When we deploy existing applications to the cloud or build new applications for it, how do the applications change? How does the boundary of an application change? How does this change affect the security parameters? What are the security characteristics that need to be accounted for? This talk explores these and the following questions:
• What are the top security concerns when building for the cloud?
• How do we evolve the security JSR (375) in Java EE 8 for the cloud?
• What are the key security areas for the next-generation Java EE platform that can ease a developer’s path for cloud deployments?
JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015Werner Keil
JSR 375: Java EE Security API works on the following enhancements: standardize user management, syntax for indicating passwords stored in secure repositories with password aliasing, and definition and standardization of a 'role service' API with role mapping. There’s also scope for a new CDI interceptor annotation to perform application-domain rules at the method level or enhancements to authentication. Where feasible synergies with prior JSR 351 (Identity) shall also be explored. In this session we’ll present the current status of this JSR and what's going on in the JSR 375 Expert Group.
Java EE 8 Overview (Sept 2015). A lot of work is already done by the Expert Groups so lets have a brief look for what we can expect in the some areas.
- Servlet 4 will embrace the new HTTP/2 protocol.
- JSON-B will bring the same high level features of JAXB to the JSON data format.
- Server-Sent Events(SSE) is the WebSocket variant where you only send data from the server to the client.
- MVC will be the Action based MVC complement of the Component based MVC of JSF.
- Some major restructuring of CDI so that we can use it standardised in Java SE to mention one thing.
The Java EE security API will be covered in more detail. Security related things became old and dusty and needs to move away from proprietary configuration to be able to make the transition to the cloud. An introduction to JSR 375 is given, which promotes self-contained application portability across Java EE servers, and promotes the use of modern programming concepts such as Expression Language, and CDI. It will holistically attempt to simplify, standardize, and modernize the Security API across the platform in areas identified by the community.
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Ioan Eugen Stan
Speaking of modern authentication for the Web, we usually assume features like single sign-on, social login, strong multifactor auth, protection from brute-force attacks and automated registrations & many more.
Unfortunately, Sling offers only very basic authentication and identity management out of the box. Our proposal is not to reinvent all of the above within Sling, but rather to delegate authentication and IDM to mature, open-source and standards-compliant external service.
In this session, we'll discuss and demonstrate implementation of this approach with Keycloak, open-source identity solution.
https://github.com/netdava/adapt-to-2018-keycloak-sling-presentation/ - Code and presentation.
https://netdava.github.io/adapt-to-2018-keycloak-sling-presentation/
https://adapt.to/2018/en/schedule/modern-authentication-in-sling-with-openid-connect-and-keycloak.html
Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures.
1. Be Secure by Design
2. Scan Dependencies
3. Use HTTPS Everywhere
4. Use Access and Identity Tokens
5. Encrypt and Protect Secrets
6. Verify Security with Delivery Pipelines
7. Slow Down Attackers
8. Use Docker Rootless Mode
9. Use Time-Based Security
10. Scan Docker and Kubernetes Configuration for Vulnerabilities
11. Know Your Cloud and Cluster Security
Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns
Octopus framework; Permission based security framework for Java EERudy De Busscher
Octopus framework for using permission based security in your Java EE app capable of securing URL, JSF components and CDI and EJB methods with the same security voters.
Enterprise 2.0 with Open Source Frameworks like AgoravaWerner Keil
After Seam stopped at version 3, affecting related modules like Seam Social, a number of people started to work on Agorava, a "reference implementation" for Social Network integration in Java.
In this session, you will see examples from a number of frameworks that help developers to integrate their projects with existing Social Networks, both Public (Facebook, Twitter, Google+, LinkedIn, Xing, Yammer,...) and Corporate, e.g. within the Enterprise or Institution (University, Hospital, Library, Museum or individual Artists...) It also aims to assist Java Enterprise technologies and frameworks by adding social media features to web sites or services developed using Java or running on a JVM. Agorava is intended to be part of JDF 2.next alongside full DeltaSpike support or PicketLink SSO and more, e.g. JSR 330, allowing Agorava to also run on Android or Java SE.
JCON 2020: Mobile Java Web Applications with MVC and OpenDDRWerner Keil
Mobile Java Web Applications with MVC and OpenDDR
We experience a growing number of mobile phones, tablets, phablets, foldables, smart TV, watches or home assistants and similar devices flooding the market almost every day. If you want to create a responsive web application with the best user experience you need dynamic adaptive content according to all relevant aspects of your device. That’s the reason for Device Description Repositories (DDR). This session provides an overview of the W3C DDR standard for Mobile Device recognition and the OpenDDR project. Followed by a live demo of extensions to Spring MVC and the MVC 1.0 standard for Java (JSR-371) leveraging the power of OpenDDR to simplify the development of cross device web applications. Both offer automatic device detection based on OpenDDR, configuration of user preferences, automatically switch the path to the most appropriate view for a particular device or device type. As well as device aware templates, view engines and more.
JSR 375 - Have you seen Java EE Security API lately? - codemotion Tel Aviv 2015Werner Keil
JSR 375: Java EE Security API works on the following enhancements: standardize user management, syntax for indicating passwords stored in secure repositories with password aliasing, and definition and standardization of a 'role service' API with role mapping. There’s also scope for a new CDI interceptor annotation to perform application-domain rules at the method level or enhancements to authentication. Where feasible synergies with prior JSR 351 (Identity) shall also be explored. In this session we’ll present the current status of this JSR and what's going on in the JSR 375 Expert Group.
Java EE 8 Overview (Sept 2015). A lot of work is already done by the Expert Groups so lets have a brief look for what we can expect in the some areas.
- Servlet 4 will embrace the new HTTP/2 protocol.
- JSON-B will bring the same high level features of JAXB to the JSON data format.
- Server-Sent Events(SSE) is the WebSocket variant where you only send data from the server to the client.
- MVC will be the Action based MVC complement of the Component based MVC of JSF.
- Some major restructuring of CDI so that we can use it standardised in Java SE to mention one thing.
The Java EE security API will be covered in more detail. Security related things became old and dusty and needs to move away from proprietary configuration to be able to make the transition to the cloud. An introduction to JSR 375 is given, which promotes self-contained application portability across Java EE servers, and promotes the use of modern programming concepts such as Expression Language, and CDI. It will holistically attempt to simplify, standardize, and modernize the Security API across the platform in areas identified by the community.
Modern authentication in Sling with Openid Connect and Keycloak - Adapt.to 20...Ioan Eugen Stan
Speaking of modern authentication for the Web, we usually assume features like single sign-on, social login, strong multifactor auth, protection from brute-force attacks and automated registrations & many more.
Unfortunately, Sling offers only very basic authentication and identity management out of the box. Our proposal is not to reinvent all of the above within Sling, but rather to delegate authentication and IDM to mature, open-source and standards-compliant external service.
In this session, we'll discuss and demonstrate implementation of this approach with Keycloak, open-source identity solution.
https://github.com/netdava/adapt-to-2018-keycloak-sling-presentation/ - Code and presentation.
https://netdava.github.io/adapt-to-2018-keycloak-sling-presentation/
https://adapt.to/2018/en/schedule/modern-authentication-in-sling-with-openid-connect-and-keycloak.html
Are you securing your microservice architectures by hiding them behind a firewall? That works, but there are better ways to do it. This presentation recommends 11 patterns to secure microservice architectures.
1. Be Secure by Design
2. Scan Dependencies
3. Use HTTPS Everywhere
4. Use Access and Identity Tokens
5. Encrypt and Protect Secrets
6. Verify Security with Delivery Pipelines
7. Slow Down Attackers
8. Use Docker Rootless Mode
9. Use Time-Based Security
10. Scan Docker and Kubernetes Configuration for Vulnerabilities
11. Know Your Cloud and Cluster Security
Blog post: https://developer.okta.com/blog/2020/03/23/microservice-security-patterns
Octopus framework; Permission based security framework for Java EERudy De Busscher
Octopus framework for using permission based security in your Java EE app capable of securing URL, JSF components and CDI and EJB methods with the same security voters.
Enterprise 2.0 with Open Source Frameworks like AgoravaWerner Keil
After Seam stopped at version 3, affecting related modules like Seam Social, a number of people started to work on Agorava, a "reference implementation" for Social Network integration in Java.
In this session, you will see examples from a number of frameworks that help developers to integrate their projects with existing Social Networks, both Public (Facebook, Twitter, Google+, LinkedIn, Xing, Yammer,...) and Corporate, e.g. within the Enterprise or Institution (University, Hospital, Library, Museum or individual Artists...) It also aims to assist Java Enterprise technologies and frameworks by adding social media features to web sites or services developed using Java or running on a JVM. Agorava is intended to be part of JDF 2.next alongside full DeltaSpike support or PicketLink SSO and more, e.g. JSR 330, allowing Agorava to also run on Android or Java SE.
JCON 2020: Mobile Java Web Applications with MVC and OpenDDRWerner Keil
Mobile Java Web Applications with MVC and OpenDDR
We experience a growing number of mobile phones, tablets, phablets, foldables, smart TV, watches or home assistants and similar devices flooding the market almost every day. If you want to create a responsive web application with the best user experience you need dynamic adaptive content according to all relevant aspects of your device. That’s the reason for Device Description Repositories (DDR). This session provides an overview of the W3C DDR standard for Mobile Device recognition and the OpenDDR project. Followed by a live demo of extensions to Spring MVC and the MVC 1.0 standard for Java (JSR-371) leveraging the power of OpenDDR to simplify the development of cross device web applications. Both offer automatic device detection based on OpenDDR, configuration of user preferences, automatically switch the path to the most appropriate view for a particular device or device type. As well as device aware templates, view engines and more.
Enterprise Security mit Spring SecurityMike Wiesner
Spring Security, der Nachfolger des Acegi Security Frameworks, stellt ein Framework zur Umsetzung von Enterprise Security Anforderungen zur Verfügung, wie z.B. Authentifizierung, URL- und Methoden-Filter, Single-Sign-On und Insatzbasierten Berechtigungen. Dabei ist es ein reines Security Framework, welches mit nahezu jedem Web- und Anwendungsframework eingesetzt werden kann.
Building Modern Applications Using APIs, Microservices and ChatbotsOracle Developers
Develop, Deploy, Iterate Often. Today’s developers are developing and deploying multiple releases per day, sometimes per hour. Architectural designs are changing from monolithic applications to micro services that have smaller granularity and use lightweight protocols. Developers are building modern applications engaging customers over multiple channels via mobile, chatbots and even virtual reality. An API first approach is critical in tying all this together allowing cloud native applications to access data and processes, enabling collaboration between front-end and back-end developers. With modern app development platforms, developers can easily build, connect and elastically scale all web and mobile applications, services across any device. Microservices and chatbots are driving real need for all enterprises to adopt an API-first strategy.
WATCH WEBINAR: https://youtu.be/558MFgH1t9g
JSON Web tokens (JWTs) are used massively in API-based applications as access tokens or to transport information across services. Unfortunately, JWT are often mis-used and incorrectly handled. Massive data breaches have occurred in the last 18 months due to token leakage and lack of proper of validation.
This session focuses on best practices and real world examples of JWT usage, where we cover:
- Typical scenarios where using JWT is a good idea
- Typical scenarios where using JWT is a bad idea!
- Principles of Zero trust architecture and why you should always validate
- Best practices to thoroughly validate JWTs and potential vulnerabilities if you don’t.
- Use cases when encryption may be required for JWT
What are the biggest cyber threats facing financial and healthcare entities today and in the near future? How can organizations embrace innovation and agile development culture while balancing the time to market goals with risk management?
Jason Kobus, director, API Banking, Silicon Valley Bank, and Apigee's head of security, Subra Kumaraswamy, present how an effective API program combined with a secure API management platform can
- provide visibility for all security threats targeting their backend services
- control access to sensitive data - end-to-end
- enable developers to build secure apps with secure APIs
- facilitate secure access with partners and developers
DEVNET-2010 Remote Expert Mobile Web/Android/iOS SDK Live Coding Tutorial and...Cisco DevNet
This technical session starts with quick overview of Remote Expert Mobile use-cases, architecture and capabilities, then takes a deep-dive into the RE Mobile SDKs. Featuring a live coding demonstration, the presenter will show RE Mobile SDK preparation and walk through the conversion of a sample customer-facing business application into a fully collaboration enabled sales&support tool, featuring high-quality voice/video, screen-sharing, co-browing/annotation and more.
DEVNET-2011 Jabber Guest - Android SDK Live Coding TutorialCisco DevNet
This session will show the various ways you can use the Jabber Guest for Android SDK to add live video calling functionality to an existing Android application, including the differences between using various SDK elements, when it is appropriate to use each, and what tradeoffs are introduced from each approach.
Microservices for the Masses with Spring Boot, JHipster, and OAuth - South We...Matt Raible
Microservices are being deployed by many Java Hipsters. If you're working with a large team that needs different release cycles for product components, microservices can be a blessing. If you're working at your VW Restoration Shop and running its online store with your own software, having five services to manage and deploy can be a real pain.
This presentation will show you how to use JHipster to create a microservices architecture with Spring Boot, Spring Cloud, Keycloak, and run it all in Docker. You will leave with the know-how to create your own excellent apps!
Related blog posts:
* Java Microservices with Spring Boot and Spring Cloud: https://developer.okta.com/blog/2019/05/22/java-microservices-spring-boot-spring-cloud
* Java Microservices with Spring Cloud Config and JHipster: https://developer.okta.com/blog/2019/05/23/java-microservices-spring-cloud-config
* Secure Reactive Microservices with Spring Cloud Gateway: https://developer.okta.com/blog/2019/08/28/reactive-microservices-spring-cloud-gateway
In this webinar, we focus specifically on how Apache SHIRO can help developers in providing better security architecture. You will also learn the following Application security is gaining critical attention due to increase in cyber-attacks and risks of business and financial losses.
In the context of J2EE development and Java web application development, security concerns are addressed through multiple means. This informative 45 min session to understand approaches and strategies for building secure web applications.
- Planning for Security: Authentication, Authorization, Session Management and Cryptography
- Comparing Different Approaches for Security: JAAS, Spring, Grails
- How to use the simplified universal approach of Apache SHIRO
- A LIVE DEMO on using SHIRO to secure web applications
If you have any query please write to us at inquiry@cygnet-infotech.com
API Creation to Iteration without the FrustrationNordic APIs
This is a session given by Steve Rice at Nordic APIs 2016 Platform Summit on October 26th, in Stockholm Sweden.
Description:
Once you have an API out in the wild (be it one that’s well designed, or one that grew organically), how do you evolve that API in the future? How do you take something everyone is using in a variety of ways, and distill those needs down into improvements?
This talk will walk through a recent major API version update we went through at PagerDuty from beginning to end. This will include details on what kinds of usage data we gathered, how we engaged with users of the API to understand what worked well and what didn’t, and how to break out of some of the existing antipatterns we had.
Audience members of this talk will be able to walk away with strategies they can apply to their own APIs (internal or external), testing patterns to consider, and ways to communicate engineering efforts in terms of business and customer value.
WEBINAR: Positive Security for APIs: What it is and why you need it!42Crunch
WATCH WEBINAR: https://youtu.be/SywcVCvgXP0
Many of the issues on the OWASP API Security Top 10 are triggered by the lack of input or o¬utput validation. Here are a few illustrative real-life examples on this:
• Drupal suffered a major issue in February 2019: a remote code execution flaw due to a parameter not properly validated.
• Tchap, the brand new messaging app of the French government was hacked in an hour due to the lack of validation of the registration email.
• CVE-2017-5638, better known as the “Equifax attack”. This vulnerability in Apache Struts could be exploited by crafting a custom Content-Type header and embedding ONGL expressions in the header value.
• Cisco got fined $8.6 million for knowingly selling its Video Surveillance Manager (VSM) product that included API vulnerabilities to the US federal and state agencies. The actual API flaws included a lack of user input validation and insufficient authentication.
To protect APIs from such issues, an API-native, positive security approach is required: we create a whitelist of the characteristics of allowed requests. These characteristics are used to validate input and output data for things like data type, min or max length, permitted characters, or valid values ranges. But how do we fill the gap between security and development mentioned above?
What you’ll learn:
• Why WAFs fail in protecting APIs
• How a whitelist protects against A3, A6 and A8 of the OWASP API Security Top 10 – (with real-life examples)
• How to build a proper whitelist for API security
Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.
Native - Hybrid - Web Mobile ArchitecturesPhong Le Duy
This presentation will discuss the different mobile architecture between Native, Hybrid and Web Mobile that will help Mobile and Web developers work closer together.
WARNING: This will be an opinionated webinar.
Among Web architects and API designers we've seen growing interest in HATEOAS as a valuable approach to RESTful Web APIs. In this Webinar, we'll introduce the core principles, look at examples, and explore the value of the approach for API providers and application developers.
Join this live Webinar with Brian Mulloy to discuss the fundamentals and to explore the trade-offs of providing and consuming HATEOAS APIs.
If you can't join the live webinar, register and we'll send you a video recording.
We Will Discuss »
Overview of HATEOAS
Example Applications
Pros and cons of using HATEOS for RESTful API design
I Love APIs 2015
In order to scale the development of APIs with agility, quality, and on budget, it is required to start with the right foundation. Ozan Seyman and Diego Zuluaga, Apigee explain how to build APIs that last by leveraging the virtuous cycle of Continuous Integration. Concepts include version control, configuration management, static code analysis, testing, deployment, build analytics, and documentation.
The First IoT JSR: Units of Measurement - JUG Berlin-BrandenburgWerner Keil
Come to meet JSR 363 - Units of Measurement! It's the first JSR targeted to help you work with IoT devices, tackling sensors and measurements in a standard way. We all know that when representing a temperature, for example, we normally have it as a float. But, is this float in Celsius? Fahrenheit? Kelvin? This is one of the problems this JSR wants to solve: have all "real world" value and unit data represented in a standard way. This JSR is also very suitable for scientific applications, where data representation, conversion and formatting is very important.
In this presentation, we'll see how both developers and platform providers can leverage this JSR, coding for a smart home or smart gas pump that reports its values in a standard way. As well as other use cases and actual embedded devices like Raspberry Pi or Intel Edison.
And this JSR is still in the making. Be first hand witness of the JSR 363 Public Draft (due around Nov) and learn how YOU can get involved and help Java grow in the IoT space! We'll explore how JSRs work and how you can get involved in the JCP and work with this and other JSRs.
"Arlight" является одной из ведущих торговых марок, поставляющей на рынок светодиодную технику самого широкого спектра: LED лампы и светильники, прожекторы и светодиодные ленты, а также источники питания и прочие комплектующие для светодиодного освещения.
Товары, выпущенные под маркой Arlight - это гарантия качества. Все они произведены на крупных современных заводах в Юго-Восточной Азии и соответствуют российским стандартам качества. Выбирая светодиодную продукцию Arlight - вы приобретаете качественный товар по доступной цене.
Enterprise Security mit Spring SecurityMike Wiesner
Spring Security, der Nachfolger des Acegi Security Frameworks, stellt ein Framework zur Umsetzung von Enterprise Security Anforderungen zur Verfügung, wie z.B. Authentifizierung, URL- und Methoden-Filter, Single-Sign-On und Insatzbasierten Berechtigungen. Dabei ist es ein reines Security Framework, welches mit nahezu jedem Web- und Anwendungsframework eingesetzt werden kann.
Building Modern Applications Using APIs, Microservices and ChatbotsOracle Developers
Develop, Deploy, Iterate Often. Today’s developers are developing and deploying multiple releases per day, sometimes per hour. Architectural designs are changing from monolithic applications to micro services that have smaller granularity and use lightweight protocols. Developers are building modern applications engaging customers over multiple channels via mobile, chatbots and even virtual reality. An API first approach is critical in tying all this together allowing cloud native applications to access data and processes, enabling collaboration between front-end and back-end developers. With modern app development platforms, developers can easily build, connect and elastically scale all web and mobile applications, services across any device. Microservices and chatbots are driving real need for all enterprises to adopt an API-first strategy.
WATCH WEBINAR: https://youtu.be/558MFgH1t9g
JSON Web tokens (JWTs) are used massively in API-based applications as access tokens or to transport information across services. Unfortunately, JWT are often mis-used and incorrectly handled. Massive data breaches have occurred in the last 18 months due to token leakage and lack of proper of validation.
This session focuses on best practices and real world examples of JWT usage, where we cover:
- Typical scenarios where using JWT is a good idea
- Typical scenarios where using JWT is a bad idea!
- Principles of Zero trust architecture and why you should always validate
- Best practices to thoroughly validate JWTs and potential vulnerabilities if you don’t.
- Use cases when encryption may be required for JWT
What are the biggest cyber threats facing financial and healthcare entities today and in the near future? How can organizations embrace innovation and agile development culture while balancing the time to market goals with risk management?
Jason Kobus, director, API Banking, Silicon Valley Bank, and Apigee's head of security, Subra Kumaraswamy, present how an effective API program combined with a secure API management platform can
- provide visibility for all security threats targeting their backend services
- control access to sensitive data - end-to-end
- enable developers to build secure apps with secure APIs
- facilitate secure access with partners and developers
DEVNET-2010 Remote Expert Mobile Web/Android/iOS SDK Live Coding Tutorial and...Cisco DevNet
This technical session starts with quick overview of Remote Expert Mobile use-cases, architecture and capabilities, then takes a deep-dive into the RE Mobile SDKs. Featuring a live coding demonstration, the presenter will show RE Mobile SDK preparation and walk through the conversion of a sample customer-facing business application into a fully collaboration enabled sales&support tool, featuring high-quality voice/video, screen-sharing, co-browing/annotation and more.
DEVNET-2011 Jabber Guest - Android SDK Live Coding TutorialCisco DevNet
This session will show the various ways you can use the Jabber Guest for Android SDK to add live video calling functionality to an existing Android application, including the differences between using various SDK elements, when it is appropriate to use each, and what tradeoffs are introduced from each approach.
Microservices for the Masses with Spring Boot, JHipster, and OAuth - South We...Matt Raible
Microservices are being deployed by many Java Hipsters. If you're working with a large team that needs different release cycles for product components, microservices can be a blessing. If you're working at your VW Restoration Shop and running its online store with your own software, having five services to manage and deploy can be a real pain.
This presentation will show you how to use JHipster to create a microservices architecture with Spring Boot, Spring Cloud, Keycloak, and run it all in Docker. You will leave with the know-how to create your own excellent apps!
Related blog posts:
* Java Microservices with Spring Boot and Spring Cloud: https://developer.okta.com/blog/2019/05/22/java-microservices-spring-boot-spring-cloud
* Java Microservices with Spring Cloud Config and JHipster: https://developer.okta.com/blog/2019/05/23/java-microservices-spring-cloud-config
* Secure Reactive Microservices with Spring Cloud Gateway: https://developer.okta.com/blog/2019/08/28/reactive-microservices-spring-cloud-gateway
In this webinar, we focus specifically on how Apache SHIRO can help developers in providing better security architecture. You will also learn the following Application security is gaining critical attention due to increase in cyber-attacks and risks of business and financial losses.
In the context of J2EE development and Java web application development, security concerns are addressed through multiple means. This informative 45 min session to understand approaches and strategies for building secure web applications.
- Planning for Security: Authentication, Authorization, Session Management and Cryptography
- Comparing Different Approaches for Security: JAAS, Spring, Grails
- How to use the simplified universal approach of Apache SHIRO
- A LIVE DEMO on using SHIRO to secure web applications
If you have any query please write to us at inquiry@cygnet-infotech.com
API Creation to Iteration without the FrustrationNordic APIs
This is a session given by Steve Rice at Nordic APIs 2016 Platform Summit on October 26th, in Stockholm Sweden.
Description:
Once you have an API out in the wild (be it one that’s well designed, or one that grew organically), how do you evolve that API in the future? How do you take something everyone is using in a variety of ways, and distill those needs down into improvements?
This talk will walk through a recent major API version update we went through at PagerDuty from beginning to end. This will include details on what kinds of usage data we gathered, how we engaged with users of the API to understand what worked well and what didn’t, and how to break out of some of the existing antipatterns we had.
Audience members of this talk will be able to walk away with strategies they can apply to their own APIs (internal or external), testing patterns to consider, and ways to communicate engineering efforts in terms of business and customer value.
WEBINAR: Positive Security for APIs: What it is and why you need it!42Crunch
WATCH WEBINAR: https://youtu.be/SywcVCvgXP0
Many of the issues on the OWASP API Security Top 10 are triggered by the lack of input or o¬utput validation. Here are a few illustrative real-life examples on this:
• Drupal suffered a major issue in February 2019: a remote code execution flaw due to a parameter not properly validated.
• Tchap, the brand new messaging app of the French government was hacked in an hour due to the lack of validation of the registration email.
• CVE-2017-5638, better known as the “Equifax attack”. This vulnerability in Apache Struts could be exploited by crafting a custom Content-Type header and embedding ONGL expressions in the header value.
• Cisco got fined $8.6 million for knowingly selling its Video Surveillance Manager (VSM) product that included API vulnerabilities to the US federal and state agencies. The actual API flaws included a lack of user input validation and insufficient authentication.
To protect APIs from such issues, an API-native, positive security approach is required: we create a whitelist of the characteristics of allowed requests. These characteristics are used to validate input and output data for things like data type, min or max length, permitted characters, or valid values ranges. But how do we fill the gap between security and development mentioned above?
What you’ll learn:
• Why WAFs fail in protecting APIs
• How a whitelist protects against A3, A6 and A8 of the OWASP API Security Top 10 – (with real-life examples)
• How to build a proper whitelist for API security
Access Control is a necessary security control at almost every layer within a web application. This talk will discuss several of the key access control anti-patterns commonly found during website security audits. These access control anti-patterns include hard-coded security policies, lack of horizontal access control, and "fail open" access control mechanisms. In reviewing these and other access control problems, we will discuss and design a positive access control mechanism that is data contextual, activity based, configurable, flexible, and deny-by-default - among other positive design attributes that make up a robust web-based access-control mechanism.
Native - Hybrid - Web Mobile ArchitecturesPhong Le Duy
This presentation will discuss the different mobile architecture between Native, Hybrid and Web Mobile that will help Mobile and Web developers work closer together.
WARNING: This will be an opinionated webinar.
Among Web architects and API designers we've seen growing interest in HATEOAS as a valuable approach to RESTful Web APIs. In this Webinar, we'll introduce the core principles, look at examples, and explore the value of the approach for API providers and application developers.
Join this live Webinar with Brian Mulloy to discuss the fundamentals and to explore the trade-offs of providing and consuming HATEOAS APIs.
If you can't join the live webinar, register and we'll send you a video recording.
We Will Discuss »
Overview of HATEOAS
Example Applications
Pros and cons of using HATEOS for RESTful API design
I Love APIs 2015
In order to scale the development of APIs with agility, quality, and on budget, it is required to start with the right foundation. Ozan Seyman and Diego Zuluaga, Apigee explain how to build APIs that last by leveraging the virtuous cycle of Continuous Integration. Concepts include version control, configuration management, static code analysis, testing, deployment, build analytics, and documentation.
The First IoT JSR: Units of Measurement - JUG Berlin-BrandenburgWerner Keil
Come to meet JSR 363 - Units of Measurement! It's the first JSR targeted to help you work with IoT devices, tackling sensors and measurements in a standard way. We all know that when representing a temperature, for example, we normally have it as a float. But, is this float in Celsius? Fahrenheit? Kelvin? This is one of the problems this JSR wants to solve: have all "real world" value and unit data represented in a standard way. This JSR is also very suitable for scientific applications, where data representation, conversion and formatting is very important.
In this presentation, we'll see how both developers and platform providers can leverage this JSR, coding for a smart home or smart gas pump that reports its values in a standard way. As well as other use cases and actual embedded devices like Raspberry Pi or Intel Edison.
And this JSR is still in the making. Be first hand witness of the JSR 363 Public Draft (due around Nov) and learn how YOU can get involved and help Java grow in the IoT space! We'll explore how JSRs work and how you can get involved in the JCP and work with this and other JSRs.
"Arlight" является одной из ведущих торговых марок, поставляющей на рынок светодиодную технику самого широкого спектра: LED лампы и светильники, прожекторы и светодиодные ленты, а также источники питания и прочие комплектующие для светодиодного освещения.
Товары, выпущенные под маркой Arlight - это гарантия качества. Все они произведены на крупных современных заводах в Юго-Восточной Азии и соответствуют российским стандартам качества. Выбирая светодиодную продукцию Arlight - вы приобретаете качественный товар по доступной цене.
Background information about the global refugee crisis, specific info about the Syrian refugee crisis, and some info about how Canada is helping/responding, including hubs of private sponsorship in Toronto.
Meaning Reconstruction as an Approach to Analyze Critical Dimensions of HCI R...colin gray
A critical tradition has taken hold in HCI, yet research methods needed to meaningfully engage with critical questions in the qualitative tradition are nascent. In this paper, we explore one critical qualitative research approach that allows researchers to probe deeply into the relationships between communicative acts and social structures. Meaning reconstruction methods are described and illustrated using examples from HCI research, demonstrating how social norms can be traced as they are claimed and reproduced. We conclude with implications for strengthening rigorous critical inquiry in HCI research, including the use of extant critical research methods to document transparency and thick description.
This presentation introduces the new Java EE 8 Security API JSR 375. Originally presented at Devoxx France 2015, the slides present the motivation behind the new JSR, some history, the expert group, and a summary of ideas.
The slides were created after the expert group had been meeting for about a month, so the ideas are raw and undeveloped. However, the ideas in the slides do indicate the general direction the JSR is headed, with respect to modernizing, simplifying, and standardizing the Java EE Security API.
Securing your Applications for the Cloud AgeArtur Alves
Slide deck used for an Oracle EMEA Developers webinar, where I explain how to embrace cloud age security for custom built Node.js applications, using Oracle IDCS platform.
Making DevSecOps a Reality in your Spring ApplicationsHdiv Security
The adoption of DevOps and Continuous Delivery provides tangible benefits such as higher quality, stability, and faster release cadence. One of the most important issues within this adoption is related to security quality tasks that have been traditionally implemented manually.
The talk will demonstrate the security integration of Spring ecosystem demo applications with the Jenkins CI server to jump start continuous and in-depth security testing into the DevOps CI/CD pipeline, via automation and orchestration.
Building A Business-Facing Mobile Developer CommunityProgrammableWeb
Building A Business-Facing Mobile Developer Community
Andy Jones, Technical Director EMEA, SOA Software
The proliferation of mobile apps has led to increased interaction between two previously separate groups: mobile app developers and corporate managers of enterprise systems. The API is the connector. Creating a developer community that serves your mobile strategy is a challenge on both technical and business levels. Mobile developers are essentially business partners, even if they do not see themselves as such and successfully engaging them will be key to delivering value from the API. In this presentation, we will discuss some proven practices that can ensure that businesses make the best use of APIs to extend themselves into the mobile realm:
Offering business capabilities that are important to partners
Tailoring APIs to each partner
Managing partner registration with workflow
Allowing partners to monitor and analyze their own API usage
Accelerating the process of externalizing applications
Securing the apps
Mediating transports protocols
Webinar: "Entitlements: Taking Control of the Big Data Gold Rush"ForgeRock
Information is the new currency and as more “things” come online the volume of data will dramatically increase. Typically, this data is stored in multiple repositories and different personas have different levels of access.
In this webinar, which was recorded on August 18th, 2015, you can learn how to answer key questions to today’s tough challenges:
How do we keep sensitive data, secure it and make it accessible?
How do we manage authorization policies related to this data?
How do we manage entitlements for not only web apps, but also users, devices and things?
ForgeRock’s Senior Software Developer, Andy Forrest, discussed the challenges and solutions surrounding Entitlements.
Azure Key Vault with a PaaS Architecture and ARM Template DeploymentRoy Kim
This is a presentation I held at a local Azure user group. The session abstract: Azure Key Vault is a tool for securely storing and accessing secrets. We will go through a popular Azure PaaS Architecture pattern using Key Vault to store a password. I will demo and walk through the general configuration of a dedicated Azure Function app, Azure SQL and Key Vault that was deployed with automation. I will then go through fairly advanced techniques and best practices on how to deploy Azure Key Vault and a password secret with ARM templates. Finally, a very brief look at my Azure DevOps Pipeline to deploy the ARM template. You will come away with an understanding of an applied use case of leveraging Azure Key vault for a PaaS solution in better managing a password secret.
Java Web Application Security - Denver JUG 2013Matt Raible
During this presentation, you'll learn how to implement authentication in your Java web applications using good ol' Java EE 6 Security, Spring Security and Apache Shiro. You'll also learn how to secure your REST API with OAuth and lock it down with SSL.
After learning how to integrate security, I'll show how to use Zed Attack Proxy to pentest your app and fix vulnerabilities.
Top Ten Proactive Web Security Controls v5Jim Manico
It is not easy to build a secure, low-risk or risk-managed web application. Firewalls, “policy” and other traditional information security measures serve as either an incomplete or useless measure in the pursuit of web application security.
As software developers author the code that makes up a web application, they need to do so in a secure manner. All tiers of a web application, the user interface, the business logic, the controller, the database code and more – all need to be developed with security in mind. This can be a very difficult task and developers are often set up for failure. Most developers did not learn about secure coding or crypto in school. The languages and frameworks that developers use to build web applications are often lacking critical core controls or are insecure by default in some way. There may be inherent flaws in requirements and designs. It is also very rare when organizations provide developers with prescriptive requirements that guide them down the path of secure software. When it comes to web security, developers are often set up to lose the security game.
This document was written by developers for developers, to assist those new to secure development. It aims to guide developers and other software development professionals down the path of secure web application software development.
This document is neither scientific nor complete. In fact it is a bit misguided. There are more than 10 issues that developers need to be aware of. Some of these “top ten” controls will be very specific, others will be general categories. Some of these items are technical, others are process based. Some may argue that this document includes items that are not even controls at all. All of these concerns are fair. Again, this is an awareness document meant for those new to secure software development. It is a start, not an end.
Password Policies in Oracle Access Manager. How to improve user authenticatio...Andrejs Prokopjevs
This presentation is about how System Administrators and/or Oracle Apps DBAs can improve and meet user authentication security standards in Oracle E-Business Suite by using Oracle Access Manager integration and it's password policy management.
We will talk about:
- Current Oracle E-Business Suite password security limitations.
- Implementation of password policy management in Oracle Access Manager releases. Comparing the capabilities and why you should upgrade your OAM to the latest 11gR2.
- A use case example of most common configuration.
- Demo.
Getting Started with API Management – Why It's Needed On-prem and in the CloudRevelation Technologies
APIs are one of the main elements of cloud services. All major cloud service providers expose REST APIs to allow you to programmatically access their services and capabilities. SOAP and REST are the two most common ways of exposing APIs, whether to external, partner, cloud, or internal developers.
The concept of API management is to publish these web APIs for consumption, and includes capabilities such as monitoring, security, and documentation.
This presentation introduces basic concepts of APIs, API management, cloud REST services, and a brief walkthrough of WSO2 API Manager and Oracle API Gateway to see how you can centrally publish, expose, and secure APIs, essentially virtualizing your backend services.
Whether you’re just beginning to explore cloud computing or adopting it at enterprise-scale, it is important to build security into your architecture. But gone are the days of manual security audits that slow down agile development. Your modern continuous integration and continuous delivery architecture demands continuous security that doesn’t hinder DevOps. In this session, we’ll share tips to help your organization embrace DevSecOps. Presented by RedLock.
by Varun Badhwar, CEO & Co-founder, RedLock
Whether you’re just beginning to explore cloud computing or adopting it at enterprise scale, it is important to build security into your architecture. Gone are the days of manual security audits that slow down agile development. Your modern continuous integration and continuous delivery architecture demands continuous security that doesn’t hinder DevOps. In this session, we’ll share tips to help your organization embrace DevSecOps. Presented by RedLock.
Migrating and Modernizing Identity on the Path to Multi CloudStrata Identity
After dozens of customer interviews with some of the world’s largest enterprises, the team here at Strata learned first hand the challenges customers face when considering identity migration and modernization projects. We're sharing those learnings in this session while outlining the 5 most common migration use cases. We also cover how the right combination of software and services can accelerate delivery timelines while removing uncertainty from your project.
Securing eHealth, eGovernment and eBanking with Java - DWX '21Werner Keil
The EU increases its cooperation on cyber defense to strengthen its resilience to cyber-attacks through the EU Cybersecurity Act and certification of products, services or applications. To be as well prepared as possible against hacker attacks or the distribution of "fake news", fake documents or transactions. Like a One Trillion Amazon refund or fake tax returns. The IT industry may use this mechanism to certify products like connected vehicles, government services or smart medical devices. Due to its platform independence, Java plays an important role, especially in web, cloud or enterprise environments. In addition the PSD2 regulation went into effect in 2019 to make payments more secure, boost innovation and help banking services adapt to new technologies.
This session shows use cases of the DSS Framework and solutions based on it, such as Digidoc4J. DSS (Digital Signature Services) is a Java framework for the creation and validation of electronic signatures. DSS supports the creation and validation of interoperable and secure electronic signatures in accordance with European legislation, in particular the eIDAS Regulation, as well as IT standards like OASIS DSS. We are going to demonstrate how different documents and services can be signed and verified. Securing the data exchange using standards like DICOM, HL7 to OCSI or PSD2 and XS2A.
OpenDDR and Jakarta MVC - JavaLand 2021Werner Keil
We experience a growing number of mobile phones, tablets, phablets, foldables, smart TV, watches or home assistants and similar devices flooding the market almost every day. If you want to create a responsive web application with the best user experience you need dynamic adaptive content according to all relevant aspects of your device. That’s the reason for Device Description Repositories (DDR).
This session provides an overview of the W3C DDR standard for Mobile Device recognition and the OpenDDR project. Followed by a live demo of extensions to Spring MVC and the Jakarta MVC standard, plus .NET using C# and VB.NET leveraging the power of OpenDDR to simplify the development of cross device web applications. All offer automatic device detection based on OpenDDR, configuration of user preferences, automatically forward to the most appropriate view for a particular device or device type. As well as device aware templates, view engines and more.
How JSR 385 could have Saved the Mars Climate Orbiter - Zurich IoT Day 2021Werner Keil
In 1999, NASA lost the $125 million Mars Climate Orbiter as it went into orbital insertion. Due to a mismatch between US customary and SI units of measurements in one of the APIs, the spacecraft came too close to the planet, passed through the upper atmosphere and disintegrated. Sadly, this hasn’t been the only instance where a mismatch between units of measurements had catastrophic consequences, but it’s certainly one of the most spectacular and expensive ones.
How could this happen? The bad news: if you use primitive types to handle quantities in your code, due to the same practice at best, you’ve codified the unit in a variable name or database field, e.g. calling it lengthInMetres. Otherwise, you’re only relying on convention, just like Lockheed Martin and NASA did.
Join this compact version of our talk for IoT Day 2021 to learn how JSR 385 can help you avoid $125 million mistakes, how it applied the 2019 redefinition of SI base units, and discover the immeasurable world of dimensions, units and quantities.
OpenDDR and Jakarta MVC - Java2Days 2020 VirtualWerner Keil
We experience a growing number of mobile phones, tablets, phablets, foldables, smart TV, watches, or home assistants, and similar devices flooding the market almost every day. If you want to create a responsive web application with the best user experience you need dynamic adaptive content according to all relevant aspects of your device. That’s the reason for Device Description Repositories (DDR).
This session provides an overview of the W3C DDR standard for Mobile Device recognition and the OpenDDR project. Followed by a live demo of extensions to Spring MVC and the Jakarta MVC standard leveraging the power of OpenDDR to simplify the development of cross device web applications. Both offer automatic device detection based on OpenDDR, configuration of user preferences, automatically switch the path to the most appropriate view for a particular device or device type. As well as device aware templates, view engines, and more.
The amount of data collected by applications nowadays is growing at a scary pace. Many of them need to handle billions of users generating and consuming data at an incredible speed. Maybe you are wondering how to create an application like this? What is required? What works best for your project?
In this session we’ll compare popular Java and JVM persistence frameworks for NoSQL databases: Spring Data, Micronaut, Hibernate OGM, Jakarta NoSQL, and GORM. How do they compare, what are the strengths, weaknesses, differences, and similarities? We’ll show each of them with a selection of different NoSQL database systems (Key-Value, Document, Column, Graph).
The data load on applications has increased exponentially in recent years. We know the JVM (Java Virtual Machine) can cope with heavy loads very well yet we often come across the big dilemma: there are tons of persistence frameworks out there but which one performs best for my case? It would normally take ages to evaluate and choose the best fit for your use case. We’ve done those comparisons for you.
How JSR 385 could have Saved the Mars Climate Orbiter - JFokus 2020Werner Keil
In 1999, NASA lost the $125 million Mars Climate Orbiter as it went into orbital insertion. Due to a mismatch between US customary and SI units of measurements in one of the APIs, the spacecraft came too close to the planet, passed through the upper atmosphere and disintegrated. Sadly, this hasn’t been the only instance where a mismatch between units of measurements had catastrophic consequences, but it’s certainly one of the most spectacular and expensive ones.
How could this happen? The bad news: if you use primitive types to handle quantities in your code, due to the same practice at best, you’ve codified the unit in a variable name or database field, e.g. calling it lengthInMetres. Otherwise, you’re only relying on convention, just like Lockheed Martin and NASA did.
Join this talk to learn how JSR 385 can help you avoid $125 million mistakes, how it applies the 2019 redefinition of SI base units, and discover the immeasurable world of dimensions, units and quantities.
Money, Money, Money, can be funny with JSR 354 (Devoxx BE)Werner Keil
Maintenance Lead Werner Keil will present JSR 354 (Money and Currency). He will discuss the API from a developer as well as user perspective and share details on the design decisions behind the JSR. Monetary values are a key feature of many applications, yet the JDK provides little or no support.
The existing java.util.Currency class is strictly a structure used for representing current ISO-4217 currencies, but not associated values or custom currencies. The JDK also provides no support for monetary arithmetic or currency conversion, nor for a standard value type to represent a monetary amount.
The session will demonstrate how the JSR models monetary capabilities, monetary amounts, currencies, rounding, financial arithmetics as well as formatting and currency conversion in a platform independent and flexible manner.
The first part of the talk will focus on key concepts, improvements like Java 9/Jigsaw modularity and planned new features for a future release followed by a live coding session demonstrating the Money JSR in action.
Money, Money, Money, can be funny with JSR 354 (DWX 2019)Werner Keil
Maintenance Leads Werner Keil and Anatole Tresch will present JSR 354 (Money and Currency). They will discuss the API from a developer as well as user perspective and share details on the design decisions behind the JSR.
Monetary values are a key feature of many applications, yet the JDK provides little or no support. The existing java.util.Currency class is strictly a structure used for representing current ISO-4217 currencies, but not associated values or custom currencies. The JDK also provides no support for monetary arithmetic or currency conversion, nor for a standard value type to represent a monetary amount.
The session will demonstrate how the JSR models monetary capabilities, monetary amounts, currencies, rounding, financial arithmetics as well as formatting and currency conversion in a platform independent and flexible manner. The first part of the talk will focus on key concepts, improvements like Java 9/Jigsaw modularity and planned new features for a future release followed by a live coding session demonstrating the Money JSR in action.
NoSQL: The first New Jakarta EE Specification (DWX 2019)Werner Keil
Jakarta EE NoSQL is a framework and collection of tools that make integration between Java applications and NoSQL quick and easy—for developers as well as vendors. The API is easy to implement, so NoSQL vendors can quickly implement, test, and become compliant by themselves. And with its low learning curve and just a minimal set of artifacts, Java developers can start coding without having to worry about the complexity of specific NoSQL databases instead of their core aspects (such as graph or document properties). Built with functional programming in mind, it leverages all the features of Java 8 and above.
This session covers how the API is structured, how it relates to the multiple NoSQL database types, and how you can get started and involved in this open source technology and help the first new Jakarta EE specification evolve.
How JSR 385 could have Saved the Mars Climate Orbiter - Adopt-a-JSR DayWerner Keil
In 1999, NASA lost the $125 million Mars Climate Orbiter as it went into orbital insertion. Due to a mismatch between US customary and SI units of measurements in one of the APIs, the spacecraft came too close to the planet, passed through the upper atmosphere and disintegrated. Sadly, this hasn’t been the only instance where a mismatch between units of measurements had catastrophic consequences, but it’s certainly one of the most spectacular and expensive ones.
How could this happen? The bad news: if you use primitive types to handle quantities in your code, due to the same practice at best, you’ve codified the unit in a variable name or database field, e.g. calling it lengthInMetres. Otherwise, you’re only relying on convention, just like Lockheed Martin and NASA did.
Join this talk to learn how JSR 385 can help you avoid $125 million mistakes, how it applies the 2019 redefinition of SI base units, and discover the immeasurable world of dimensions, units and quantities.
Indroductory slides for the Adopt-a-JSR Day by Utrecht JUG
JNoSQL: The Definitive Solution for Java and NoSQL DatabasesWerner Keil
JNoSQL is a framework and collection of tools that make integration between Java applications and NoSQL quick and easy—for developers as well as vendors. The API is easy to implement, so NoSQL vendors can quickly implement, test, and become compliant by themselves. And with its low learning curve and just a minimal set of artifacts, Java developers can start coding by worrying not about the complexity of specific NoSQL databases but only their core aspects (such as graph or document properties). Built with functional programming in mind, it leverages all the features of Java 8. This session covers how the API is structured, how it relates to the multiple NoSQL database types, and how you can get started and involved in this open source technology.
Eclipse JNoSQL: The Definitive Solution for Java and NoSQL DatabasesWerner Keil
JNoSQL is a framework and collection of tools that make integration between Java applications and NoSQL quick and easy—for developers as well as vendors. The API is easy to implement, so NoSQL vendors can quickly implement, test, and become compliant by themselves. And with its low learning curve and just a minimal set of artifacts, Java developers can start coding by worrying not about the complexity of specific NoSQL databases but only their core aspects (such as graph or document properties). Built with functional programming in mind, it leverages all the features of Java 8. This session covers how the API is structured, how it relates to the multiple NoSQL database types, and how you can get started and involved in this open source technology.
Physikal - Using Kotlin for Clean Energy - KUG MunichWerner Keil
Tenkiv developed a new kind of solar power system focused on cost-effectiveness and scalability in need of data acquisition system to collect and analyze data from different sensors throughout the cloud. Because the system may have different energy conversion devices (modules), different number of thermal circuits, collectors, etc. the control software has to be very adaptable to match these varying configurations.
Therefore the JVM was an ideal choice. The control software "Nexus Brain" is written in Kotlin. It heavily uses Units of Measurement, so Tenkiv created Physikal, a Kotlin extension to the Java 8 implementation of JSR 363. A project also used by others, for example in collaboration with NASA or ETH Zurich.
This session will give a brief overview of how Tenkiv and Nexus Brain use Kotlin and Physikal/JSR 363 to calculate the optimal usage of alternate energy sources and control solar power systems for making clean water anywhere from Flint Michigan to Afghanistan or Cape Town.
Physikal - JSR 363 and Kotlin for Clean Energy - Java2Days 2017Werner Keil
This session will give you a brief overview of how Tenkiv and Nexus Brain use Kotlin and Physikal/JSR 363 to calculate the optimal usage of alternate energy sources and control solar power systems used for making clean water anywhere from Flint Michigan to Afghanistan.
Performance Monitoring for the Cloud - Java2Days 2017Werner Keil
Performance Monitoring tools like Performance Co-Pilot (PCP) existed almost longer than the World Wide Web. It was developed in the early 90s by SGI. Parts were made available open source from 2000 on, which led to a further spread of the tool. In recent years an active community formed and a variety of new features and enhancements were added. PCP is now part of Red Hat and SuSE Linux Enterprise editions and included in many other Linux distributions. Versions for other Unix variants, OS X and Windows also exist. This session compares popular Open Source Monitoring Tools like Performance Co-Pilot, StatsD, Dropwizard Metrics, Prometeus, MicroProfile Metrics or StatsD. How they each support Containers or Virtualization, share data with IT monitoring systems like Nagios or Zabbix, or process analyze and visualize it via Carbon, Graphite or Grafana/ElasticSerch.
With IoT it’s all about things and sensors. And when representing a temperature, for example, we normally have it as a float. But is this float in Celsius? Kelvin? This is one of the problems JSR 363 wants to solve: have all “real world” value and unit data represented in a standard way. This JSR is also very suitable for scientific applications, where data representation, conversion, and formatting are very important. In this session, you’ll see how developers as well as platform providers can leverage this JSR, coding a smart gas pump that reports its values by using Java standards. Come to meet JSR 363, Units of Measurement.
Das Wachstum an Mobiltelefonen, Tablets und ähnlichen Geräten, die den Markt geradezu überschwemmen erleben wir Tag für Tag.
Die Spezifikation jedes Einzelnen genau zu verfolgen ist ein Knochenjob. Diese Mühe kann reduziert werden, wenn zur Verbesserung dasDevice Description Repository – kurz DDR - beigesteuert wird und Anwender dieses selbst verwaltet können.
Apache DeviceMap entstand als Kooperation von OpenDDR und anderen, um ein umfassendes Open Source Daten-Repository mit Geräteinformationen, Bilder und andere relevante Informationen für alle Arten von mobilen Geräten zu schaffen, Smartphones, Tablets, Smart-TV, u.dgl.
Das Projekt begann im Januar 2012, im Herbst 2012 wurden DDR APis für Java und .NET von OpenDDR beigesteuert. Im Herbst 2014 verließ DeviceMap erfolgreich den Apache Incubator. Die nächsten Schritte umfassen verbesserte Erkennung von Informationen im UserAgent String. Java Portlet 3.0 Integration via Apache Pluto. Sowie Crowd-Sourcing der Device Repository Daten und eine Speicher-Struktur, die langfristige Erhaltung und Pflege dieser Daten durch die Apache Gemeinde erlaubt.
JSR 354: Money and Currency API - Short OverviewWerner Keil
JavaMoney is the new monetary API for the Java™ Platform as well as related projects and libraries. Whereas the API (JSR 354) provides a portable and extendible API for handling of Money & Currency models, Moneta provides a production ready reference implementation.
The JavaMoney libraries add additional functionalities that were built on top of the API such as
- Basic financial operations
- Rounding
- Currency conversion
- Extended formatting (usable for arbitrary types)
JavaLand: Quantified Social - Fitness-Geräte und -Portale mit AgoravaWerner Keil
Quantified Self ist die Messung, Protokollierung und in der Regel das Teilen von Gesundheits- und Fitnessdaten mit anderen über einen gewissen Zeitraum durch Verwendung von Sensoren - zur Förderung eines gesünderen Lebensstils, um fit zu bleiben oder Gewicht zu verlieren. Andere Anwendungsfälle sind Messung von Blutzuckerspiegel, Puls oder Herzfrequenz - die Grenzen zwischen Freizeit/Fitness und Gesundheitswesen sind hier oft fließend.
Diese Session bietet einen Überblick zu populären Fitness-Geräten, APIs, Fitness- und IoT-Portalen. Deren Anbindung durch Agorava, das Social Framework auf Basis von CDI, JAX-RS, JSON und OAuth. Dank paralleler Unterstützung mehrerer APIs ermöglicht Agorava nicht nur, Freunde bei Fitbit, Strava, Twitter oder Facebook über die Leistungen zu informieren, sondern auch etwa bei Foursquare auf der Strecke einzuchecken.
The First IoT JSR: Units of Measurement - DevoXX BE 2015Werner Keil
Come to meet JSR 363 - Units of Measurement! It's the first JSR targeted to help you work with IoT devices, tackling sensors and measurements in a standard way. We all know that when representing a temperature, for example, we normally have it as a float. But, is this float in Celsius? Fahrenheit? Kelvin? This is one of the problems this JSR wants to solve: have all "real world" value and unit data represented in a standard way. This JSR is also very suitable for scientific applications, where data representation, conversion and formatting is very important.
In this presentation, we'll see how both developers and platform providers can leverage this JSR, coding for a smart home or smart gas pump that reports its values in a standard way. As well as other use cases and actual embedded devices like Raspberry Pi or Intel Edison.
And this JSR is still in the making. Be first hand witness of the JSR 363 Public Draft (due around Nov) and learn how YOU can get involved and help Java grow in the IoT space! We'll explore how JSRs work and how you can get involved in the JCP and work with this and other JSRs.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.