The microservice architectural style is an approach to developing an application as a suite of small services. Each can be independently developed and deployed. This presentation covers the pros and cons of microservices, including contrasting with the more traditional 'monolithic' application. We also dive into the most common mechanism used to expose their functionality: RESTful APIs, including a discussion of HTTP and its components.
The document provides information about conducting information gathering and reconnaissance of web applications. It discusses testing techniques for gathering information such as:
- Using search engines to find sensitive design and configuration details exposed directly or indirectly online
- Fingerprinting the web server to determine the type and version for known vulnerabilities
- Reviewing web server metafiles like robots.txt for information leakage
- Enumerating applications running on the webserver through different techniques
- Reviewing webpage comments and metadata for sensitive information exposure
The document provides examples and tools for each technique and emphasizes the importance of information gathering for understanding the target application before conducting attacks. It also discusses potential remediations like access control, header obfuscation and custom web server compilation
The document discusses plans for updating the OWASP Testing Guide to version 4. It provides background on the history and adoption of previous versions. Key points discussed include establishing a common vulnerability list, reviewing and updating test categories, and proposing a new project team. The roadmap includes adhering to a common numbering system, reviewing existing sections, removing unnecessary parts, and adding new testing techniques. The overall goal is to improve and expand the guide to continue helping security testers.
The OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
You'll notice several changes between v3 and v4. Some sections have been renamed, removed or reworked, but overall the OWASP Testing Guide version 4 improves on version 3 in three ways:
1. This version of the Testing Guide integrates with the two other flagship OWASP documentation products: the Developers Guide and the Code Review Guide. To achieve this we aligned the testing categories and test numbering with those in other OWASP products. The objective of the Testing and Code Review Guides is to evaluate the security controls described by the Developers Guide.
2. All chapters have been improved and test cases expanded to 87 (64 test cases in v3) including the introduction of four new chapters and controls:
- Identity Management Testing
- Error Handling
- Cryptography
- Client Side Testing
3. This version of the Testing Guide encourages the community not to simply accept the test cases outlined in this guide. We encourage security testers to integrate with other software testers and devise test cases specific to the target application. As we find test cases that have wider applicability we encourage the security testing community to share them and contribute them to the Testing Guide. This will continue to build the application security body of knowledge and allow the development of the Testing Guide to be an iterative rather than monolithic process.
Unit testing has entered the main stream. It is generally considered best practice to have a high level of unit test code coverage, and to ideally write tests before the code, via Test Driven Development.
However, some code is just plain difficult to test. The cost of effort of adding the tests may seem to outweigh the benefits. In this session, we will do a quick review of the benefits of unit tests, but focus on how to test tricky code, such as that static and private methods, and legacy code in general.
Examples are in Java, but the principals are language agnostic.
1) The document discusses microservices and REST architectures. It defines microservices as small, focused pieces of software that are independently developed and deployed.
2) REST is described as an architectural style using HTTP as a stateless protocol and uniform interfaces to access resources. The key constraints of REST like client-server, statelessness and cacheability are explained.
3) The document advocates for building microservices that expose functionality through RESTful APIs and HTTP to allow independent development and deployment of services.
The microservice architectural style is an approach to developing an application as a suite of small services that each can be independently developed and deployed. In this talk, we will cover the pros and cons of microservices, including contrasting them with the more traditional 'monolithic' application. We will also dive into the most common mechanism used to expose the functionality of a microservice. REST is an architecture style for building scalable web services. You've at least heard of it, you may have contributed to or even created 'RESTful' applications, but are you familiar with the basic constraints that make up REST? We'll cover the theory behind REST before diving into pragmatic implementation styles and better practices.
REST is a lightweight architecture for building client-server applications. It uses standard HTTP methods to allow requesting and modifying resource state representations. While SOAP and web services will continue to be used, REST is better suited for mobile and web applications. Organizations are realizing they cannot replace existing technologies and instead focus on integrating technologies to leverage their respective strengths. Exposing existing systems through a REST API gateway allows for coexistence while providing a clean interface. Security, caching, throttling and monitoring are important when managing REST APIs at an enterprise scale.
Innovate2014 Better Integrations Through Open InterfacesSteve Speicher
- The document discusses open interfaces and integrated lifecycle tools through linked data and open standards like OSLC, taking inspiration from principles of the World Wide Web.
- It promotes using open protocols like REST and HTTP for tool integration instead of tight coupling, and outlines guidelines for using URIs, HTTP, and semantic standards like RDF and SPARQL to represent and share resource data on the web.
- OSLC is presented as a solution for lifecycle integration across requirements management, quality management, change management and other tools using common resource definitions and linked data over open APIs.
The document provides information about conducting information gathering and reconnaissance of web applications. It discusses testing techniques for gathering information such as:
- Using search engines to find sensitive design and configuration details exposed directly or indirectly online
- Fingerprinting the web server to determine the type and version for known vulnerabilities
- Reviewing web server metafiles like robots.txt for information leakage
- Enumerating applications running on the webserver through different techniques
- Reviewing webpage comments and metadata for sensitive information exposure
The document provides examples and tools for each technique and emphasizes the importance of information gathering for understanding the target application before conducting attacks. It also discusses potential remediations like access control, header obfuscation and custom web server compilation
The document discusses plans for updating the OWASP Testing Guide to version 4. It provides background on the history and adoption of previous versions. Key points discussed include establishing a common vulnerability list, reviewing and updating test categories, and proposing a new project team. The roadmap includes adhering to a common numbering system, reviewing existing sections, removing unnecessary parts, and adding new testing techniques. The overall goal is to improve and expand the guide to continue helping security testers.
The OWASP Testing Guide includes a "best practice" penetration testing framework which users can implement in their own organizations and a "low level" penetration testing guide that describes techniques for testing most common web application and web service security issues.
You'll notice several changes between v3 and v4. Some sections have been renamed, removed or reworked, but overall the OWASP Testing Guide version 4 improves on version 3 in three ways:
1. This version of the Testing Guide integrates with the two other flagship OWASP documentation products: the Developers Guide and the Code Review Guide. To achieve this we aligned the testing categories and test numbering with those in other OWASP products. The objective of the Testing and Code Review Guides is to evaluate the security controls described by the Developers Guide.
2. All chapters have been improved and test cases expanded to 87 (64 test cases in v3) including the introduction of four new chapters and controls:
- Identity Management Testing
- Error Handling
- Cryptography
- Client Side Testing
3. This version of the Testing Guide encourages the community not to simply accept the test cases outlined in this guide. We encourage security testers to integrate with other software testers and devise test cases specific to the target application. As we find test cases that have wider applicability we encourage the security testing community to share them and contribute them to the Testing Guide. This will continue to build the application security body of knowledge and allow the development of the Testing Guide to be an iterative rather than monolithic process.
Unit testing has entered the main stream. It is generally considered best practice to have a high level of unit test code coverage, and to ideally write tests before the code, via Test Driven Development.
However, some code is just plain difficult to test. The cost of effort of adding the tests may seem to outweigh the benefits. In this session, we will do a quick review of the benefits of unit tests, but focus on how to test tricky code, such as that static and private methods, and legacy code in general.
Examples are in Java, but the principals are language agnostic.
1) The document discusses microservices and REST architectures. It defines microservices as small, focused pieces of software that are independently developed and deployed.
2) REST is described as an architectural style using HTTP as a stateless protocol and uniform interfaces to access resources. The key constraints of REST like client-server, statelessness and cacheability are explained.
3) The document advocates for building microservices that expose functionality through RESTful APIs and HTTP to allow independent development and deployment of services.
The microservice architectural style is an approach to developing an application as a suite of small services that each can be independently developed and deployed. In this talk, we will cover the pros and cons of microservices, including contrasting them with the more traditional 'monolithic' application. We will also dive into the most common mechanism used to expose the functionality of a microservice. REST is an architecture style for building scalable web services. You've at least heard of it, you may have contributed to or even created 'RESTful' applications, but are you familiar with the basic constraints that make up REST? We'll cover the theory behind REST before diving into pragmatic implementation styles and better practices.
REST is a lightweight architecture for building client-server applications. It uses standard HTTP methods to allow requesting and modifying resource state representations. While SOAP and web services will continue to be used, REST is better suited for mobile and web applications. Organizations are realizing they cannot replace existing technologies and instead focus on integrating technologies to leverage their respective strengths. Exposing existing systems through a REST API gateway allows for coexistence while providing a clean interface. Security, caching, throttling and monitoring are important when managing REST APIs at an enterprise scale.
Innovate2014 Better Integrations Through Open InterfacesSteve Speicher
- The document discusses open interfaces and integrated lifecycle tools through linked data and open standards like OSLC, taking inspiration from principles of the World Wide Web.
- It promotes using open protocols like REST and HTTP for tool integration instead of tight coupling, and outlines guidelines for using URIs, HTTP, and semantic standards like RDF and SPARQL to represent and share resource data on the web.
- OSLC is presented as a solution for lifecycle integration across requirements management, quality management, change management and other tools using common resource definitions and linked data over open APIs.
The document discusses building a REST API with Zend Framework 2. It provides an overview of REST, comparing it to other API techniques like RPC and SOAP. It covers REST components and best practices, explaining the advantages of REST such as its simplicity, use of JSON, and support for AJAX. The document also addresses some common arguments against REST and how they can be overcome.
This document provides an introduction and overview of REST and Jersey. It begins with an introduction of the presenter and their background and interests. It then provides brief definitions and discussions of REST, highlighting some of its key aspects like being stateless, using standard HTTP methods, and having resources with multiple representations. It introduces the Jersey framework and discusses some of its features. It maps out the topics to be covered, including explanations of REST concepts like resources having unique IDs, linking resources together, and implementing the hypermedia constraint. It also provides a demonstration of a sample REST application called Notem and discusses challenges in implementing REST concepts like generating links between resources.
API 101 provides an introduction to APIs and related concepts:
APIs expose useful data and functionality for developers to consume in their own programs. They allow different systems to communicate through standardized interfaces and protocols. The document discusses REST APIs and compares architectural styles like RPC, covering topics such as HTTP methods, URI design, and authentication. It examines challenges in API design like versioning, security, and avoiding unnecessary data transfers.
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
This document discusses challenges with testing web services and proposes improvements. It notes that current tools, methodologies, and testing environments for assessing web service security are inadequate. The document advocates aligning web service testing with the Penetration Testing Execution Standard methodology. It also highlights new attacks against web services and demos tools like Metasploit modules for assessing web services and the Damn Vulnerable Web Services testing environment.
Understanding and Using Rest APIs (SocialDevCamp Chicago 2009)Pete Morano
RESTful APIs have become integral to technology and dominate web development. While REST is based on simple principles like using HTTP methods and representing resources, there is still a lack of standardization around documentation and discovery. WADL aims to provide a standard like WSDL for REST that would reduce errors and enable code generation.
This document provides an introduction to designing RESTful APIs. It discusses HTTP, REST architectural principles, and how to design APIs around resources and use HTTP methods and status codes. Examples of good and bad RESTful APIs are provided, along with exercises to design RESTful versions of existing APIs. Authentication patterns like API keys and OAuth are also covered.
During the 2014 TERENA Networking Conference (TNC2014) in Dublin, SURFnet will provide a workshop on OpenConext on Monday 19/05 (09:00 - 12:00).
Participants can explore the possibilities of OpenConext themselves.
This hands-on workshop introduces you to the concepts and components of OpenConext and its example use cases. In addition participants will install the platform and be able configure the platform with the management tools, connect services or identity providers to explore the potential of the platform yourself. Experts of SURFnet, Jisc and AARnet will be available to assist you and there will plenty of time for all of your questions as well as discussion on functionality, features and more. Join us for an interactive hands-on session and experience OpenConext yourself!
As users or people who are interested in OpenConext you are especially welcome to share your use-cases, knowledge and experiences.
The document describes Napster's REST API. Napster provides a REST API for developers to access its music catalog and build applications. The API allows searching, retrieving metadata and streaming music. The API team is small with 6 members and started the project in July, releasing the first version in January for the CES event. The API documentation is available at http://developer.napster.com/docs/.
An introduction to REST and RESTful web services.
You can take the course below to learn about REST & RESTful web services.
https://www.udemy.com/building-php-restful-web-services/
This document discusses RESTful web services using WCF Web API. It begins with an overview of REST principles like using resources and uniform interfaces. It then covers industry trends driving adoption of REST and an overview of WCF Web API features like content negotiation and OData-like query support. Examples are provided of consuming REST services from JavaScript and using HttpClient in .NET applications. The document aims to provide an introduction to building and using RESTful services with WCF Web API.
The document discusses Representational State Transfer (REST) as an architectural style for building distributed hypermedia systems. It describes key REST principles such as giving every resource an identifier, linking resources together through hyperlinks, using standard HTTP methods like GET, PUT, POST and DELETE, and communicating statelessly. The document also compares REST to other styles like WS-* and contrasts how REST uses URIs and HTTP while WS-* uses SOAP. It provides examples of companies and projects using REST.
A quick overview on REST : what it is and what it is not. REST has strict contraints and many internet Apis are not so REST. It’s also very popular today because RESTfull services can be consumed easily by any client or device. Soap is also still valid in a few circomstaces. It has never been so easy to create Rest-like services in .net since asp.net Web Api.
APIs are one of the main elements of cloud services. All major cloud service providers expose REST APIs to allow you to programmatically access their services and capabilities. SOAP and REST are the two most common ways of exposing APIs, whether to external, partner, cloud, or internal developers.
The concept of API management is to publish these web APIs for consumption, and includes capabilities such as monitoring, security, and documentation.
This presentation introduces basic concepts of APIs, API management, cloud REST services, and a brief walkthrough of WSO2 API Manager and the Oracle API Gateway to see how you can centrally publish, expose, and secure APIs, essentially virtualizing your backend services.
This document discusses REST vs SOAP and recommends ASP.NET Web API for building RESTful services. It explains that REST focuses on resources and HTTP verbs while SOAP defines custom operations. REST uses the existing features of the web like caching and scalability. The document provides examples of SOAP and REST requests and responses. It recommends ASP.NET Web API for building REST services and WCF for SOAP.
Getting started with dotnet core Web APIsKnoldus Inc.
Web API is a framework for building HTTP services that can be accessed from any client including browsers and mobile devices. It is an ideal platform for building RESTful applications on the .NET Framework12. You can learn how to build secure and scalable REST APIs with ASP.NET Core, the same framework and patterns you use to build web pages and services
Presented at Houston Tech Fest 2009.
Many developers use enterprise service bus (ESB) tools such as BizTalk or, for those looking at a lighter-weight approach, NServiceBus. What many fail to realize is that we have another option, one that has been tried and tested for many years and that we all use daily: HTTP. Find out how HTTP can deliver a much more maintainable, simpler solution to your ESB problems.
AWS WAF introduction and live demo - Pop-up Loft Tel AvivAmazon Web Services
Distributed application security at scale with AWS WAF. Learn about how the AWS WAF can help protect your web and application services and run through a demo showing how the WAF blocks IP addresses, prevents SQL Injection, and how you can use string matching to defend against Bots, Crawlers, and XSS .
Session tracking allows a server to maintain state for a user's sequential requests. There are five main session tracking methods: user authorization, hidden fields, URL rewriting, cookies, and session tracking APIs. Cookies are the most commonly used method, where the server sends a cookie containing identifying information to the user's browser on each request. Session tracking APIs provide an abstraction layer that handles session tracking tasks for the developer.
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
More Related Content
Similar to Rest and Microservices at the Las Vegas Dot Net Group
The document discusses building a REST API with Zend Framework 2. It provides an overview of REST, comparing it to other API techniques like RPC and SOAP. It covers REST components and best practices, explaining the advantages of REST such as its simplicity, use of JSON, and support for AJAX. The document also addresses some common arguments against REST and how they can be overcome.
This document provides an introduction and overview of REST and Jersey. It begins with an introduction of the presenter and their background and interests. It then provides brief definitions and discussions of REST, highlighting some of its key aspects like being stateless, using standard HTTP methods, and having resources with multiple representations. It introduces the Jersey framework and discusses some of its features. It maps out the topics to be covered, including explanations of REST concepts like resources having unique IDs, linking resources together, and implementing the hypermedia constraint. It also provides a demonstration of a sample REST application called Notem and discusses challenges in implementing REST concepts like generating links between resources.
API 101 provides an introduction to APIs and related concepts:
APIs expose useful data and functionality for developers to consume in their own programs. They allow different systems to communicate through standardized interfaces and protocols. The document discusses REST APIs and compares architectural styles like RPC, covering topics such as HTTP methods, URI design, and authentication. It examines challenges in API design like versioning, security, and avoiding unnecessary data transfers.
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
This document discusses challenges with testing web services and proposes improvements. It notes that current tools, methodologies, and testing environments for assessing web service security are inadequate. The document advocates aligning web service testing with the Penetration Testing Execution Standard methodology. It also highlights new attacks against web services and demos tools like Metasploit modules for assessing web services and the Damn Vulnerable Web Services testing environment.
Understanding and Using Rest APIs (SocialDevCamp Chicago 2009)Pete Morano
RESTful APIs have become integral to technology and dominate web development. While REST is based on simple principles like using HTTP methods and representing resources, there is still a lack of standardization around documentation and discovery. WADL aims to provide a standard like WSDL for REST that would reduce errors and enable code generation.
This document provides an introduction to designing RESTful APIs. It discusses HTTP, REST architectural principles, and how to design APIs around resources and use HTTP methods and status codes. Examples of good and bad RESTful APIs are provided, along with exercises to design RESTful versions of existing APIs. Authentication patterns like API keys and OAuth are also covered.
During the 2014 TERENA Networking Conference (TNC2014) in Dublin, SURFnet will provide a workshop on OpenConext on Monday 19/05 (09:00 - 12:00).
Participants can explore the possibilities of OpenConext themselves.
This hands-on workshop introduces you to the concepts and components of OpenConext and its example use cases. In addition participants will install the platform and be able configure the platform with the management tools, connect services or identity providers to explore the potential of the platform yourself. Experts of SURFnet, Jisc and AARnet will be available to assist you and there will plenty of time for all of your questions as well as discussion on functionality, features and more. Join us for an interactive hands-on session and experience OpenConext yourself!
As users or people who are interested in OpenConext you are especially welcome to share your use-cases, knowledge and experiences.
The document describes Napster's REST API. Napster provides a REST API for developers to access its music catalog and build applications. The API allows searching, retrieving metadata and streaming music. The API team is small with 6 members and started the project in July, releasing the first version in January for the CES event. The API documentation is available at http://developer.napster.com/docs/.
An introduction to REST and RESTful web services.
You can take the course below to learn about REST & RESTful web services.
https://www.udemy.com/building-php-restful-web-services/
This document discusses RESTful web services using WCF Web API. It begins with an overview of REST principles like using resources and uniform interfaces. It then covers industry trends driving adoption of REST and an overview of WCF Web API features like content negotiation and OData-like query support. Examples are provided of consuming REST services from JavaScript and using HttpClient in .NET applications. The document aims to provide an introduction to building and using RESTful services with WCF Web API.
The document discusses Representational State Transfer (REST) as an architectural style for building distributed hypermedia systems. It describes key REST principles such as giving every resource an identifier, linking resources together through hyperlinks, using standard HTTP methods like GET, PUT, POST and DELETE, and communicating statelessly. The document also compares REST to other styles like WS-* and contrasts how REST uses URIs and HTTP while WS-* uses SOAP. It provides examples of companies and projects using REST.
A quick overview on REST : what it is and what it is not. REST has strict contraints and many internet Apis are not so REST. It’s also very popular today because RESTfull services can be consumed easily by any client or device. Soap is also still valid in a few circomstaces. It has never been so easy to create Rest-like services in .net since asp.net Web Api.
APIs are one of the main elements of cloud services. All major cloud service providers expose REST APIs to allow you to programmatically access their services and capabilities. SOAP and REST are the two most common ways of exposing APIs, whether to external, partner, cloud, or internal developers.
The concept of API management is to publish these web APIs for consumption, and includes capabilities such as monitoring, security, and documentation.
This presentation introduces basic concepts of APIs, API management, cloud REST services, and a brief walkthrough of WSO2 API Manager and the Oracle API Gateway to see how you can centrally publish, expose, and secure APIs, essentially virtualizing your backend services.
This document discusses REST vs SOAP and recommends ASP.NET Web API for building RESTful services. It explains that REST focuses on resources and HTTP verbs while SOAP defines custom operations. REST uses the existing features of the web like caching and scalability. The document provides examples of SOAP and REST requests and responses. It recommends ASP.NET Web API for building REST services and WCF for SOAP.
Getting started with dotnet core Web APIsKnoldus Inc.
Web API is a framework for building HTTP services that can be accessed from any client including browsers and mobile devices. It is an ideal platform for building RESTful applications on the .NET Framework12. You can learn how to build secure and scalable REST APIs with ASP.NET Core, the same framework and patterns you use to build web pages and services
Presented at Houston Tech Fest 2009.
Many developers use enterprise service bus (ESB) tools such as BizTalk or, for those looking at a lighter-weight approach, NServiceBus. What many fail to realize is that we have another option, one that has been tried and tested for many years and that we all use daily: HTTP. Find out how HTTP can deliver a much more maintainable, simpler solution to your ESB problems.
AWS WAF introduction and live demo - Pop-up Loft Tel AvivAmazon Web Services
Distributed application security at scale with AWS WAF. Learn about how the AWS WAF can help protect your web and application services and run through a demo showing how the WAF blocks IP addresses, prevents SQL Injection, and how you can use string matching to defend against Bots, Crawlers, and XSS .
Session tracking allows a server to maintain state for a user's sequential requests. There are five main session tracking methods: user authorization, hidden fields, URL rewriting, cookies, and session tracking APIs. Cookies are the most commonly used method, where the server sends a cookie containing identifying information to the user's browser on each request. Session tracking APIs provide an abstraction layer that handles session tracking tasks for the developer.
Similar to Rest and Microservices at the Las Vegas Dot Net Group (20)
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
INTRODUCTION TO AI CLASSICAL THEORY TARGETED EXAMPLESanfaltahir1010
Image: Include an image that represents the concept of precision, such as a AI helix or a futuristic healthcare
setting.
Objective: Provide a foundational understanding of precision medicine and its departure from traditional
approaches
Role of theory: Discuss how genomics, the study of an organism's complete set of AI ,
plays a crucial role in precision medicine.
Customizing treatment plans: Highlight how genetic information is used to customize
treatment plans based on an individual's genetic makeup.
Examples: Provide real-world examples of successful application of AI such as genetic
therapies or targeted treatments.
Importance of molecular diagnostics: Explain the role of molecular diagnostics in identifying
molecular and genetic markers associated with diseases.
Biomarker testing: Showcase how biomarker testing aids in creating personalized treatment plans.
Content:
• Ethical issues: Examine ethical concerns related to precision medicine, such as privacy, consent, and
potential misuse of genetic information.
• Regulations and guidelines: Present examples of ethical guidelines and regulations in place to safeguard
patient rights.
• Visuals: Include images or icons representing ethical considerations.
Content:
• Ethical issues: Examine ethical concerns related to precision medicine, such as privacy, consent, and
potential misuse of genetic information.
• Regulations and guidelines: Present examples of ethical guidelines and regulations in place to safeguard
patient rights.
• Visuals: Include images or icons representing ethical considerations.
Content:
• Ethical issues: Examine ethical concerns related to precision medicine, such as privacy, consent, and
potential misuse of genetic information.
• Regulations and guidelines: Present examples of ethical guidelines and regulations in place to safeguard
patient rights.
• Visuals: Include images or icons representing ethical considerations.
Real-world case study: Present a detailed case study showcasing the success of precision
medicine in a specific medical scenario.
Patient's journey: Discuss the patient's journey, treatment plan, and outcomes.
Impact: Emphasize the transformative effect of precision medicine on the individual's
health.
Objective: Ground the presentation in a real-world example, highlighting the practical
application and success of precision medicine.
Data challenges: Address the challenges associated with managing large sets of patient data in precision
medicine.
Technological solutions: Discuss technological innovations and solutions for handling and analyzing vast
datasets.
Visuals: Include graphics representing data management challenges and technological solutions.
Objective: Acknowledge the data-related challenges in precision medicine and highlight innovative solutions.
Data challenges: Address the challenges associated with managing large sets of patient data in precision
medicine.
Technological solutions: Discuss technological innovations and solutions
DECODING JAVA THREAD DUMPS: MASTER THE ART OF ANALYSISTier1 app
Are you ready to unlock the secrets hidden within Java thread dumps? Join us for a hands-on session where we'll delve into effective troubleshooting patterns to swiftly identify the root causes of production problems. Discover the right tools, techniques, and best practices while exploring *real-world case studies of major outages* in Fortune 500 enterprises. Engage in interactive lab exercises where you'll have the opportunity to troubleshoot thread dumps and uncover performance issues firsthand. Join us and become a master of Java thread dump analysis!
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
What to do when you have a perfect model for your software but you are constrained by an imperfect business model?
This talk explores the challenges of bringing modelling rigour to the business and strategy levels, and talking to your non-technical counterparts in the process.
Unlock the Secrets to Effortless Video Creation with Invideo: Your Ultimate G...The Third Creative Media
"Navigating Invideo: A Comprehensive Guide" is an essential resource for anyone looking to master Invideo, an AI-powered video creation tool. This guide provides step-by-step instructions, helpful tips, and comparisons with other AI video creators. Whether you're a beginner or an experienced video editor, you'll find valuable insights to enhance your video projects and bring your creative ideas to life.
14 th Edition of International conference on computer visionShulagnaSarkar2
About the event
14th Edition of International conference on computer vision
Computer conferences organized by ScienceFather group. ScienceFather takes the privilege to invite speakers participants students delegates and exhibitors from across the globe to its International Conference on computer conferences to be held in the Various Beautiful cites of the world. computer conferences are a discussion of common Inventions-related issues and additionally trade information share proof thoughts and insight into advanced developments in the science inventions service system. New technology may create many materials and devices with a vast range of applications such as in Science medicine electronics biomaterials energy production and consumer products.
Nomination are Open!! Don't Miss it
Visit: computer.scifat.com
Award Nomination: https://x-i.me/ishnom
Conference Submission: https://x-i.me/anicon
For Enquiry: Computer@scifat.com
WMF 2024 - Unlocking the Future of Data Powering Next-Gen AI with Vector Data...Luigi Fugaro
Vector databases are transforming how we handle data, allowing us to search through text, images, and audio by converting them into vectors. Today, we'll dive into the basics of this exciting technology and discuss its potential to revolutionize our next-generation AI applications. We'll examine typical uses for these databases and the essential tools
developers need. Plus, we'll zoom in on the advanced capabilities of vector search and semantic caching in Java, showcasing these through a live demo with Redis libraries. Get ready to see how these powerful tools can change the game!
WWDC 2024 Keynote Review: For CocoaCoders AustinPatrick Weigel
Overview of WWDC 2024 Keynote Address.
Covers: Apple Intelligence, iOS18, macOS Sequoia, iPadOS, watchOS, visionOS, and Apple TV+.
Understandable dialogue on Apple TV+
On-device app controlling AI.
Access to ChatGPT with a guest appearance by Chief Data Thief Sam Altman!
App Locking! iPhone Mirroring! And a Calculator!!
Superpower Your Apache Kafka Applications Development with Complementary Open...Paul Brebner
Kafka Summit talk (Bangalore, India, May 2, 2024, https://events.bizzabo.com/573863/agenda/session/1300469 )
Many Apache Kafka use cases take advantage of Kafka’s ability to integrate multiple heterogeneous systems for stream processing and real-time machine learning scenarios. But Kafka also exists in a rich ecosystem of related but complementary stream processing technologies and tools, particularly from the open-source community. In this talk, we’ll take you on a tour of a selection of complementary tools that can make Kafka even more powerful. We’ll focus on tools for stream processing and querying, streaming machine learning, stream visibility and observation, stream meta-data, stream visualisation, stream development including testing and the use of Generative AI and LLMs, and stream performance and scalability. By the end you will have a good idea of the types of Kafka “superhero” tools that exist, which are my favourites (and what superpowers they have), and how they combine to save your Kafka applications development universe from swamploads of data stagnation monsters!
What is Continuous Testing in DevOps - A Definitive Guide.pdfkalichargn70th171
Once an overlooked aspect, continuous testing has become indispensable for enterprises striving to accelerate application delivery and reduce business impacts. According to a Statista report, 31.3% of global enterprises have embraced continuous integration and deployment within their DevOps, signaling a pervasive trend toward hastening release cycles.
Odoo releases a new update every year. The latest version, Odoo 17, came out in October 2023. It brought many improvements to the user interface and user experience, along with new features in modules like accounting, marketing, manufacturing, websites, and more.
The Odoo 17 update has been a hot topic among startups, mid-sized businesses, large enterprises, and Odoo developers aiming to grow their businesses. Since it is now already the first quarter of 2024, you must have a clear idea of what Odoo 17 entails and what it can offer your business if you are still not aware of it.
This blog covers the features and functionalities. Explore the entire blog and get in touch with expert Odoo ERP consultants to leverage Odoo 17 and its features for your business too.
An Overview of Odoo ERP
Odoo ERP was first released as OpenERP software in February 2005. It is a suite of business applications used for ERP, CRM, eCommerce, websites, and project management. Ten years ago, the Odoo Enterprise edition was launched to help fund the Odoo Community version.
When you compare Odoo Community and Enterprise, the Enterprise edition offers exclusive features like mobile app access, Odoo Studio customisation, Odoo hosting, and unlimited functional support.
Today, Odoo is a well-known name used by companies of all sizes across various industries, including manufacturing, retail, accounting, marketing, healthcare, IT consulting, and R&D.
The latest version, Odoo 17, has been available since October 2023. Key highlights of this update include:
Enhanced user experience with improvements to the command bar, faster backend page loading, and multiple dashboard views.
Instant report generation, credit limit alerts for sales and invoices, separate OCR settings for invoice creation, and an auto-complete feature for forms in the accounting module.
Improved image handling and global attribute changes for mailing lists in email marketing.
A default auto-signature option and a refuse-to-sign option in HR modules.
Options to divide and merge manufacturing orders, track the status of manufacturing orders, and more in the MRP module.
Dark mode in Odoo 17.
Now that the Odoo 17 announcement is official, let’s look at what’s new in Odoo 17!
What is Odoo ERP 17?
Odoo 17 is the latest version of one of the world’s leading open-source enterprise ERPs. This version has come up with significant improvements explained here in this blog. Also, this new version aims to introduce features that enhance time-saving, efficiency, and productivity for users across various organisations.
Odoo 17, released at the Odoo Experience 2023, brought notable improvements to the user interface and added new functionalities with enhancements in performance, accessibility, data analysis, and management, further expanding its reach in the market.
Boost Your Savings with These Money Management AppsJhone kinadey
A money management app can transform your financial life by tracking expenses, creating budgets, and setting financial goals. These apps offer features like real-time expense tracking, bill reminders, and personalized insights to help you save and manage money effectively. With a user-friendly interface, they simplify financial planning, making it easier to stay on top of your finances and achieve long-term financial stability.
2. Shaun Abram 2
Microservices
What is a microservice?
A small, focused piece of software
Independently developed, deployed, upgraded
Commonly exposes it functionality via HTTP/REST
3. Shaun Abram 3
Microservices - definition
Small, autonomous services that work together
- “Building Microservices” by Sam Newman
An approach to developing an application as a suite of
small services, each running in its own process and
communicating with lightweight mechanisms, often an
HTTP resource API
- “Microservices” by Martin Fowler and James Lewis
4. Shaun Abram 4
Microservices - Not a new concept!
Unix Philosophy (1984)
develop small, capable software
Do one thing well
Play well with other programs
Use standard interfaces
Contrasts with Monoliths…
5. Shaun Abram 5
The Monolithic Architecture
An application built & deployed as a single artifact
Easy to setup - single project in an IDE
Easy to deploy - a single war file
Scaled horizontally (load balanced servers)
Keep things simple! YAGNI?
6. Shaun Abram 6
Problems with Monoliths
Slow to build
Too big to easily understand
Forced team dependencies
How do you split up teams?
Obstacle to frequent deployments
Long-term commitment to a technology stack
Time for a different approach?
8. Monolith
Deployed as a single artifact
Scaled by replicating monolith
on multiple servers
All functionality in
a single process
Microservices
Deployed independentlyEach functional element
as a separate service
Deployed across servers and
replicated as needed
Source: http://martinfowler.com/articles/microservices.html
9. Shaun Abram 9
Disadvantages of microservices
Distributed architectures are hard!
Refactoring across service boundaries
Interface changes are hard
Use flexible, forgiving, broad interfaces
Be as tolerant as possible
“Be conservative in what you do, liberal in what you
accept”— Jon Postel
Operational complexity
e.g. monitoring and problem detection
10. Shaun Abram 10
Microservices vs SOA
Both architectural design patterns;
Collections of services
Microservices are:
SOA done right?
SOA but with a bounded context?
SOA Microservices
Integrates multiple applications Multiple microservices = one app
ESB smart endpoints, dumb pipes
SOAP, XML, WSDL etc REST, JSON etc
11. Shaun Abram 11
Who is using Microservices?
Many large scale web sites have evolved from
monolith to microservices
Amazon
100-150 services per page
Netflix
Extensive users and contributors
Chaos Monkey, Janitor Monkey, see netflix.github.io.
TicketMaster
Boardroom agility -> quickly react to the marketplace
12. Shaun Abram 12
Microservice best practices
Separate codebases
Use monitoring
Built in health checks
Provide standard templates
Versioning?
Security
13. Shaun Abram 13
Microservice Security
Single Sign On (SSO)
SAML or OpenID Connect
SSO Gateway
API Keys
Secure Perimeter
HTTP(S) Basic Authentication
Client Certificates
HMAC
14. Shaun Abram 14
Microservices Summary
+ Attractive alternative to monoliths
+ Independently built and deployed stacks
+ Allows 'deploy early, deploy often'
- No silver Bullet!
- Coordination of dozens of services is difficult
- Integration, deployment, monitoring all more complex
- Need cross functional teams skilled in Devops
Start with monoliths; Migrate slowly
"With cautious optimism, we think microservices can be a worthwhile road to tread"
15. Shaun Abram 15
An introduction to Microservices and REST
Microservices
REST
16. Shaun Abram 16
REST
A brief history of www
What was learned?
What is REST? Constraints!
HTTP
HATEOAS
17. Shaun Abram 17
Representational state transfer
REST is an architectural style (set of constraints)
Relies on a stateless, client-server comm protocol
think: HTTP
Uniform interfaces
think: URIs, or links
Interaction with resources via standard methods
think: HTTP verbs
Pretty URLs? Alternative to RPC or SOAP?
Yes, but so much more…
18. Shaun Abram 18
A brief History of the World Wide Web
Tim Berners-Lee first proposed the www (1989)
HTTP HTML URI
19. Shaun Abram 19
A brief History of the World Wide Web
HTTP 0.9 (1991)
only one method: GET
HTTP 1.0 (1996)
From trivial request/response true msging protocol
HTTP 1.1 (1996)
Today?
HTTP 2 (draft, 2015)
1.1 compatibility with methods, codes, URIs, (most)
header fields
20. Shaun Abram 20
REST: Lessons learned
Fielding involved since infancy of web
– HTTP, HTML, URIs, Apache HTTP Server
Experienced first hand its rapid growth (as user+arch)
Architectural Styles and the Design of Network-based
Software Architectures (2000)
“REST has been used to guide the design and development of the
architecture for the modern Web”.
21. Shaun Abram 21
REST
So, what is REST
An architectural style
A set of constraints
Why constraints?
22. Shaun Abram 22
REST Constraints
1. Client Server
2. Stateless
3. Cache
4. Uniform Interface
5. Layered System
6. Code-On-Demand
REST doesn't have to use HTTP, but…
(alternatives? Gopher, waka, SPDY)
24. Shaun Abram 24
REST Constraints
1. Client Server
Separating UI from data storage
portability, scalability, evolve independently
Http:
A client server protocol
e.g. browser<->server, IoT
26. Shaun Abram 26
REST Constraints
2. Stateless
Communication must be stateless!
Each request must contain all required info
No state on server
reliability (failure recovery), scalability
HTTP:
A stateless protocol
Can circumvent by using cookies, sessions, but…
28. Shaun Abram 28
REST Constraints
3. Cache
Response can be labeled as cacheable or not
If cacheable, client cache can reuse response
HTTP:
Supports caching via three basic mechanisms:
freshness
validation
invalidation
30. Shaun Abram 30
REST Constraints
4. Uniform Interface
to identify and manipulate resources
In plain English…
Common to use interfaces to decouple client from
impl
Goal: Simple Interface, full functionality, hide
complexity e.g. GUI
How does REST achieve this…?
33. Shaun Abram 33
REST Constraints
5. Layered System
Allows an architecture to be composed of layers
Constraining component behavior
Each component cannot “see” beyond immediate
layer
Client unaware if connected to the end or
intermediary improve scalability (e.g. load-balancing),
security
HTTP supports layering via proxy servers and
caching.
35. Shaun Abram 35
REST Constraints
6. Code-On-Demand (optional)
Client functionality can be extended (scripts/applets)
Allows server to decide how some things will be done
For example
client requests a resource,
server returns resource with some JavaScript
37. Shaun Abram 37
HTTP Request
GET /index.html HTTP/1.1
Host: www.example.com
This is made up of the following components:
Method: GET
URI: /index.html
Version: HTTP/1.1
Headers: Host: www.example.com
Body: empty in this example
38. Shaun Abram 38
HTTP Methods
Common methods
GET
DELETE
PUT
POST
Uncommon methods
HEAD
OPTIONS
TRACE
CONNECT
39. Shaun Abram 39
Common HTTP Methods
POST
In plain English, create a resource
Request to accept the entity as a new subordinate of
the resource identified by the URI
For example
– Submit data from a form to a data-handling process;
– Post a message to a mailing list or blog
PUT
In plain English, update a resource
Store the supplied entity under the supplied URI
– If already exists, update
– If not create with that URI
40. Shaun Abram 40
PUT vs POST: What is the difference?!
Some rules of thumb:
PUT is for update; POST is for create
PUT idempotent; POST is not;
Who creates the URL of the resource?
PUT when you know the URL to be created
POST when server decides the URL for you
Don’t use PUT, always POST (post events instead)?
Short answer? Use you best judgment!
42. Shaun Abram 42
Uncommon HTTP Methods
HEAD
Like GET but without the body
Used for obtaining meta-information about the entity
Useful for testing links, e.g. for validity, accessibility
OPTIONS
Request about the capabilities of a server
e.g. request a list of supported HTTP methods
Possible response:
200 OK; Allow: HEAD,GET,PUT,DELETE
Useful but not widely supported
43. Shaun Abram 43
Uncommon HTTP Methods
TRACE
Used to invoke a remote loop-back of the request
Plain English: Echoes back request to see what
changes have been made by intermediate servers
Often disabled for security
CONNECT
For use with a proxy that can dynamically switch to
being a tunnel
Typically for tunneling HTTPS through HTTP
connection
44. Shaun Abram 44
HTTP Methods
Safe and Idempotent methods
Safe methods
Do not modify resources – retrieval only
HEAD, GET, OPTIONS and TRACE
Idempotent methods
Can be called many times, same outcome
All the safe methods
Plus PUT and DELETE
45. Shaun Abram 45
HTTP Response
Example HTTP response:
HTTP/1.1 200 OK Version/Status code; Reason
phrase
Date: Mon, 23 May 2005 22:38:34 GMT Headers
Server: Apache/1.3.3.7 (Unix) (Red-Hat/Linux)
Last-Modified: Wed, 08 Jan 2003 23:11:55 GMT
ETag: "3f80f-1b6-3e1cb03b”
Content-Type: text/html; charset=UTF-8
Content-Length: 131
Accept-Ranges: bytes
Connection: close
<html> … </html> Body
46. Shaun Abram 46
HTTP response codes
Code Meaning Plain English
(From user
perspective)
1xx Informational; indicates a
provisional response,
e.g. 100
OK so far and client
should continue with the
request
47. Shaun Abram 47
HTTP response codes
Code Meaning Plain English
(From user
perspective)
1xx Informational; indicates a
provisional response,
e.g. 100
OK so far and client
should continue with the
request
2xx Successful All good
48. Shaun Abram 48
HTTP response codes
Code Meaning Plain English
(From user
perspective)
1xx Informational; indicates a
provisional response,
e.g. 100
OK so far and client
should continue with the
request
2xx Successful All good
3xx Redirection Something moved
49. Shaun Abram 49
HTTP response codes
Code Meaning Plain English
(From user
perspective)
1xx Informational; indicates a
provisional response,
e.g. 100
OK so far and client
should continue with the
request
2xx Successful All good
3xx Redirection Something moved
4xx Client Error You messed up
50. Shaun Abram 50
HTTP response codes
Code Meaning Plain English
(From user
perspective)
1xx Informational; indicates a
provisional response,
e.g. 100
OK so far and client
should continue with the
request
2xx Successful All good
3xx Redirection Something moved
4xx Client Error You messed up
5xx Server Error We messed up
51. Shaun Abram 51
Hypermedia as the engine of application state (HATEOAS)
What is Hypermedia?
URI and URL
Hypertext
Multimedia
Hypermedia
52. Shaun Abram 52
Hypermedia as the engine of application state (HATEOAS)
Clients know fixed entry points to the app
Transition (states) by using those links + more
If you think of Hypermedia as simply links, then HATEOAS
is simply using the links you discover to navigate (or
transition state) through the application.
Applies to human or software users
53. Shaun Abram 53
Microservices & REST
Microservices:
A small, focused, loosely coupled service
Can be developed, deployed, upgraded
independently
How to communicate with and between
Microservices?
REST & HTTP!
REST:
Proven architectural style inspired by www
Resources accessed via uniform interfaces and
HTTP
Strictly speaking, some things may change, e.g. logs, caches etc, but the representation of the resource in question must not.
By contrast, non-safe are intended to cause side effects either on the server.
Strictly speaking, some things may change, e.g. logs, caches etc, but the representation of the resource in question must not.
By contrast, non-safe are intended to cause side effects either on the server.
Strictly speaking, some things may change, e.g. logs, caches etc, but the representation of the resource in question must not.
By contrast, non-safe are intended to cause side effects either on the server.
Strictly speaking, some things may change, e.g. logs, caches etc, but the representation of the resource in question must not.
By contrast, non-safe are intended to cause side effects either on the server.
Strictly speaking, some things may change, e.g. logs, caches etc, but the representation of the resource in question must not.
By contrast, non-safe are intended to cause side effects either on the server.
Strictly speaking, some things may change, e.g. logs, caches etc, but the representation of the resource in question must not.
By contrast, non-safe are intended to cause side effects either on the server.