests are made via protocols like HTTP and HTTPS. It then covers common security attacks such as denial of service attacks, TCP hijacking, and packet sniffing. The document discusses countermeasures for these attacks like firewalls, intrusion detection systems, and encryption. It also covers vulnerabilities in web applications like SQL injection, cross-site scripting, and input validation issues. The key information is on common security attacks against web applications and networks and their corresponding countermeasures.
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)Ericom Software
WebSockets couples the performance and flexibility of TCP with the reach of HTTP Prediction: WebSockets will replace simple TCP as preferred underlying protocol.
To see how Websockets are used in a popular HTML5-based remote access solution, by visiting the following URL: http://j.mp/1luquBQ
This document provides an overview of applications and reliable transport basics. It discusses several common applications that use reliable sockets like Telnet, HTTP, BitTorrent and Skype. It also covers some of the challenges in building reliable transport, including dropping, duplicating and reordering of packets. The document outlines techniques used to provide reliability such as checksums, acknowledgements, timeouts and retransmissions. Finally, it introduces finite state machines and stop-and-wait models for reliable data transfer.
The document discusses various aspects of HTTP headers, including:
- What HTTP headers are and their importance for web development. HTTP headers carry information about the client browser, requested page, and server.
- How to view HTTP headers using tools like Firebug and Live HTTP Headers plugins in Firefox.
- The structure of HTTP requests and responses. Requests contain request lines and header lines, while responses similarly contain status lines and header lines.
- Common HTTP request header fields like Host, User-Agent, Accept-Language, and Accept-Encoding and what they indicate.
- The differences between common HTTP request methods like GET, POST, and HEAD.
The document contains log data from HTTP requests made to various URLs including 118.102.6.104, me.zing.vn. The logs include details of the requests such as headers, parameters, cookies and response codes. Requests were made to update profile information and contact details on me.zing.vn.
Derick Rethans gave a talk about using PHP on mobile devices. He discussed his experiences building Twitter and transport status apps for a phone using PHP and GTK. He also talked about cross-compiling PHP to run on a Kindle and the challenges of accessing hardware without proper APIs. In conclusion, mobile devices have limitations that make PHP challenging to use effectively for applications.
Hackers, meet your match. No longer are web applications an easy target. You have been getting away for too long with laughing at poor programming practices, pissing on every parameter,
and downloading entire tables from Web requests. In this talk, I will show a hands-on demo of a live application with a RASP, and without. I will cover the benefits of a RASP over a WAF, and explain
how web sites should no longer rely on dumb traffic level regex tools for their security.
I will attack a vulnerable web application, and demonstrate how a typical attack is carried out on it. Afterwards I will repeat the exercise on the same application, but this time with a RASP installed.
I will point out what the key differences are, and in a vendor neutral manner show key mechanisms which differentiate a RASP from a WAF or a firewall.
I will cover how brute force protection is done right, how aggregating application usage and sharing this data is beneficial, and how using a RASP can even be integrated into a SDLC.
HTTP cookie hijacking in the wild: security and privacy implicationsPriyanka Aash
The widespread demand for online privacy, also fueled by widely-publicized demonstrations of session hijacking attacks against popular websites (see Firesheep), has spearheaded the increasing deployment of HTTPS. However, many websites still avoid ubiquitous encryption due to performance or compatibility issues. The prevailing approach in these cases is to force critical functionality and sensitive data access over encrypted connections, while allowing more innocuous functionality to be accessed over HTTP. In practice, this approach is prone to flaws that can expose sensitive information or functionality to third parties. In this work, we conduct an in-depth assessment of a diverse set of major websites and explore what functionality and information is exposed to attackers that have hijacked a user's HTTP cookies. We identify a recurring pattern across websites with partially deployed HTTPS; service personalization inadvertently results in the exposure of private information. The separation of functionality across multiple cookies with different scopes and inter-dependencies further complicates matters, as imprecise access control renders restricted account functionality accessible to non-session cookies. Our cookie hijacking study reveals a number of severe flaws; attackers can obtain the user's home and work address and visited websites from Google, Bing and Baidu expose the user's complete search history, and Yahoo allows attackers to extract the contact list and send emails from the user's account. Furthermore, e-commerce vendors such as Amazon and Ebay expose the user's purchase history (partial and full respectively), and almost every website exposes the user's name and email address. Ad networks like Doubleclick can also reveal pages the user has visited. To fully evaluate the practicality and extent of cookie hijacking, we explore multiple aspects of the online ecosystem, including mobile apps, browser security mechanisms, extensions and search bars. To estimate the extent of the threat, we run IRB-approved measurements on a subset of our university's public wireless network for 30 days, and detect over 282K accounts exposing the cookies required for our hijacking attacks. We also explore how users can protect themselves and find that, while mechanisms such as the EFF's HTTPS Everywhere extension can reduce the attack surface, HTTP cookies are still regularly exposed. The privacy implications of these attacks become even more alarming when considering how they can be used to deanonymize Tor users. Our measurements suggest that a significant portion of Tor users may currently be vulnerable to cookie hijacking.
(Source: Black Hat USA 2016, Las Vegas)
A talk from The Combine 2011.
APIs Demystified is intended take the magic out of APIs for people that aren't programmers. We will discuss what Application Programming Interface means, starting with a general overview and then moving the focus to web APIs and how they are becoming the building blocks of today's applications. A discussion of why a company might decide to build an API follows.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
This document provides information about Common Gateway Interface (CGI) programming and how web browsers communicate with web servers. It discusses how browsers make requests to servers, how servers respond, and how form data is transmitted from browsers to CGI programs using GET and POST methods. It also covers cookies, file uploads, and provides examples of simple CGI programs in Perl and Python.
The document discusses techniques for bypassing the Citrix Web Application Firewall (WAF). It includes three examples of HTTP requests targeting a vulnerable script: a GET request, a POST request, and an improved POST request that includes a multipart/form-data encoding and SQL injection payload to retrieve the database name. The document concludes with a link to additional information on Citrix WAF bypass techniques.
HTTP is a protocol for transmitting and receiving information on the internet. It allows clients to send requests to servers and receive responses. Common HTTP requests are GET and POST. CGI (Common Gateway Interface) is a standard for interfacing external applications with information servers like HTTP servers. It allows programs to be run on a server and to handle requests that are similar to HTML forms. When a CGI program is executed, it has access to environment variables containing information about the request.
Web Application Security 101 - 02 The BasicsWebsecurify
In part 2 of Web Application Security 101 we cover the basics of HTTP, HTML, XML, JSON, JavaScript, CSS and more in order to get you up to speed with the technology. This knowledge will be used during the rest of the course to explore the various security aspects effecting web applications today.
The document provides an overview of basic web security concepts including:
1. It defines common web terms like front-end, back-end, cookies, sessions, URLs, HTTP methods, headers and status codes.
2. It discusses how cookies and sessions are used to track users and maintain state on the web.
3. It covers potential information leaks from files like robots.txt, hidden files and directories as well as techniques for searching websites like Google hacking.
4. It introduces common web vulnerabilities like XSS, CSRF and discusses how attacks are carried out and potential impacts. It also notes some PHP quirks that could be exploited if not understood.
OWASP Top 10 - Checkmarx Presentation at Polytechnic Institute of Cávado and AveCheckmarx
Presented by Paulo Silva, Security Researcher at Checkmarx on October 31, 2018 at Polytechnic Institute of Cávado and Ave.
Learn all about the OWASP Top 10 from his talk:
Part I
Web Application architecture
The HTTP protocol
HTTP Request walk-through
Part II
What is OWASP
What is the OWASP TOP 10
OWASP Top 10 walk - through
The document is an audit report of the website http://mymusicplease.fr:80 that was scanned for vulnerabilities. The 47-minute scan found a total of 47 alerts across several categories like blind SQL injection, cross-site scripting, SQL injection, and more. Specific issues were found on pages like /vote.php, /connexion.php and details of the vulnerabilities on each page are provided.
Oss web application and network securityRishabh Mehan
The document provides an overview of web application and network security. It begins with definitions of web applications and how requests are made via protocols like HTTP and HTTPS. It then covers common security attacks such as denial of service attacks, TCP hijacking, and packet sniffing. The document discusses countermeasures for these attacks like firewalls, intrusion detection systems, and encryption. It also covers vulnerabilities in web applications like SQL injection, cross-site scripting, and input validation issues. The key information is on common security attacks against web applications and networks and their corresponding countermeasures.
WebSockets Everywhere: the Future Transport Protocol for Everything (Almost)Ericom Software
WebSockets couples the performance and flexibility of TCP with the reach of HTTP Prediction: WebSockets will replace simple TCP as preferred underlying protocol.
To see how Websockets are used in a popular HTML5-based remote access solution, by visiting the following URL: http://j.mp/1luquBQ
This document provides an overview of applications and reliable transport basics. It discusses several common applications that use reliable sockets like Telnet, HTTP, BitTorrent and Skype. It also covers some of the challenges in building reliable transport, including dropping, duplicating and reordering of packets. The document outlines techniques used to provide reliability such as checksums, acknowledgements, timeouts and retransmissions. Finally, it introduces finite state machines and stop-and-wait models for reliable data transfer.
The document discusses various aspects of HTTP headers, including:
- What HTTP headers are and their importance for web development. HTTP headers carry information about the client browser, requested page, and server.
- How to view HTTP headers using tools like Firebug and Live HTTP Headers plugins in Firefox.
- The structure of HTTP requests and responses. Requests contain request lines and header lines, while responses similarly contain status lines and header lines.
- Common HTTP request header fields like Host, User-Agent, Accept-Language, and Accept-Encoding and what they indicate.
- The differences between common HTTP request methods like GET, POST, and HEAD.
The document contains log data from HTTP requests made to various URLs including 118.102.6.104, me.zing.vn. The logs include details of the requests such as headers, parameters, cookies and response codes. Requests were made to update profile information and contact details on me.zing.vn.
Derick Rethans gave a talk about using PHP on mobile devices. He discussed his experiences building Twitter and transport status apps for a phone using PHP and GTK. He also talked about cross-compiling PHP to run on a Kindle and the challenges of accessing hardware without proper APIs. In conclusion, mobile devices have limitations that make PHP challenging to use effectively for applications.
Hackers, meet your match. No longer are web applications an easy target. You have been getting away for too long with laughing at poor programming practices, pissing on every parameter,
and downloading entire tables from Web requests. In this talk, I will show a hands-on demo of a live application with a RASP, and without. I will cover the benefits of a RASP over a WAF, and explain
how web sites should no longer rely on dumb traffic level regex tools for their security.
I will attack a vulnerable web application, and demonstrate how a typical attack is carried out on it. Afterwards I will repeat the exercise on the same application, but this time with a RASP installed.
I will point out what the key differences are, and in a vendor neutral manner show key mechanisms which differentiate a RASP from a WAF or a firewall.
I will cover how brute force protection is done right, how aggregating application usage and sharing this data is beneficial, and how using a RASP can even be integrated into a SDLC.
HTTP cookie hijacking in the wild: security and privacy implicationsPriyanka Aash
The widespread demand for online privacy, also fueled by widely-publicized demonstrations of session hijacking attacks against popular websites (see Firesheep), has spearheaded the increasing deployment of HTTPS. However, many websites still avoid ubiquitous encryption due to performance or compatibility issues. The prevailing approach in these cases is to force critical functionality and sensitive data access over encrypted connections, while allowing more innocuous functionality to be accessed over HTTP. In practice, this approach is prone to flaws that can expose sensitive information or functionality to third parties. In this work, we conduct an in-depth assessment of a diverse set of major websites and explore what functionality and information is exposed to attackers that have hijacked a user's HTTP cookies. We identify a recurring pattern across websites with partially deployed HTTPS; service personalization inadvertently results in the exposure of private information. The separation of functionality across multiple cookies with different scopes and inter-dependencies further complicates matters, as imprecise access control renders restricted account functionality accessible to non-session cookies. Our cookie hijacking study reveals a number of severe flaws; attackers can obtain the user's home and work address and visited websites from Google, Bing and Baidu expose the user's complete search history, and Yahoo allows attackers to extract the contact list and send emails from the user's account. Furthermore, e-commerce vendors such as Amazon and Ebay expose the user's purchase history (partial and full respectively), and almost every website exposes the user's name and email address. Ad networks like Doubleclick can also reveal pages the user has visited. To fully evaluate the practicality and extent of cookie hijacking, we explore multiple aspects of the online ecosystem, including mobile apps, browser security mechanisms, extensions and search bars. To estimate the extent of the threat, we run IRB-approved measurements on a subset of our university's public wireless network for 30 days, and detect over 282K accounts exposing the cookies required for our hijacking attacks. We also explore how users can protect themselves and find that, while mechanisms such as the EFF's HTTPS Everywhere extension can reduce the attack surface, HTTP cookies are still regularly exposed. The privacy implications of these attacks become even more alarming when considering how they can be used to deanonymize Tor users. Our measurements suggest that a significant portion of Tor users may currently be vulnerable to cookie hijacking.
(Source: Black Hat USA 2016, Las Vegas)
A talk from The Combine 2011.
APIs Demystified is intended take the magic out of APIs for people that aren't programmers. We will discuss what Application Programming Interface means, starting with a general overview and then moving the focus to web APIs and how they are becoming the building blocks of today's applications. A discussion of why a company might decide to build an API follows.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
Essentials of Automations: The Art of Triggers and Actions in FMESafe Software
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
Graspan: A Big Data System for Big Code AnalysisAftab Hussain
We built a disk-based parallel graph system, Graspan, that uses a novel edge-pair centric computation model to compute dynamic transitive closures on very large program graphs.
We implement context-sensitive pointer/alias and dataflow analyses on Graspan. An evaluation of these analyses on large codebases such as Linux shows that their Graspan implementations scale to millions of lines of code and are much simpler than their original implementations.
These analyses were used to augment the existing checkers; these augmented checkers found 132 new NULL pointer bugs and 1308 unnecessary NULL tests in Linux 4.4.0-rc5, PostgreSQL 8.3.9, and Apache httpd 2.2.18.
- Accepted in ASPLOS ‘17, Xi’an, China.
- Featured in the tutorial, Systemized Program Analyses: A Big Data Perspective on Static Analysis Scalability, ASPLOS ‘17.
- Invited for presentation at SoCal PLS ‘16.
- Invited for poster presentation at PLDI SRC ‘16.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Zoom is a comprehensive platform designed to connect individuals and teams efficiently. With its user-friendly interface and powerful features, Zoom has become a go-to solution for virtual communication and collaboration. It offers a range of tools, including virtual meetings, team chat, VoIP phone systems, online whiteboards, and AI companions, to streamline workflows and enhance productivity.
Atelier - Innover avec l’IA Générative et les graphes de connaissancesNeo4j
Atelier - Innover avec l’IA Générative et les graphes de connaissances
Allez au-delà du battage médiatique autour de l’IA et découvrez des techniques pratiques pour utiliser l’IA de manière responsable à travers les données de votre organisation. Explorez comment utiliser les graphes de connaissances pour augmenter la précision, la transparence et la capacité d’explication dans les systèmes d’IA générative. Vous partirez avec une expérience pratique combinant les relations entre les données et les LLM pour apporter du contexte spécifique à votre domaine et améliorer votre raisonnement.
Amenez votre ordinateur portable et nous vous guiderons sur la mise en place de votre propre pile d’IA générative, en vous fournissant des exemples pratiques et codés pour démarrer en quelques minutes.
GraphSummit Paris - The art of the possible with Graph TechnologyNeo4j
Sudhir Hasbe, Chief Product Officer, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Software Engineering, Software Consulting, Tech Lead, Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Transaction, Spring MVC, OpenShift Cloud Platform, Kafka, REST, SOAP, LLD & HLD.
E-commerce Development Services- Hornet DynamicsHornet Dynamics
For any business hoping to succeed in the digital age, having a strong online presence is crucial. We offer Ecommerce Development Services that are customized according to your business requirements and client preferences, enabling you to create a dynamic, safe, and user-friendly online store.
Takashi Kobayashi and Hironori Washizaki, "SWEBOK Guide and Future of SE Education," First International Symposium on the Future of Software Engineering (FUSE), June 3-6, 2024, Okinawa, Japan
SOCRadar's Aviation Industry Q1 Incident Report is out now!
The aviation industry has always been a prime target for cybercriminals due to its critical infrastructure and high stakes. In the first quarter of 2024, the sector faced an alarming surge in cybersecurity threats, revealing its vulnerabilities and the relentless sophistication of cyber attackers.
SOCRadar’s Aviation Industry, Quarterly Incident Report, provides an in-depth analysis of these threats, detected and examined through our extensive monitoring of hacker forums, Telegram channels, and dark web platforms.
17. IP Address Internet Protocol Address
140.114.197.101
31.13.87.36
2a03:2880:f12d:83:face:b00c:0:25de
(IPv6)
18. DNS Domain Name System
www.facebook.com 31.13.87.36
www.google.com 216.58.200.36
yikuo.dev 172.67.169.118
19. Routing – Sending out to the internet
140.114.197.101
My Computer
@ Dorm Hsin
140.114.197.254
Dorm Hsin
Floor 3 / 4 Gateway
140.114.1.85
NTHU Networking
Center
140.114.1.70
NTHU TANet
Gateway
192.192.61.110
TANet
Taiwan Academic Network
To
31.13.87.36
20. Routing – BGP
140.114.197.101
My Computer
@ Dorm Hsin
140.114.197.254
Dorm Hsin
Floor 3 / 4 Gateway
140.114.1.85
NTHU Networking Center
140.114.1.70
NTHU TANet Gateway
192.192.61.110
TANet
Taiwan Academic Network
TANet
ISP A
Border Gateway Portocal
ISP B
ISP C
The
Facebook
Network
31.13.*.*
Who can get to
31.13.87.36?
I can in
1 step
I can in
2 steps
Who can get to
31.13.87.36?
I can in
1 step
To
31.13.87.36
Reply from
31.13.87.36
21. Routing – Sending back to sender
140.114.197.101
My Computer
@ Dorm Hsin
140.114.197.254
Dorm Hsin
Floor 3 / 4 Gateway
140.114.1.85
NTHU Networking
Center
140.114.1.70
NTHU TANet
Gateway
192.192.61.110
TANet
Taiwan Academic Network
Reply from
31.13.87.36
Hi everyone, my name is Yi. I am from Computer Science department. Today I’m going to share about how our computers connect to Facebook, or any other website
We browse the Internet everyday. But have you wonder how does our computers connect to the Internet? How could images from the other side of the world transits to your computer? I will have a simple introduction of how Internet and website works.
First, lets take Facebook as an example. When we want to watch feeds on Facebook, we simply type www.facebook.com into our browser’s address bar. And within a few seconds, Facebook’s homepage showed up! What happened between those few seconds?
A website is actually servers that send information to our computer, and our browser renders the data and show it.
Servers are no different from our computer. To connect to a website, our computer has to communicate with their servers to exchange data
Just like humans, computers also need to have a language to communicate. For websites, this language is HTTP. You can see that websites have the http:// prefix in the address. Actually, you may see https:// more often. They are using the same language but the data is encrypted in HTTPS, thus is safer to use HTTPS.
Lets see how HTTP looks like. This is what our computer says to the server when we connect to Facebook’s home page
This is the HTTP Request header. It has several parts:
First, Request Method. We are only fetching the webpage, so we use the GET method.
If we want to send additional data to the server, we use the POST method.
Next, there is the Location, which page we are going to request.
We are going to request the root page, so it looks like this.
If we want to see my Facebook profile, then it looks like this.
And next is the HTTP version and some additional Headers.
These Headers provide the server with some additional settings. For example, the User-Agent header tells the server what browser we are using.
This is what Facebook’s server response to us
This is the HTTP Response Header. It is similar to the Request, but there are some additional parts
There is the 200 OK Response Code. There are different codes too, such as the famous 404 code.
The 404 Not Found means the user requested a non existent page, and
The 403 Forbidden means the user does not have permission to view the page
Bottom here is the response data, the website’s content and is usually in the HTML format
So now we have the language, but what is the medium for them to talk to each other?
So here comes TCP. TCP is like a tunnel that can let computers talk to each other.
To establish a connection, computers have to do a handshake
Lets see how the handshake works…
First, our computer sends a number A, then the server generates a number B and sends back A+B, finally, we send B to the server.
This can ensure that both computers can receive from each other correctly
But how does our computer knows where is Facebook?
Here comes the Routing.
IP Address are like address in our real life, every computer on the network has an IP Address
And there is the domain name system. The domain name system is like a phone book, that gives the corresponding IP address of the Domain Name
Actually you can buy your own domain name too! This is my domain name. It will link to my blog
Now we have Facebook’s IP address, we generates a package.
And then we send our package out to the Internet Service Provider
In NTHU, our service provider is Taiwan Academic Network
Now it comes to border routing, every circle here is an autonomous system.
Every autonomous system controls a part of the IP in the Internet, and we have to send our package to the correct autonomous system.
So this is how BGP works:
First, our ISP asks who can get to Facebook’s IP address?
Since ISP B is not directly connected to Facebook, so it also asks.
ISP C replies to B that it can get to Facebook in one step, and B replies to us that it can in 2 steps.
And ISP A replies to us that it can in one step.
Now we have two choices. We will choose the shortest path: going through ISP A
We finally got to Facebook, and Facebook generates the response and throw it back to us.
It will follow the opposite way of how we come from, and finally it gets to our computer!
So what I introduced stacks on each other.
First there is Physical Connection, such as copper wire, radio waves or optical fiber
Next, packets route to the server with the physical connection.
And next, TCP makes a tunnel to let us talk to the server.
Last, we use HTTP, which is the language our computer talks.