Nowadays REST APIs are behind each mobile and nearly all of web applications. As such they bring a wide range of possibilities in cases of communication and integration with given system. But with great power comes great responsibility. This talk aims to provide general guidance related do API security assessment and covers common API vulnerabilities. We will look at an API interface from the perspective of potential attacker.
I will show:
how to find hidden API interfaces
ways to detect available methods and parameters
fuzzing and pentesting techniques for API calls
typical problems
I will share several interesting cases from public bug bounty reports and personal experience, for example:
* how I got various credentials with one API call
* how to cause DoS by running Garbage Collector from API
eBPF is one of the key technologies nowadays. There are several existing technologies in network or observability fields but not much in storage space. This presentation tells my research story and tries to define some of the possibilities of the technology.
Nowadays REST APIs are behind each mobile and nearly all of web applications. As such they bring a wide range of possibilities in cases of communication and integration with given system. But with great power comes great responsibility. This talk aims to provide general guidance related do API security assessment and covers common API vulnerabilities. We will look at an API interface from the perspective of potential attacker.
I will show:
how to find hidden API interfaces
ways to detect available methods and parameters
fuzzing and pentesting techniques for API calls
typical problems
I will share several interesting cases from public bug bounty reports and personal experience, for example:
* how I got various credentials with one API call
* how to cause DoS by running Garbage Collector from API
eBPF is one of the key technologies nowadays. There are several existing technologies in network or observability fields but not much in storage space. This presentation tells my research story and tries to define some of the possibilities of the technology.
this slides explains basics of system administration by raising these question, what is system administration? who can become syss admin? how to become sys admin? and discusses about tools used by sys admins.
PCD – Process Control Daemon is a light-weight system level process manager for Embedded-Linux based projects (consumer electronics, network devices, etc.).
PCD starts, stops and monitors all the user space processes in the system, in a synchronized manner, using a textual configuration file.
PCD recovers the system in case of errors and provides useful and detailed debug information.
What is Email Header - Understanding Email Anatomyemail_header
Email Headers - are the meta-data attached to emails that provide tracking information of mails such as sender, receiver, subject, sender time-stamps, etc.
Video: https://www.youtube.com/watch?v=FJW8nGV4jxY and https://www.youtube.com/watch?v=zrr2nUln9Kk . Tutorial slides for O'Reilly Velocity SC 2015, by Brendan Gregg.
There are many performance tools nowadays for Linux, but how do they all fit together, and when do we use them? This tutorial explains methodologies for using these tools, and provides a tour of four tool types: observability, benchmarking, tuning, and static tuning. Many tools will be discussed, including top, iostat, tcpdump, sar, perf_events, ftrace, SystemTap, sysdig, and others, as well observability frameworks in the Linux kernel: PMCs, tracepoints, kprobes, and uprobes.
This tutorial is updated and extended on an earlier talk that summarizes the Linux performance tool landscape. The value of this tutorial is not just learning that these tools exist and what they do, but hearing when and how they are used by a performance engineer to solve real world problems — important context that is typically not included in the standard documentation.
This talk shares the various techniques I found whilst building the XSS cheat sheet. It contains auto executing vectors, AngularJS CSP bypasses and dangling markup attacks.
this slides explains basics of system administration by raising these question, what is system administration? who can become syss admin? how to become sys admin? and discusses about tools used by sys admins.
PCD – Process Control Daemon is a light-weight system level process manager for Embedded-Linux based projects (consumer electronics, network devices, etc.).
PCD starts, stops and monitors all the user space processes in the system, in a synchronized manner, using a textual configuration file.
PCD recovers the system in case of errors and provides useful and detailed debug information.
What is Email Header - Understanding Email Anatomyemail_header
Email Headers - are the meta-data attached to emails that provide tracking information of mails such as sender, receiver, subject, sender time-stamps, etc.
Video: https://www.youtube.com/watch?v=FJW8nGV4jxY and https://www.youtube.com/watch?v=zrr2nUln9Kk . Tutorial slides for O'Reilly Velocity SC 2015, by Brendan Gregg.
There are many performance tools nowadays for Linux, but how do they all fit together, and when do we use them? This tutorial explains methodologies for using these tools, and provides a tour of four tool types: observability, benchmarking, tuning, and static tuning. Many tools will be discussed, including top, iostat, tcpdump, sar, perf_events, ftrace, SystemTap, sysdig, and others, as well observability frameworks in the Linux kernel: PMCs, tracepoints, kprobes, and uprobes.
This tutorial is updated and extended on an earlier talk that summarizes the Linux performance tool landscape. The value of this tutorial is not just learning that these tools exist and what they do, but hearing when and how they are used by a performance engineer to solve real world problems — important context that is typically not included in the standard documentation.
This talk shares the various techniques I found whilst building the XSS cheat sheet. It contains auto executing vectors, AngularJS CSP bypasses and dangling markup attacks.
Innova Junior College's General Paper educator, Ms Serene Tan and Ms Lee Rui Jun presented at the 2012 Virtual Worlds Best Practices in Education Conference on Second Life on the topic 'Teaching Prejudice and Discrimination Using Second Life'.
Conference Abstract: Welcome to Maletopia, a Second Life build that seeks to facilitate students’ exploration of ideas in prejudice and discrimination, one of the topics in the General Paper (GP) curriculum. The presentation will cover the rationale, objectives and design of the lessons revolving around Maletopia, which will be implemented in April 2012, by the GP Unit from Innova Junior College (Singapore, Grades 11-12). Through adopting the identities of their avatars, it is envisaged that Maletopia provides a stimulating environment for students to ‘leave behind’ their actual identities and engage in fruitful dialogues for enhanced understanding of prejudice and discrimination issues.
As a school leader or head of subject you are required to analyse attainment data relating to whole cohorts of learners. From this analysis you need to produce timely interventions and measurable initiatives to improve the very performance you are monitoring. This requires data analysis - something that most teachers and leaders either find daunting or only address in a superficial manner. Covering chapters on Data Analysis, Problems With The Mean, Comparative Statistics, Analysis Of Variance and the incredibly powerful General Linear Model (GLM) - this is a text book for real teachers faced with real issues in real classrooms.
2. Licenta software Licenta software este un instrument legal ceguverneazafolosireasiredistribuireaunuisofteware Software-uleste o serie de programesauprocedurisaureguliasociateuneidocumentatiifolosite in operareaunuisistem de calcul . Toate software-urile licentiate suntprotejate de legi ale dreptului de autor.
3. Tipuri de licente software Comerciala- incheiata in urmaachizitionariiunui software platit. Shareware – software oferitutilizatorilorfaraplata,dar cu anumitelimitarisaupe o perioadadeterminata de timp,adeseaoferitsi sub o combinatie de functionalitate,disponitibilitatesauconvenienta. Freeware – licentaoferita in mod gratuit.
4. Tipuri de licentemaiputincunoscute Abandonwareesteun tip de licenta software care se refera la softul care nu maieste in vanzare, nu maiestesustinut de o companiesaupentru care nu estecunoscut (sauesteincert) autorul. Beerware, licenta care oferadreptul de folosire cu conditia ca in cazul in care teintalnesti cu autorulrespectivului soft sa ii cumperi o bere. Careware– utilizatorul nu platesteautoruluisoftuluirespectiv, cidoneazapentru un anumeeveniment (proiect) caritabil. Greenware in schimbulutilizariiprodusului software trebuiesafaci “o faptabuna” pentrumediulinconjurator. Donationware– asemanator cu Careware, trebuiefacuta o donatiepentru a inregistraaplicatiarespectiva. E-mailware– inregistrarea se face trimitand un email autorului Postcardware– cel care folosesteaplicatiarespectivatrebuiesa ii trimita o carte postalaautorului. Prayerware– spune o rugaciunepentruautorulapplicatieisi o potifolosi .
5. Pirateria Pirateria programelor software implică reproducerea și distribuirea ilegală a aplicațiilor software în interes personal sau pentru comercializare ilegală. Piraterie la nivelul Utilizatorului Final - când utilizatorii copiază un software fără licență. Programe software preinstalate - când un producător de calculatoare ia o singură copie a programului software și o instalează pe mai multe calculatoare Pirateria pe Internet - când copii neautorizate sunt descărcate de pe Internet. Contrafacere - când copii ilegale sunt produse și distribuite în pachete ce imită pachetele originale. Licitații online -Software revândut prin încălcarea termenilor originali de vânzare.
6. Cine pirateaza? In principal cei care priradeazasuntCRACKERII care se ocupa in general cu modificareailegala a aplicatiilor software protejateimpotrivautilizariineautorizate. Princreareasifolosireaunormiciprogramelescrise in limbaje de programareobisnuiteprecumBASIC, PASCAL sau C++ reusescsamodificerespectivaaplicatiesoftware incatsa nu mai fie necesaralicenta. De obiceiastfel de programenumitesicrack-urigenereazaun serial number recunoscut de respectivul soft. O altametoda o reprezintarulareaprogramului care urmeazasa fie „spart” sub unul din limbajele de programareamintitemaisussiverificareainstructiune cu instructiune a acestuia cu scopul de a eliminaliniile de comandareferitoarela verificarealicentei.
7. Desprepiraterie In prezent Romania se aflapelocul 44 in lume in topultarilorprivintpirateria software ,cu un procentaj de 68% de computerecefolosesc software piratat. Pelocul 1 se afla Armenia cu 93%,iar peultimul loc S.U.A. cu 20%,media tuturortarilorfiind de 59,9%. Pierderiletotale estimate doarpeanul 2008 fiind de 53 mii de milioane de dolari.
9. Avantaje Folosind software licențiat, vă asigurați că produsele cumpărate sunt fiabile. Beneficiere de suport tehnic pentru acestea. Update-urile critice vor fi disponibile atunci când veți avea nevoie de ele.
10. concluzii In Romania sioriunde in lumefolosireasoftwareului in mod ilegal se pedepseste cu amenda,dar se poateajungesipana la pedeapsa cu inchisoarea. Folositeasoftwareului legal aducefirmelordezvoltatoare de software venitulnecesar de a prospera firma si de a dezvolta in continuaresoftwareuri.