This document provides an overview and examples of the NK API for developing mobile applications, websites, and OpenSocial applications. It describes REST and JS APIs for authentication, making requests, uploading photos, payments, inviting friends, adding shouts, and communicating with users. Code samples are given for common tasks like uploading photos, checking group membership, and sending messages between users. Developers can find full documentation and support for building applications on the NK platform.
.NET Fest 2017. Михаил Щербаков. Механизмы предотвращения атак в ASP.NET CoreNETFest
Посмотрим на новый веб-фреймворк Microsoft с точки зрения безопасности. ASP.NET Core является продолжением развития платформы ASP.NET и, в отличие от старшего брата, код его полностью открыт и поддерживается сообществом. Архитектура фреймворка была переосмыслена, появились новые security features, часть существующих сильно переписана.
В докладе поговорим об этих различиях и разберем как теперь работают встроенные механизмы защиты от XSS и CSRF, какие возможности криптографии доступны из коробки, как устроено управление сессиями.
Доклад будет интересен в первую очередь разработчикам, пишущим защищенные ASP.NET-приложения, специалистам, проводящим security review .NET-проектов, и всем желающим разобраться в реализации компонентов безопасности на примере этой платформы.
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
OAuth is a widespread web-based standard. It’s purpose is to provide safe inter-application access to web resources without having to reveal passwords or other sensible credentials across the wire or to third party applications. After lots of tough discussions for two and a half years version 2.0 of this standard has been released – finally.
This session gives you an introduction to OAuth 2.0. You will understand its concepts as well as its limitations and pitfalls. You will also learn how it feels to write your own OAuth 2.0 based application based on real-life code examples.
CIS14: Developing with OAuth and OIDC ConnectCloudIDSummit
David Chase, Ping Identity
Exploring the implementation and architecture of OAuth and OpenID Connect, using web and mobile applications, with topics including grant types, choosing a grant type, refresh tokens, and managing sessions
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
Microservice architectures bring many benefits to software applications. But at the same time, new challenges of distributed systems have also been introduced. One of these challenges is how to implement a flexible, secure and efficient authentication and authorization scheme in such architectures.
The common solution for this is to use stateless token-based authentication and authorization by adopting standard protocols like OAuth 2.0 and OpenID Connect (OIDC).
In this talk, you will get a concise introduction into OAuth 2.0 and OIDC.
We will look at OAuth 2.0 and OIDC grant flows and discuss the differences between OAuth 2.0 and OpenID Connect. Finally, you will be introduced to the current best practices currently evolved by the working group.
So If you finally want to understand the base concepts of OAuth 2.0 and OIDC in a short time then this is the talk you should go for.
Spring Security is a security solution for enterprise applications developed
using the Spring Framework.
Out of the box Spring Security provide support for OpenID, ACL, Groups, JSR 250 Security Annotation and can be easily integrated with OAuth and RESTful systems.
In this presentation we will see how to use Spring Security to switch a RESTful webapp from a classical authentication/authorization to OpenID authentication, OAuth authorization and how to use the Spring Security ACL for your Domain Objects.
Passwords suck, but centralized proprietary services are not the answerFrancois Marier
Passwords are a big problem online and a lot of websites have turned to centralized services to handle logins for them. It's a disturbing trend from a privacy/surveillance point of view, but from a software freedom point of view, it's also turning these proprietary services into core dependencies.
That's why Mozilla is building Persona, a new federated and cross-browser system which makes identity a standard part of the browser. It's simple, privacy-sensitive and entirely free software.
Sebastian Schmidt, Rachel Myers - How To Go Serverless And Not Violate The GD...Codemotion
As your mobile users get accustomed to advanced features that require Cloud support, it becomes increasingly hard to protect their privacy while staying up to date with data protection regulations such as the GDPR. We would like to show you how you can continue to use cloud-based SDKs and employ Firebase to create an experience that pleases both your users and your newly hired data stewardship team.
.NET Fest 2017. Михаил Щербаков. Механизмы предотвращения атак в ASP.NET CoreNETFest
Посмотрим на новый веб-фреймворк Microsoft с точки зрения безопасности. ASP.NET Core является продолжением развития платформы ASP.NET и, в отличие от старшего брата, код его полностью открыт и поддерживается сообществом. Архитектура фреймворка была переосмыслена, появились новые security features, часть существующих сильно переписана.
В докладе поговорим об этих различиях и разберем как теперь работают встроенные механизмы защиты от XSS и CSRF, какие возможности криптографии доступны из коробки, как устроено управление сессиями.
Доклад будет интересен в первую очередь разработчикам, пишущим защищенные ASP.NET-приложения, специалистам, проводящим security review .NET-проектов, и всем желающим разобраться в реализации компонентов безопасности на примере этой платформы.
OAuth 2.0 – A standard is coming of age by Uwe FriedrichsenCodemotion
OAuth is a widespread web-based standard. It’s purpose is to provide safe inter-application access to web resources without having to reveal passwords or other sensible credentials across the wire or to third party applications. After lots of tough discussions for two and a half years version 2.0 of this standard has been released – finally.
This session gives you an introduction to OAuth 2.0. You will understand its concepts as well as its limitations and pitfalls. You will also learn how it feels to write your own OAuth 2.0 based application based on real-life code examples.
CIS14: Developing with OAuth and OIDC ConnectCloudIDSummit
David Chase, Ping Identity
Exploring the implementation and architecture of OAuth and OpenID Connect, using web and mobile applications, with topics including grant types, choosing a grant type, refresh tokens, and managing sessions
AllTheTalks.Online 2020: "Basics of OAuth 2.0 and OpenID Connect"Andreas Falk
Microservice architectures bring many benefits to software applications. But at the same time, new challenges of distributed systems have also been introduced. One of these challenges is how to implement a flexible, secure and efficient authentication and authorization scheme in such architectures.
The common solution for this is to use stateless token-based authentication and authorization by adopting standard protocols like OAuth 2.0 and OpenID Connect (OIDC).
In this talk, you will get a concise introduction into OAuth 2.0 and OIDC.
We will look at OAuth 2.0 and OIDC grant flows and discuss the differences between OAuth 2.0 and OpenID Connect. Finally, you will be introduced to the current best practices currently evolved by the working group.
So If you finally want to understand the base concepts of OAuth 2.0 and OIDC in a short time then this is the talk you should go for.
Spring Security is a security solution for enterprise applications developed
using the Spring Framework.
Out of the box Spring Security provide support for OpenID, ACL, Groups, JSR 250 Security Annotation and can be easily integrated with OAuth and RESTful systems.
In this presentation we will see how to use Spring Security to switch a RESTful webapp from a classical authentication/authorization to OpenID authentication, OAuth authorization and how to use the Spring Security ACL for your Domain Objects.
Passwords suck, but centralized proprietary services are not the answerFrancois Marier
Passwords are a big problem online and a lot of websites have turned to centralized services to handle logins for them. It's a disturbing trend from a privacy/surveillance point of view, but from a software freedom point of view, it's also turning these proprietary services into core dependencies.
That's why Mozilla is building Persona, a new federated and cross-browser system which makes identity a standard part of the browser. It's simple, privacy-sensitive and entirely free software.
Sebastian Schmidt, Rachel Myers - How To Go Serverless And Not Violate The GD...Codemotion
As your mobile users get accustomed to advanced features that require Cloud support, it becomes increasingly hard to protect their privacy while staying up to date with data protection regulations such as the GDPR. We would like to show you how you can continue to use cloud-based SDKs and employ Firebase to create an experience that pleases both your users and your newly hired data stewardship team.
CIS 2015b FIDO U2F in 10 minutes - Dirk BalfanzCloudIDSummit
In just under two-years the FIDO Alliance has produced a pair of specifications for strong authentication that have already been deployed at scale by some of the biggest brands in the world; Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F). Now the Alliance is working on adding additional methods for standards-based strong authentication. Come learn about these protocols and walk away with knowledge on what is available now, what is coming (hint: BLE, NFC, platform optimization), and what it takes to roll out strong authentication across your enterprise and to your customer base.
Synapse india dotnet development web approch part 2
SynapseIndia PHP Development,
SynapseIndia Magento Development,
SynapseIndia Reviews,
SynapseIndia Complaints,
SynapseIndia Sharepoint Development,
SynapseIndia dotnet Development
NoSQL oder: Freiheit ist nicht schmerzfrei - IT TageAlexander Hendorf
Der Vortrag zeigt, dass bei NoSQL auch nicht alles ganz einfach ist und genauso harte Entscheidungen getroffen werden müssen wie bei RDBMS. Anhand eines echten Use Cases werden wir die Unterschiede, Vor- und Nachteile von NoSQL am Beispiel von MongoDB beleuchten.
JSON Web Tokens, or JWTs, are a standardized way of representing a JSON-based data structure and transmitting it between two parties. JWTs rely on cryptographic signatures which ensure that the data transmitted in the JWT isn’t modified during transit. JWTs are designed to be extremely compact—small enough to be transmitted in an HTTP header, for example—and can be used in a variety of ways: as authorization tokens, client-side data storage, or even for the implementation of single sign on (SSO) solutions. They’re based on a very simple and elegant algorithm that’s easy to understand and quickly put to use. JWT implementations are available in virtually every programming language in common use for Web and mobile development.
Unfortunately, learning how to use JWTs can be complicated by the terminology that’s commonly used. “Claims,” “signatures,” “body,” “payload”—a large part of learning how JWTs work is deciphering these buzzwords and understanding how they map onto more familiar programming terms. This talk will focus on reducing this barrier to entry and making JWTs understandable to any programmer.
This talk will cover:
the structure of a JSON Web Token
the algorithm for generating one
available libraries and tooling
some common scenarios where JWTs can be used.
Particular emphasis will be given as to when and why JWTs provide for better solutions than other methods. Attendees should come away from this talk with a full understanding of how to use JWTs for a variety of purposes, and be ready and eager to put JWTs into use in both personal and professional contexts.
InheritedWidget is your friend - GDG London (2018-08-08)Andrea Bizzotto
On this talk we explore three different ways of getting access to dependencies in Flutter, and their tradeoffs.
First, we’ll take a look at global state as an easy way of getting the things we need. Then, we’ll talk about constructor dependency injection, what problems it solves, but also which new ones it introduces.
Finally, we will learn how to make use of InheritedWidget and how it can help as you scale up your apps. I’ll show a simple app as a example of how these techniques work in practice.
Building Your First Data Science Applicatino in MongoDBMongoDB
Speaker: Robyn Allen, Software Engineer, Central Inventions
Level: 100 (Beginner)
Track: Tutorials
To provide a hands-on opportunity to work with real data, this session will center around a web-hosted quiz application which helps students practice math and memorize vocabulary. After experimenting with a small demonstration dataset (generated by each individual during the workshop), attendees will be guided through working with an anonymized dataset in MongoDB. No prior MongoDB experience is required but attendees are expected to download and install MongoDB Community Edition (available for free from mongodb.com) and have a working Python 3 environment of their choice (e.g., IDLE, free from python.org) installed on a laptop they bring to the workshop.
Prerequisites:
Attendees are expected to bring a laptop with the following software installed:
MongoDB 3.4.x Community Edition
The text editor or IDE of their choice
A working Python 3 environment of their choice
No prior MongoDB experience is required.
What You Will Learn:
- How to load a CSV file into MongoDB using mongoimport and then write queries (using the Mongo shell) to ensure the data appears as expected. Attendees will use a demo version of an online quiz app to generate a small data file of raw session data (which can be accessed via http://strawnoodle.com/api/testdata after logging in to the demo app and answering one or more quiz questions about MongoDB). After studying how the demo app stores session data, attendees will practice using mongoimport to import anonymized session data (provided during the workshop) into MongoDB.
- How to use the aggregation pipeline (in PyMongo) to implement more complicated queries and gain insights from data. Because the sample dataset contains data from a variety of users of different skill levels, queries can be designed which reveal summary statistics for the anonymous user cohort or specific performance of individual users. Participants will receive instruction in using MongoDB aggregation pipelines in order to write powerful, efficient queries with very few lines of code.
- How to write queries to analyze sample data from an online quiz app. Once the sample data has been loaded into MongoDB, participants will be guided in writing basic queries to examine the sample data. Participants will have an opportunity to write queries in the Mongo shell and in Python in order to familiarize themselves with syntax variations and key ideas. Participants will learn how to implement CRUD operations in PyMongo.
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters
Erick Tedeschi fala sobre Segurança de identidade digital levando em consideração uma arquitetura de microserviço no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
CIS 2015b FIDO U2F in 10 minutes - Dirk BalfanzCloudIDSummit
In just under two-years the FIDO Alliance has produced a pair of specifications for strong authentication that have already been deployed at scale by some of the biggest brands in the world; Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F). Now the Alliance is working on adding additional methods for standards-based strong authentication. Come learn about these protocols and walk away with knowledge on what is available now, what is coming (hint: BLE, NFC, platform optimization), and what it takes to roll out strong authentication across your enterprise and to your customer base.
Synapse india dotnet development web approch part 2
SynapseIndia PHP Development,
SynapseIndia Magento Development,
SynapseIndia Reviews,
SynapseIndia Complaints,
SynapseIndia Sharepoint Development,
SynapseIndia dotnet Development
NoSQL oder: Freiheit ist nicht schmerzfrei - IT TageAlexander Hendorf
Der Vortrag zeigt, dass bei NoSQL auch nicht alles ganz einfach ist und genauso harte Entscheidungen getroffen werden müssen wie bei RDBMS. Anhand eines echten Use Cases werden wir die Unterschiede, Vor- und Nachteile von NoSQL am Beispiel von MongoDB beleuchten.
JSON Web Tokens, or JWTs, are a standardized way of representing a JSON-based data structure and transmitting it between two parties. JWTs rely on cryptographic signatures which ensure that the data transmitted in the JWT isn’t modified during transit. JWTs are designed to be extremely compact—small enough to be transmitted in an HTTP header, for example—and can be used in a variety of ways: as authorization tokens, client-side data storage, or even for the implementation of single sign on (SSO) solutions. They’re based on a very simple and elegant algorithm that’s easy to understand and quickly put to use. JWT implementations are available in virtually every programming language in common use for Web and mobile development.
Unfortunately, learning how to use JWTs can be complicated by the terminology that’s commonly used. “Claims,” “signatures,” “body,” “payload”—a large part of learning how JWTs work is deciphering these buzzwords and understanding how they map onto more familiar programming terms. This talk will focus on reducing this barrier to entry and making JWTs understandable to any programmer.
This talk will cover:
the structure of a JSON Web Token
the algorithm for generating one
available libraries and tooling
some common scenarios where JWTs can be used.
Particular emphasis will be given as to when and why JWTs provide for better solutions than other methods. Attendees should come away from this talk with a full understanding of how to use JWTs for a variety of purposes, and be ready and eager to put JWTs into use in both personal and professional contexts.
InheritedWidget is your friend - GDG London (2018-08-08)Andrea Bizzotto
On this talk we explore three different ways of getting access to dependencies in Flutter, and their tradeoffs.
First, we’ll take a look at global state as an easy way of getting the things we need. Then, we’ll talk about constructor dependency injection, what problems it solves, but also which new ones it introduces.
Finally, we will learn how to make use of InheritedWidget and how it can help as you scale up your apps. I’ll show a simple app as a example of how these techniques work in practice.
Building Your First Data Science Applicatino in MongoDBMongoDB
Speaker: Robyn Allen, Software Engineer, Central Inventions
Level: 100 (Beginner)
Track: Tutorials
To provide a hands-on opportunity to work with real data, this session will center around a web-hosted quiz application which helps students practice math and memorize vocabulary. After experimenting with a small demonstration dataset (generated by each individual during the workshop), attendees will be guided through working with an anonymized dataset in MongoDB. No prior MongoDB experience is required but attendees are expected to download and install MongoDB Community Edition (available for free from mongodb.com) and have a working Python 3 environment of their choice (e.g., IDLE, free from python.org) installed on a laptop they bring to the workshop.
Prerequisites:
Attendees are expected to bring a laptop with the following software installed:
MongoDB 3.4.x Community Edition
The text editor or IDE of their choice
A working Python 3 environment of their choice
No prior MongoDB experience is required.
What You Will Learn:
- How to load a CSV file into MongoDB using mongoimport and then write queries (using the Mongo shell) to ensure the data appears as expected. Attendees will use a demo version of an online quiz app to generate a small data file of raw session data (which can be accessed via http://strawnoodle.com/api/testdata after logging in to the demo app and answering one or more quiz questions about MongoDB). After studying how the demo app stores session data, attendees will practice using mongoimport to import anonymized session data (provided during the workshop) into MongoDB.
- How to use the aggregation pipeline (in PyMongo) to implement more complicated queries and gain insights from data. Because the sample dataset contains data from a variety of users of different skill levels, queries can be designed which reveal summary statistics for the anonymous user cohort or specific performance of individual users. Participants will receive instruction in using MongoDB aggregation pipelines in order to write powerful, efficient queries with very few lines of code.
- How to write queries to analyze sample data from an online quiz app. Once the sample data has been loaded into MongoDB, participants will be guided in writing basic queries to examine the sample data. Participants will have an opportunity to write queries in the Mongo shell and in Python in order to familiarize themselves with syntax variations and key ideas. Participants will learn how to implement CRUD operations in PyMongo.
InterCon 2016 - Segurança de identidade digital levando em consideração uma a...iMasters
Erick Tedeschi fala sobre Segurança de identidade digital levando em consideração uma arquitetura de microserviço no InterCon 2016.
Saiba mais em http://intercon2016.imasters.com.br/
Jeff Scudder, Eric Bidelman
The number of APIs made available for Google products has exploded from a handful to a slew! Get
the big picture on what is possible with the APIs for everything from YouTube, to Spreadsheets, to
Search, to Translate. We'll go over a few tools to help you get started and the things these APIs share
in common. After this session picking up new Google APIs will be a snap.
DevFest Kuala Lumpur - Implementing Google Analytics - 2011-09-29.pptVinoaj Vijeyakumaar
This presentation was given at Google DevFest Kuala Lumpur on 29 Sep 2011. This presentation covers how to implement Google Analytics' advanced tracking features, including: event tracking, social plugin tracking, custom variables, page load time tracking, mobile site tracking, iOS and Android application tracking, and campaign variables.
GTUG Philippines - Implementing Google Analytics - 2011-10-11Vinoaj Vijeyakumaar
This presentation was given to the Google Technology Users Group (GTUG) Philippines chapter on 11 Oct 2011 in Manila. It covers how GA works, and how to implement GA's advanced tracking features.
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
This talk will show esoteric web application vulnerabilities in detail, these vulnerabilities would be missed in a quick review by most security consultants, but could lead to remote code execution, authentication bypass and purchasing items in merchants using Paypal as their payment gateway without actually paying. SQL injections are dead, and I don’t care: let's explore the world of null, nil and NULL; noSQL injections; host header injections that lead to phone call audio interception; paypal’s double spent and Rails’ MessageVerifier remote code execution.
--- Andres Riancho
Andrés Riancho is an application security expert that currently leads the community driven, Open Source, w3af project and provides in-depth Web Application Penetration Testing services to companies around the world.
In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS, contributed with SAP research performed at one of his former employers and reported vulnerabilities in hundreds of web applications.
His main focus has always been the Web Application Security field, in which he developed w3af, a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants.
Andrés has spoken and hold trainings at many security conferences around the globe, like BlackHat (USA and Europe), SEC-T (Sweden),DeepSec (Austria), PHDays (Moscow), SecTor (Toronto), OWASP (Poland),CONFidence (Poland), OWASP World C0n (USA), CanSecWest (Canada),PacSecWest (Japan), T2 (Finland) and Ekoparty (Buenos Aires).
Andrés founded Bonsai Information Security, a web security focused consultancy firm, in 2009 in order to further research into automated Web Application Vulnerability detection and exploitation.
Adding Identity Management and Access Control to your Application, AuthorizationFernando Lopez Aguilar
Adding Identity Management and Access Control to your Application, Authorization using the FIWARE components: Identity Management, PEP Proxy, Access Control (PDP/PAP).
This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Unlocking Productivity: Leveraging the Potential of Copilot in Microsoft 365, a presentation by Christoforos Vlachos, Senior Solutions Manager – Modern Workplace, Uni Systems
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
SAP Sapphire 2024 - ASUG301 building better apps with SAP Fiori.pdfPeter Spielvogel
Building better applications for business users with SAP Fiori.
• What is SAP Fiori and why it matters to you
• How a better user experience drives measurable business benefits
• How to get started with SAP Fiori today
• How SAP Fiori elements accelerates application development
• How SAP Build Code includes SAP Fiori tools and other generative artificial intelligence capabilities
• How SAP Fiori paves the way for using AI in SAP apps
4. REST API
Authentication is based on OAuth standard. There are many libraries supporting this
standard. Have a look here:: http://oauth.net/code/
First you need to get nk_token via /token/get request.
POST https://opensocial.nk-net.pl/v09/token/get
POST data:
login=loginUseraNaNk&password=hasłoUseraNaNk
[no cookies]
Request Headers:
<next slide>
5. REST API - /token/get - headers
Request Headers:
Content-Type: application/x-www-form-urlencoded
Content-Length: 28
Authorization: OAuth oauth_signature_method="HMAC-SHA1", oauth_consumer_key="customerKeyZPanelu",
oauth_timestamp="1352376881", oauth_nonce="272317321310634", oauth_version="1.0", oauth_signature="
jVaVvVZcLZ1mMHzU3dzAmw3vxPE%3D"
oauth_version="1.0",
oauth_timestamp="1352376881"
oauth_nonce="272317321310634" - must be unique, at least 15 characters
oauth_signature_method="HMAC-SHA1" - you must enter this value
oauth_signature="jVaVvVZcLZ1mMHzU3dzAmw3vxPE%3D" - it needs to be calculated:)
oauth_signature obliczamy poprzez base64_encode(HMAC-SHA1(oauth_base_string, <secret from developer panel>&));
If everything goes correctly, we will get the answer:
nk_token=jakiśDziwnyNapisWBase64
6. REST API - base string
Example of value POST&http%3A%2F%2Fjava1.omega.nknet%3A2080%2Fv09%2Ftoken%2Fget&login%
3Dabcef%26oauth_consumer_key%3DjakisCustomerKey%26oauth_nonce%3D273217097465315%
26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1352377781%26oauth_version%3D1.
0%26password%3DjakiśPassword
First part POST - as we were sending POST request
Second part is URL without query parameters, encoded via urldecode function
Third part are all sorted and concatenated parameters .
Remember to sign the request content (when it makes sens - check: question reported to NKsupport).
All requests need to be signed with this mechanism.
7. REST API - @me, @self, @all
Many endpoint specifications show strange elements like: @me, @self, @all.
@me - user currently logged in
@self, @friends, @all - indicates who can check the object on which the action is done
10. When something is not working...
We suggest the following steps:
● Check the error code. You can find many useful information there.
● Check logs - http://developers.nk.pl/applications-logs/
● Catch the request with tcpdump or extract it with netcat. Then check if data is
sent according to the specification
● Describe the problem in details in NK support
11. API JS
In this part we will show you how to create Opensocial applications.
Shindig is used as application container which implements OpenSocial standard
Shindig is responsible for:
● application rendering
● proxy request creation
● data cache
● RPC/REST requests
We are supporting OpenSociala ver 0.9.
List of all functionalities we are supporting
is accessible in our documentation.
12. API JS
Aplikacje definiujemy przez pojedynczy plik gadget.xml
Adres do tego pliku podajemy w panelu zarządzania aplikacjami i stronami.
13. Preparation of development environment
1. You create application in https://developers.nk.pl/developers
2. Set debug mode (data cache is disabled)
3. You add tester ID on application tester list
4. Enter your application: http://nk.pl/#applications_test/xyz (the exact link is in
application settings)
For the beginning we can put the following, classic example code as gadget.xml:
<?xml version="1.0" encoding="UTF-8" ?>
<Module>
<ModulePrefs/>
<Content type="html" view="canvas">
<![CDATA[
Hello World
]]>
</Content>
</Module>
14. Examples:
Following examples are available under this URL:
https://github.com/jaaro/various/tree/master/nk
1. ROT13
2. Information about the user
3. Informacje about friends
4. Embedding flash
5. Swfobject
6. Hamster fall
7. Adding shout on NK
We suggest to test other JS API functionalities in this application: nkda.
15. Payments- JS code
function handlePaymentResponse(dataItem) {
if (dataItem.hadError()) {
alert('got an error');
} else {
var orderId = dataItem.getData().getField(opensocial.Payment.Field.ORDER_ID);
alert('payment request accepted, orderId: ' + orderId);
}
}
function makePayment() {
var params = {};
params[opensocial.Payment.Field.AMOUNT] = 5;
params[opensocial.Payment.Field.MESSAGE] = "large sword";
params[opensocial.Payment.Field.PARAMETERS] = "some_app_specific_params";
var payment = opensocial.newPayment(params);
opensocial.requestPayment(payment, handlePaymentResponse);
}
16. Payments
Enter the right value in "Payment Callback URL" field (Administration panel):
When transaction is completed, nk is sending under this URL the following request:
POST /some/url HTTP/1.1
Host: gamehost.com
Content-Type: application/x-www-form-urlencoded
amount=5&appId=app.1&containerDomain=nk.pl&message=large%20sword&oauth_consumer_key=key&
oauth_nonce=252b9d59381dd803dcf156663d1375d9&oauth_signature=%2F7%2BGAbB0DDYNZwC%2BsSACe1O5Kpw%3D&
oauth_signature_method=HMAC-SHA1&oauth_timestamp=1273755263&oauth_version=1.0&
orderId=32787067d4de27d7fb97d816723d5c75bb9fd337¶meters=some_app_specific_params&
paymentType=payment&viewerId=person.abc
17. Payments
Application must confirm the payment has been received by generating the following
response:
HTTP/1.1 200 OK
Content-Type: application/json
{"orderId":"32787067d4de27d7fb97d816723d5c75bb9fd337","responseCode":"ok","responseMessage":"all
ok","signature":"7e7455aac4a1be3186185e5bd056791adf01818c"}
If the confirmation (response) is not ok, NK server will send request every minute for next 24hours or till we get
the correct response.
If you want to test payments, send e-mail to egbtest@nasza-klasa.pl with request for specified amount of NK
currency (EGB) , you NK profile ID and name of the application you are testing.
18. Inviting friends to the application:
function handleInviteFriendResponse(responseItem) {
if (responseItem.hadError()) {
// handle error
} else {
alert(responseItem.getData() + ' invited friend(s)');
}
}
function invite() {
var msg = 'Join me !';
var paramsObject = new Object();
nk.requestInviteFriends(msg, paramsObject, handleInviteFriendResponse);
}
invite();
19. Check if user is already member of the
application group.
function response(data) {
if (data.hadError()) {
// handle error
} else {
var result = data.get("isInGroup").getData();
if (result) {
output("User is in application's group");
} else {
output("User is NOT in application's group");
}
}
};
function request() {
var req = opensocial.newDataRequest();
req.add(nk.groups.newIsUserInAppGroupRequest(), "isInGroup");
req.send(response);
};
request();
20. Adding user to application group:
function callback(responseItem) {
if (responseItem.hadError()) {
// handle error
} else {
console.log(responseItem);
}
}
function invite() {
nk.groups.requestAddUserToAppGroup(callback);
}
invite();
21. Adding picture:
function uploadPhotoHandler(resp) {
if (resp.hadError()) {
// handle error
}
}
function uploadPhoto() {
nk.photos.requestUploadAppPhoto("Photo added from Dev App", null, uploadPhotoHandler);
}
uploadPhoto();
22. How many user have installed the
application?
function response(data) {
if (data.get("amount").hadError()) {
// handle error
} else {
alert(data.get("amount").getData());
}
};
function request() {
var req = opensocial.newDataRequest();
req.add(nk.newGetAmountOfUsersRequest(), "amount");
req.send(response);
};
request();
23. Adding shout:
function onActivityPosted(data) {
if (data.hadError()) {
alert("There was a problem: " + data.getErrorMessage());
} else {
output("The activity was posted successfully.");
}
};
function postActivity(title) {
var data = {};
data[opensocial.Activity.Field.TITLE] = title;
var activity = opensocial.newActivity(data);
opensocial.requestCreateActivity(
activity,
opensocial.CreateActivityPriority.HIGH,
onActivityPosted
);
};
postActivity("This is a sample activity");
24. Communication between users - message
function response(data) {
if (data.hadError()) {
alert("There was a problem: " + data.getErrorMessage());
} else {
output("The message was sent.");
}
};
function request() {
var iconUrl = new opensocial.Url({"type" : "icon", "address" : "http://www.example.org/icons/notifyIcon.jpg"});
var msgParams = {
"title" : "Title of notification",
"urls" : new Array(iconUrl), // image used in notification
"type" : "notification", // only notification is currently supported
};
var msg = opensocial.newMessage("Body of notification", msgParams); opensocial.requestSendMessage(["person.XXX"], msg,
response);
};
request();
25. JS API
You can find many other examples in our dokumentation
together with detailed features specification.
http://developers.nk.pl/documentation/nk-api/opensocial-js-api/
26. Some interesting features:
Please note, that even if we support some features, they may not be operated in the same way as in original
OpenSocial specification, for example: Activity.
List of supported paramenters is here: http://developers.nk.pl/documentation/nk-api/opensocial-js-api/
Interesting features:
gadgets.log / gadgets.warn / gadgets.error
gadgets.json.parse / gadgets.json.stringify
gadgets.window.adjustHeight
gadgets.io.makeRequest / osapi.http.get