My presentation at BarCamp Ghent 2 (nov 29, 2008), providing a quick overview of HTML 5. Includes two detailed cases, one about local storage APIs and one about the new video element. Check http://lensco.be for more.
My presentation at BarCamp Ghent 2 (nov 29, 2008), providing a quick overview of HTML 5. Includes two detailed cases, one about local storage APIs and one about the new video element. Check http://lensco.be for more.
Google Cloud Endpoints: Building Third-Party APIs on Google AppEngineRoman Kirillov
This is a slide deck of a talk given to a London GDG meeting on 2013/07/10. It covers following topics:
* Building RESTful APIs using Cloud Endpoints and Google AppEngine
* Building Javascript and Android clients for these APIs
* Enabling OAuth2 authentication for this APIs.
Full video recording of the talk will be available later.
BDD to the Bone: Using Behave and Selenium to Test-Drive Web ApplicationsPatrick Viafore
Talk about Behavior-driven Development, Behave, Selenium and Python
Project is found at https://github.com/pviafore/BddToTheBone
Presented at PyTennessee 2017
YouTube video -> https://youtu.be/H2FuJYlbzDg
Google Cloud Endpoints: Building Third-Party APIs on Google AppEngineRoman Kirillov
This is a slide deck of a talk given to a London GDG meeting on 2013/07/10. It covers following topics:
* Building RESTful APIs using Cloud Endpoints and Google AppEngine
* Building Javascript and Android clients for these APIs
* Enabling OAuth2 authentication for this APIs.
Full video recording of the talk will be available later.
BDD to the Bone: Using Behave and Selenium to Test-Drive Web ApplicationsPatrick Viafore
Talk about Behavior-driven Development, Behave, Selenium and Python
Project is found at https://github.com/pviafore/BddToTheBone
Presented at PyTennessee 2017
YouTube video -> https://youtu.be/H2FuJYlbzDg
2009 Barcamp Nashville Web Security 101brian_dailey
A super-brief (25 minute) talk on the basics of web security. A video (with poor audio that doesn't kick in until 9 minutes in, I'm sorry) is available here:
http://www.ustream.tv/recorded/2369801
Exploiting Cross-site scripting flaws can be a trivial challenge for anyone new to Web Application Security. This presentation aims to provide useful information on understanding different types of XSS, attack methodologies and common ways of exploiting them.
Today most the business is running through web and even most of the attacks are also done through web hackers only.
Application Attacks vary and evolve rapidly to exploit newly created or identified vulnerabilities as do the reasons and consequences of attacks. Other Attacks: – Cookie Attacks – Database Interaction – Hidden Fields
The attack works by including a link or script in a page that accesses a site to which the user is known (or is supposed) to have been authenticated
Joomla! attempts to protect againt CSRF by inserting a random string called a token into each POST form and each GET query string that is able to modify something in the Joomla! system.
For Integers: $int = JRequest::getInt( $name, $default ); For Floats (decimals): $float = JRequest::getFloat( $name, $default ); For boolean values (true/false): $bool = JRequest::getBool( $name, $default ); For "words" (only allows alpha characters, and the _ character) $word = JRequest::getWord( $name, $default ); For "commands" (Allows alpha characters, numeric characters, . - and _ ) $cmd = JRequest::getCMD( $name, $default ); For NON-HTML text (all HTML will be stripped) $string = JRequest::getString( $name, $default );
Conclusion: Validate all user input before you use it in a SQL query. Apply $string = $database->getEscaped( $string ); $string = $db->getEscaped( $string ); to all strings that will be used in SQL queries, and apply $value = intval( $value ); $value = intval( $value ); to all integer numbers you use in SQL queries. Again, for more information on SQL injections, please take a look at the listed resources, especially .
The files of your component will usually be called by Joomla!. Joomla! is a wrapper around your software, it provides many usefull features like user authentication and so on. Since developers usually test their components only through Joomla!, they tend to forget about the possibility of calling files directly.