This document provides an overview of security tools that can be used in software development. It discusses coding standards, compiler warnings, version control, design for security, testing, and analysis tools. Coding standards and following compiler warnings can help catch simple errors. Version control allows reviewing changes and implementing hooks to catch issues early. Designing for security from the start is important. Testing on multiple levels from units to full systems helps improve quality. Static and dynamic analysis tools can find bugs without or during execution. Overall, applying security best practices throughout the development cycle leads to higher quality software.
The document provides information about various components of the internet and web including the World Wide Web, hyperlinks, TCP/IP protocol, URLs, HTTP, IP addresses, HTML, tags, parsing, JavaScript, client-side and server-side JavaScript, bugs, debugging, adding JavaScript to web pages, comments, and variables. It includes definitions and brief explanations of these terms.
Directive-based approach to Heterogeneous ComputingRuymán Reyes
The document discusses a directive-based approach to heterogeneous computing. It describes how applications used in HPC centers commonly use MPI and OpenMP programming models. It also discusses how complexity arises from mixing different Fortran dialects and the need for faster ways to migrate code to new architectures like accelerators without rewriting the code. The document proposes using directives to enhance legacy code for heterogeneous systems in a portable way.
Testing Apache Modules with Python and CtypesMarkus Litz
Writing tests for your Apache module is often a developer's least favourite task, especially if you don't like using the Perl Apache Testing Framework! One of the main reasons for this is that it's difficult to test your C code on-the-fly without a running Apache server. Using ctypes, you can test your modules without a running httpd, just by writing and using simple Python scripts! In this talk we will look at how to compile a specific version of the Apache webserver for testing, and how to use a common Python unit testing framework to write and set up tests. We will also cover examples of writing simple test cases for the Catacomb WebDAV Server module.
Talk from Apachecon US 2009
Even though this is a trivial example, the advantages of Python stand out.
Yorktown’s Computer Science I course has no prerequisites, so many of the
students seeing this example are looking at their first program. Some of them
are undoubtedly a little nervous, having heard that computer programming is
difficult to learn. The C++ version has always forced me to choose between
two unsatisfying options: either to explain the #include, void main(), {, and
} statements and risk confusing or intimidating some of the students right at
the start, or to tell them, “Just don’t worry about all of that stuff now; we will
talk about it later,” and risk the same thing. The educational objectives at
this point in the course are to introduce students to the idea of a programming
statement and to get them to write their first program, thereby introducing
them to the programming environment. The Python program has exactly what
is needed to do these things, and nothing more.
Comparing the explanatory text of the program in each version of the book
further illustrates what this means to the beginning student. There are thirteen
paragraphs of explanation of “Hello, world!” in the C++ version; in the Python
version, there are only two. More importantly, the missing eleven paragraphs
do not deal with the “big ideas” in computer programming but with the minutia
of C++ syntax. I found this same thing happening throughout the book.
Whole paragraphs simply disappear from the Python version of the text because
Python’s much clearer syntax renders them unnecessary.
Using a very high-level language like Python allows a teacher to postpone talking
about low-level details of the machine until students have the background that
they need to better make sense of the details. It thus creates the ability to put
“first things first” pedagogically. One of the best examples of this is the way in
which Python handles variables. In C++ a variable is a name for a place that
holds a thing. Variables have to be declared with types at least in part because
the size of the place to which they refer needs to be predetermined. Thus, the
idea of a variable is bound up with the hardware of the machine. The powerful
and fundamental concept of a variable is already difficult enough for beginning
students (in both computer science and algebra). Bytes and addresses do not
help the matter. In Python a variable is a name that refers to a thing. This
is a far more intuitive concept for beginning students and is much closer to the
meaning of “variable” that they learned in their math courses. I had much less
difficulty teaching variables this year than I did in the past, and I spent less
time helping students with problems using them.
The document provides a quick reference guide for Java programming including:
1) The basic syntax for a Java application with a main method.
2) How to compile and run a Java program from the command line.
3) An overview of Java primitive data types, comments, and reserved words.
4) Descriptions of common Java programming concepts like classes, arrays, and flow control statements.
This document provides a cheat sheet for using the GNU Debugger (GDB). It lists GDB commands for running and attaching to programs, setting breakpoints and watchpoints, examining the call stack and variables, stepping through code, and getting information about loaded libraries, signals, and threads. The cheat sheet also describes format specifiers and expressions that can be used with commands like print to examine memory and variables.
This document describes the animate LaTeX package, which allows creating portable PDF and SVG animations from vector graphics or image files. Key features include:
- Support for common LaTeX workflows like pdfLaTeX, LuaLaTeX, and dvi to PDF/SVG conversion.
- Commands to animate graphics from file sets or inline material using environments.
- Options to control playback, layout, and user interface of animations.
- Ability to view PDF animations in common readers and embed SVG animations on the web.
- Programming interface to control animations with JavaScript.
L Fu - Dao: a novel programming language for bioinformaticsJan Aerts
The document introduces Dao, a new programming language for bioinformatics. It discusses Dao's key features like optional typing, native support for concurrent programming, an LLVM-based JIT compiler, simple C interfaces, and the ClangDao tool for wrapping C/C++ libraries. An example demonstrates using thread tasks and futures for concurrent programming. The document outlines future plans to develop BioDao, an open source project providing bioinformatics modules to the Dao language.
The document provides information about various components of the internet and web including the World Wide Web, hyperlinks, TCP/IP protocol, URLs, HTTP, IP addresses, HTML, tags, parsing, JavaScript, client-side and server-side JavaScript, bugs, debugging, adding JavaScript to web pages, comments, and variables. It includes definitions and brief explanations of these terms.
Directive-based approach to Heterogeneous ComputingRuymán Reyes
The document discusses a directive-based approach to heterogeneous computing. It describes how applications used in HPC centers commonly use MPI and OpenMP programming models. It also discusses how complexity arises from mixing different Fortran dialects and the need for faster ways to migrate code to new architectures like accelerators without rewriting the code. The document proposes using directives to enhance legacy code for heterogeneous systems in a portable way.
Testing Apache Modules with Python and CtypesMarkus Litz
Writing tests for your Apache module is often a developer's least favourite task, especially if you don't like using the Perl Apache Testing Framework! One of the main reasons for this is that it's difficult to test your C code on-the-fly without a running Apache server. Using ctypes, you can test your modules without a running httpd, just by writing and using simple Python scripts! In this talk we will look at how to compile a specific version of the Apache webserver for testing, and how to use a common Python unit testing framework to write and set up tests. We will also cover examples of writing simple test cases for the Catacomb WebDAV Server module.
Talk from Apachecon US 2009
Even though this is a trivial example, the advantages of Python stand out.
Yorktown’s Computer Science I course has no prerequisites, so many of the
students seeing this example are looking at their first program. Some of them
are undoubtedly a little nervous, having heard that computer programming is
difficult to learn. The C++ version has always forced me to choose between
two unsatisfying options: either to explain the #include, void main(), {, and
} statements and risk confusing or intimidating some of the students right at
the start, or to tell them, “Just don’t worry about all of that stuff now; we will
talk about it later,” and risk the same thing. The educational objectives at
this point in the course are to introduce students to the idea of a programming
statement and to get them to write their first program, thereby introducing
them to the programming environment. The Python program has exactly what
is needed to do these things, and nothing more.
Comparing the explanatory text of the program in each version of the book
further illustrates what this means to the beginning student. There are thirteen
paragraphs of explanation of “Hello, world!” in the C++ version; in the Python
version, there are only two. More importantly, the missing eleven paragraphs
do not deal with the “big ideas” in computer programming but with the minutia
of C++ syntax. I found this same thing happening throughout the book.
Whole paragraphs simply disappear from the Python version of the text because
Python’s much clearer syntax renders them unnecessary.
Using a very high-level language like Python allows a teacher to postpone talking
about low-level details of the machine until students have the background that
they need to better make sense of the details. It thus creates the ability to put
“first things first” pedagogically. One of the best examples of this is the way in
which Python handles variables. In C++ a variable is a name for a place that
holds a thing. Variables have to be declared with types at least in part because
the size of the place to which they refer needs to be predetermined. Thus, the
idea of a variable is bound up with the hardware of the machine. The powerful
and fundamental concept of a variable is already difficult enough for beginning
students (in both computer science and algebra). Bytes and addresses do not
help the matter. In Python a variable is a name that refers to a thing. This
is a far more intuitive concept for beginning students and is much closer to the
meaning of “variable” that they learned in their math courses. I had much less
difficulty teaching variables this year than I did in the past, and I spent less
time helping students with problems using them.
The document provides a quick reference guide for Java programming including:
1) The basic syntax for a Java application with a main method.
2) How to compile and run a Java program from the command line.
3) An overview of Java primitive data types, comments, and reserved words.
4) Descriptions of common Java programming concepts like classes, arrays, and flow control statements.
This document provides a cheat sheet for using the GNU Debugger (GDB). It lists GDB commands for running and attaching to programs, setting breakpoints and watchpoints, examining the call stack and variables, stepping through code, and getting information about loaded libraries, signals, and threads. The cheat sheet also describes format specifiers and expressions that can be used with commands like print to examine memory and variables.
This document describes the animate LaTeX package, which allows creating portable PDF and SVG animations from vector graphics or image files. Key features include:
- Support for common LaTeX workflows like pdfLaTeX, LuaLaTeX, and dvi to PDF/SVG conversion.
- Commands to animate graphics from file sets or inline material using environments.
- Options to control playback, layout, and user interface of animations.
- Ability to view PDF animations in common readers and embed SVG animations on the web.
- Programming interface to control animations with JavaScript.
L Fu - Dao: a novel programming language for bioinformaticsJan Aerts
The document introduces Dao, a new programming language for bioinformatics. It discusses Dao's key features like optional typing, native support for concurrent programming, an LLVM-based JIT compiler, simple C interfaces, and the ClangDao tool for wrapping C/C++ libraries. An example demonstrates using thread tasks and futures for concurrent programming. The document outlines future plans to develop BioDao, an open source project providing bioinformatics modules to the Dao language.
This document provides an overview of graphics programming in C++ using the G3D library. It discusses that C++ is widely used for computer graphics and combines low-level and high-level features. It also introduces the G3D library, which is an open source cross-platform library for 3D graphics that handles much of the complex infrastructure. The document then provides tips for programmers with Java experience on some key differences between C++ and Java and aspects of C++ they should be aware of for graphics programming.
1. The goal is to develop a tool that analyzes cryptographic protocol implementations at the source code level to detect potential security flaws or prove security.
2. As motivation, the document describes a 2009 vulnerability in OpenSSL that allowed a corrupted certificate to be incorrectly validated due to a faulty return value check.
3. The tool assumes cryptographic primitives are correctly implemented but aims to verify security at the implementation level rather than just the high-level specification.
This article demonstrates capabilities of the static code analysis methodology. The readers are offered to study the samples of one hundred errors found in open-source projects in C/C++. All the errors have been found with the PVS-Studio static code analyzer.
Php On Java (London Java Community Unconference)Robin Fernandes
PHP code can run on the Java Virtual Machine using implementations like P8 that compile PHP to Java bytecode. This allows PHP applications to leverage Java libraries and PHP scripts to be used in Java applications and middleware products from IBM like WebSphere and Message Broker. Some challenges of PHP on JVM include differences in strings and limitations of PHP class formats, but it provides benefits like a more modern runtime and ability to integrate PHP and Java code.
Prototalk is an environment for teaching, understanding, designing, and prototyping object-oriented languages with a prototype-based paradigm. It allows different prototype-based OO languages like Self and NewtonScript to be expressed using the same syntax. Prototalk represents each language using a subclass and executes programs by sending an evaluate message. It has a minimal core that can express the most general semantics and is extensible so new languages can be implemented efficiently.
1) The document outlines the steps in peak calling and annotation from sequencing data, including mapping reads, determining coverage, identifying enriched regions compared to controls, and annotating peaks by genomic location.
2) It reviews common file formats used at different steps like FASTQ, SAM/BAM, BED, WIG, and GFF and the information they contain.
3) Popular peak calling programs are discussed and compared based on their statistical models and techniques for assigning peaks while controlling for biases from controls, duplicates, and genomic features.
This document provides a summary of key Java concepts including keywords, packages, character escape sequences, collections, regular expressions, JAR files, and commonly used tools. It includes a table listing Java keywords with their descriptions and examples. The document is intended to give an overview of core aspects of the Java language.
Buffer Overflow Prone Function DetectionSanjay Rawat
This document proposes identifying buffer overflow inducing loops (BOILs) in binary code as a pattern for detecting buffer overflow vulnerabilities. A BOIL is a loop that writes to memory, where the written address and value change within the loop and depend on function arguments. The authors implemented a tool to detect BOILs using data flow analysis. Experimental results on vulnerable programs found BOILs flagged 10-15% of loops and successfully identified known vulnerabilities. Future work involves integrating BOIL detection into a full vulnerability analysis framework.
1. The document describes the overall structure and process of setting up and starting a camera recording using the StagefrightRecorder and CameraSource classes in Android.
2. It establishes connections between the CameraSource, CameraService, CameraRecordingProxy and Camera classes to initialize the camera and get camera frames.
3. Upon start, it begins recording by starting tracks in the MPEG4Writer, which signals the CameraSource to start the actual camera recording via the CameraRecordingProxy.
This document provides an overview of inter-process communication (IPC) using QtDBus. It begins with introductions to IPC, D-Bus, and QtDBus. It then discusses exposing functionality through interfaces, calling interfaces, and sending messages. Methods for high-level, mid-level, and low-level usage of QtDBus are presented. The document demonstrates connecting to D-Bus, registering services, exposing slots and interfaces, and using generated proxy classes to call interfaces.
This document discusses macro processors and how they work. It begins with an introduction to macro instructions as a notational convenience that allows shorthand programming through macro definitions and invocations. It then covers the key components of a macro processor, including recognizing macro definitions and calls, expanding macro calls by substituting parameters, and handling nested macro definitions and invocations. Finally, it compares different designs for macro processors, such as single-pass vs two-pass algorithms, and how they handle features like conditional expansion, unique labels, and parameter concatenation.
This document summarizes new features in Java SE 7 and Java EE 6. For Java SE 7, it outlines language changes like annotations on types and Project Coin small changes, as well as core changes like modularity support and concurrency updates. It describes VM changes like compressed pointers and garbage collection improvements. For Java EE 6, it discusses goals like rightsizing and extensibility, and new technologies like CDI and Bean Validation. It provides overviews of updated technologies and how profiles target specific capabilities.
Java 7 - New Features - by Mihail Stoynov and Svetlin NakovSvetlin Nakov
Java 7 - New Features
Introduction and Chronology
Compressed 64-bit Object Pointers
Garbage-First GC (G1)
Dynamic Languages in JVM
Java Modularity – Project Jigsaw
Language Enhancements (Project Coin)
Strings in Switch
Automatic Resource Management (ARM)
Improved Type Inference for Generic Instance Creation
Improved Type Inference for Generic Instance Creation
Simplified Varargs Method Invocation
Collection Literals
Indexing Access Syntax for Lists and Maps
Language Support for JSR 292
Underscores in Numbers
Binary Literals
Closures for Java
First-class Functions
Function Types
Lambda Expressions
Project Lambda
Extension Methods
Upgrade Class-Loader Architecture
Method to close a URLClassLoader
Unicode 5.1
JSR 203: NIO.2
SCTP (Stream Control Transmission Protocol)
SDP (Sockets Direct Protocol)
PHP can run on the Java Virtual Machine (JVM) using implementations like P8 that compile PHP code to Java bytecode. This allows PHP applications to leverage Java libraries and Java applications to leverage PHP scripting. Integrating PHP and Java can provide benefits like allowing PHP developers to use cutting-edge Java runtimes and PHP apps to incorporate Apache POI, Eclipse BIRT, and Apache Lucene. Products like WebSphere sMash and Message Broker allow building apps using PHP, Java, and other JVM languages on a shared runtime.
The document describes a goal of developing a tool for automated security analysis of cryptographic protocol implementations written in C. It aims to take source code as input, perform a sound and scalable analysis, and output either known security flaws or a proof of security. Symbolic execution is proposed as a method to simplify programs and extract their meaning, mapping low-level C code to a formal language model that can be analyzed by existing tools like ProVerif. Current status is that symbolic execution has been implemented for fixed bitstring lengths and linear control flow. Further work is needed to support variable lengths, arbitrary control flow, and full format abstraction before integrating with a protocol verifier.
Este documento resume la normativa colombiana relacionada con la conservación de documentos. Incluye artículos de la Constitución Política, el Código de Procedimiento Civil, leyes, decretos y acuerdos que establecen la obligación de conservar documentos, su valor probatorio, y las medidas para preservarlos mediante copias, microfilmación, sistemas electrónicos u otros métodos, garantizando su integridad física y funcional. Asimismo, definen el patrimonio documental de la nación y los criterios y condiciones
Pedro Heilbron es el Presidente Ejecutivo de Copa Holdings y Copa Airlines. Bajo su liderazgo, Copa Airlines estableció el exitoso "Hub de las Américas" en Panamá y lideró una alianza estratégica con United Airlines. Heilbron supervisó importantes logros como la adquisición de otra aerolínea y la oferta pública inicial de Copa Holdings en la bolsa de Nueva York. Es miembro del consejo asesor del Instituto Smithsonian de Panamá y ha recibido varios premios por su lideraz
La niña trabajaba en una fábrica de chocolate y apenas ganaba lo suficiente para sobrevivir, pero inventó un nuevo dulce exitoso. Esto mejoró su situación financiera hasta que su jefe la traicionó y la dejó en la pobreza otra vez. Sin embargo, tuvo suerte al encontrar un boleto de lotería ganador en la basura que la hizo rica para siempre.
This document provides an overview of graphics programming in C++ using the G3D library. It discusses that C++ is widely used for computer graphics and combines low-level and high-level features. It also introduces the G3D library, which is an open source cross-platform library for 3D graphics that handles much of the complex infrastructure. The document then provides tips for programmers with Java experience on some key differences between C++ and Java and aspects of C++ they should be aware of for graphics programming.
1. The goal is to develop a tool that analyzes cryptographic protocol implementations at the source code level to detect potential security flaws or prove security.
2. As motivation, the document describes a 2009 vulnerability in OpenSSL that allowed a corrupted certificate to be incorrectly validated due to a faulty return value check.
3. The tool assumes cryptographic primitives are correctly implemented but aims to verify security at the implementation level rather than just the high-level specification.
This article demonstrates capabilities of the static code analysis methodology. The readers are offered to study the samples of one hundred errors found in open-source projects in C/C++. All the errors have been found with the PVS-Studio static code analyzer.
Php On Java (London Java Community Unconference)Robin Fernandes
PHP code can run on the Java Virtual Machine using implementations like P8 that compile PHP to Java bytecode. This allows PHP applications to leverage Java libraries and PHP scripts to be used in Java applications and middleware products from IBM like WebSphere and Message Broker. Some challenges of PHP on JVM include differences in strings and limitations of PHP class formats, but it provides benefits like a more modern runtime and ability to integrate PHP and Java code.
Prototalk is an environment for teaching, understanding, designing, and prototyping object-oriented languages with a prototype-based paradigm. It allows different prototype-based OO languages like Self and NewtonScript to be expressed using the same syntax. Prototalk represents each language using a subclass and executes programs by sending an evaluate message. It has a minimal core that can express the most general semantics and is extensible so new languages can be implemented efficiently.
1) The document outlines the steps in peak calling and annotation from sequencing data, including mapping reads, determining coverage, identifying enriched regions compared to controls, and annotating peaks by genomic location.
2) It reviews common file formats used at different steps like FASTQ, SAM/BAM, BED, WIG, and GFF and the information they contain.
3) Popular peak calling programs are discussed and compared based on their statistical models and techniques for assigning peaks while controlling for biases from controls, duplicates, and genomic features.
This document provides a summary of key Java concepts including keywords, packages, character escape sequences, collections, regular expressions, JAR files, and commonly used tools. It includes a table listing Java keywords with their descriptions and examples. The document is intended to give an overview of core aspects of the Java language.
Buffer Overflow Prone Function DetectionSanjay Rawat
This document proposes identifying buffer overflow inducing loops (BOILs) in binary code as a pattern for detecting buffer overflow vulnerabilities. A BOIL is a loop that writes to memory, where the written address and value change within the loop and depend on function arguments. The authors implemented a tool to detect BOILs using data flow analysis. Experimental results on vulnerable programs found BOILs flagged 10-15% of loops and successfully identified known vulnerabilities. Future work involves integrating BOIL detection into a full vulnerability analysis framework.
1. The document describes the overall structure and process of setting up and starting a camera recording using the StagefrightRecorder and CameraSource classes in Android.
2. It establishes connections between the CameraSource, CameraService, CameraRecordingProxy and Camera classes to initialize the camera and get camera frames.
3. Upon start, it begins recording by starting tracks in the MPEG4Writer, which signals the CameraSource to start the actual camera recording via the CameraRecordingProxy.
This document provides an overview of inter-process communication (IPC) using QtDBus. It begins with introductions to IPC, D-Bus, and QtDBus. It then discusses exposing functionality through interfaces, calling interfaces, and sending messages. Methods for high-level, mid-level, and low-level usage of QtDBus are presented. The document demonstrates connecting to D-Bus, registering services, exposing slots and interfaces, and using generated proxy classes to call interfaces.
This document discusses macro processors and how they work. It begins with an introduction to macro instructions as a notational convenience that allows shorthand programming through macro definitions and invocations. It then covers the key components of a macro processor, including recognizing macro definitions and calls, expanding macro calls by substituting parameters, and handling nested macro definitions and invocations. Finally, it compares different designs for macro processors, such as single-pass vs two-pass algorithms, and how they handle features like conditional expansion, unique labels, and parameter concatenation.
This document summarizes new features in Java SE 7 and Java EE 6. For Java SE 7, it outlines language changes like annotations on types and Project Coin small changes, as well as core changes like modularity support and concurrency updates. It describes VM changes like compressed pointers and garbage collection improvements. For Java EE 6, it discusses goals like rightsizing and extensibility, and new technologies like CDI and Bean Validation. It provides overviews of updated technologies and how profiles target specific capabilities.
Java 7 - New Features - by Mihail Stoynov and Svetlin NakovSvetlin Nakov
Java 7 - New Features
Introduction and Chronology
Compressed 64-bit Object Pointers
Garbage-First GC (G1)
Dynamic Languages in JVM
Java Modularity – Project Jigsaw
Language Enhancements (Project Coin)
Strings in Switch
Automatic Resource Management (ARM)
Improved Type Inference for Generic Instance Creation
Improved Type Inference for Generic Instance Creation
Simplified Varargs Method Invocation
Collection Literals
Indexing Access Syntax for Lists and Maps
Language Support for JSR 292
Underscores in Numbers
Binary Literals
Closures for Java
First-class Functions
Function Types
Lambda Expressions
Project Lambda
Extension Methods
Upgrade Class-Loader Architecture
Method to close a URLClassLoader
Unicode 5.1
JSR 203: NIO.2
SCTP (Stream Control Transmission Protocol)
SDP (Sockets Direct Protocol)
PHP can run on the Java Virtual Machine (JVM) using implementations like P8 that compile PHP code to Java bytecode. This allows PHP applications to leverage Java libraries and Java applications to leverage PHP scripting. Integrating PHP and Java can provide benefits like allowing PHP developers to use cutting-edge Java runtimes and PHP apps to incorporate Apache POI, Eclipse BIRT, and Apache Lucene. Products like WebSphere sMash and Message Broker allow building apps using PHP, Java, and other JVM languages on a shared runtime.
The document describes a goal of developing a tool for automated security analysis of cryptographic protocol implementations written in C. It aims to take source code as input, perform a sound and scalable analysis, and output either known security flaws or a proof of security. Symbolic execution is proposed as a method to simplify programs and extract their meaning, mapping low-level C code to a formal language model that can be analyzed by existing tools like ProVerif. Current status is that symbolic execution has been implemented for fixed bitstring lengths and linear control flow. Further work is needed to support variable lengths, arbitrary control flow, and full format abstraction before integrating with a protocol verifier.
Este documento resume la normativa colombiana relacionada con la conservación de documentos. Incluye artículos de la Constitución Política, el Código de Procedimiento Civil, leyes, decretos y acuerdos que establecen la obligación de conservar documentos, su valor probatorio, y las medidas para preservarlos mediante copias, microfilmación, sistemas electrónicos u otros métodos, garantizando su integridad física y funcional. Asimismo, definen el patrimonio documental de la nación y los criterios y condiciones
Pedro Heilbron es el Presidente Ejecutivo de Copa Holdings y Copa Airlines. Bajo su liderazgo, Copa Airlines estableció el exitoso "Hub de las Américas" en Panamá y lideró una alianza estratégica con United Airlines. Heilbron supervisó importantes logros como la adquisición de otra aerolínea y la oferta pública inicial de Copa Holdings en la bolsa de Nueva York. Es miembro del consejo asesor del Instituto Smithsonian de Panamá y ha recibido varios premios por su lideraz
La niña trabajaba en una fábrica de chocolate y apenas ganaba lo suficiente para sobrevivir, pero inventó un nuevo dulce exitoso. Esto mejoró su situación financiera hasta que su jefe la traicionó y la dejó en la pobreza otra vez. Sin embargo, tuvo suerte al encontrar un boleto de lotería ganador en la basura que la hizo rica para siempre.
Este documento describe la experiencia de aprendizaje de la autora en el programa TIT@. Inicialmente tenía dudas sobre el proceso y se sentía ansiosa, pero con el tiempo logró dominar las herramientas y técnicas a través de la práctica constante. Un punto de inflexión fue cuando pudo resolver una tarea en 5 horas que antes le tomaba media hora, lo que le dio confianza para continuar aprendiendo. Finalmente, pudo compartir sus conocimientos con compañeros, dándose cuenta del progreso en su aprendizaje.
Los problemas de aprendizaje afectan las habilidades de lectura, ortografía, escucha, habla, razonamiento y matemáticas. Estos problemas se hacen evidentes en los primeros años escolares y están relacionados con las materias académicas. Los investigadores creen que los problemas de aprendizaje son causados por diferencias en el funcionamiento del cerebro y cómo procesa la información.
Este documento presenta 7 actividades para el Tema III de un curso de introducción a la ingeniería. Los estudiantes deben leer varios documentos y realizar resúmenes con comentarios sobre temas como los métodos de la ingeniería, la ciencia e ingeniería, y la ingeniería y la sociedad. También deben responder preguntas y evaluarse mediante la resolución de un cuestionario en fechas específicas para calificar el tema.
Este documento proporciona instrucciones para completar cinco prácticas en Word. La primera instrucción es copiar un texto y dividirlo en dos columnas. La segunda es insertar la fecha y hora. La tercera es insertar el número de página en un pie de página. La cuarta es completar algunas sumas. Y la quinta es dibujar una figura y agruparla.
El documento describe el fenómeno creciente del "Do It Yourself" (DIY), donde las personas fabrican o reparan cosas por sí mismas en lugar de depender de ayuda externa. El DIY forma parte de la cultura "maker" contemporánea, que incluye actividades como robótica, impresión 3D, programación y artesanías. El documento también menciona ejemplos de cómo los jóvenes y profesionales usan el DIY para el entretenimiento y la innovación en su trabajo.
17-07-2011 Formalizan Gobierno del Estado y Ayuntamiento declaratoria de Área...Elizabeth Morales
San Pedro del Monte, Las Vigas, Ver., 17 de julio de 2011.- Directores y coordinadores del Ayuntamiento de Xalapa, encabezados por la presidenta municipal Elízabeth Morales García, participaron en la Jornada nacional de reforestación social 2011, donde las autoridades estatales y municipales anunciaron que la laguna de El Castillo será declarada Área Natural Protegida.
Tarea ventajas y desventajas del mooc copiaLucy Margarita
El documento resume las ventajas y desventajas de los MOOC (Massive Open Online Courses). Las ventajas incluyen la adquisición de conocimientos de diferentes temas e intereses, la capacidad de brindar información a personas de diferentes edades y antecedentes sin costo, y la flexibilidad de horario. Las desventajas son la falta de interacción entre compañeros, la ausencia de andamiaje en el aprendizaje, y problemas técnicos que pueden impedir el acceso a la información.
La estrategia de community management propone la creación de una comunidad y generación de contenido atractivo para posicionar la marca. También incluye la resolución de quejas públicamente para ganar confianza, generar tráfico a través de posicionamiento SEO y blogs, y realizar un seguimiento numérico de la estrategia.
Este documento presenta una rúbrica para evaluar la calidad de resúmenes elaborados por estudiantes. La rúbrica evalúa el contenido, la presentación, la exposición ante compañeros y las aportaciones realizadas en cuatro niveles de 1 a 4, donde 1 es el nivel más bajo y 4 el más alto.
El documento describe los sistemas de grupos sanguíneos ABO y Rh. El sistema ABO clasifica la sangre según la presencia o ausencia de antígenos A y B en los glóbulos rojos y anticuerpos en el suero. El sistema Rh clasifica la sangre como positiva o negativa según la presencia o ausencia del factor Rh. Las transfusiones entre grupos incompatibles pueden causar una reacción inmunológica que pone en peligro la vida.
La tarea propone que los estudiantes: 1) vean un video sobre resolución de ecuaciones de segundo grado en YouTube, 2) graben un video propio resolviendo una ecuación asignada, y 3) suban su video a YouTube y compartan el enlace con el profesor o lo lleven en un pendrive. Los videos serán publicados en el blog del profesor y los mejores serán expuestos en la exposición de fin de año.
Los tres principales mamíferos marinos de Galápagos son lobos marinos de un y dos pelos, delfines y ballenas. Los lobos marinos varían en tamaño y pelaje, mientras que los delfines son ágiles depredadores y las ballenas alcanzan tamaños masivos de hasta 80 toneladas. Todos ellos demuestran habilidades increíbles en el agua a pesar de su torpeza en tierra.
Este documento presenta las ventajas de editar imágenes en línea sin necesidad de instalar software. Algunas de las ventajas incluyen que no se requiere instalación, cuentan con funciones populares, son rápidas sin demoras y permiten extraer imágenes directamente de otros sitios web sin descargarlas primero.
Este documento presenta un marco teórico sobre los parásitos. Explica que un parásito vive y se alimenta de otro ser vivo llamado huésped sin aportarle ningún beneficio, lo que puede dañar al huésped. También describe que la parasitología estudia las interacciones entre parásitos y huéspedes, incluyendo estrategias de inmunoevasión de los parásitos. Finalmente, identifica factores que permiten la aparición de parásitos como el desaseo personal y la presencia de animal
The document discusses buffer overflows, which occur when data is added to a buffer that exceeds the allocated memory space for that buffer. This can allow attackers to control other values in a program. Common ways to exploit buffer overflows include stack smashing attacks, which overwrite return addresses on the stack. The document then discusses various techniques used to help prevent buffer overflows, such as canary-based defenses that insert check values, non-executable stack techniques, and approaches taken by different operating systems and languages. However, it notes that buffer overflows remain a problem and developers still need to write secure code to fully prevent exploits.
100 bugs in Open Source C/C++ projects Andrey Karpov
This article demonstrates capabilities of the static code analysis methodology. The readers are offered to study the samples of one hundred errors found in open-source projects in C/C++.
The document appears to be a block of random letters with no discernible meaning or purpose. It consists of a series of letters without any punctuation, formatting, or other signs of structure that would indicate it is meant to convey any information. The document does not provide any essential information that could be summarized.
Five cool ways the JVM can run Apache Spark fasterTim Ellison
The IBM JVM runs Apache Spark fast! This talk explains some of the findings and optimizations from our experience of running Spark workloads.
The talk was originally presented at the SparkEU Summit 2015 in Amsterdam.
This document provides a quick introduction to the C programming language. It begins with an overview of writing and running C programs, including compiling source code into an executable binary. It then discusses some key C programming concepts like functions, memory, variables, and data types. The document uses simple examples like a "Hello World" program to demonstrate basic C syntax and how programs are executed. Overall, it aims to give new C programmers a high-level understanding of some essential C programming fundamentals in about 3 pages.
This document provides instructions for conducting a buffer overflow attack on a vulnerable C program to alter its execution flow. It explains how functions are called and stored on the stack, and how overflowing a buffer can overwrite the return address to point to attacker-chosen code. The document demonstrates compiling a sample program, running it under a debugger to find addresses, and using a Python script to send an overly long input exploiting the buffer overflow to execute a secret function.
The document discusses switch case statements and looping in programming. It provides examples of switch case statements that check the value of a variable and execute different code blocks depending on the value. It also discusses the different types of loops - for, while, and do-while loops - and provides examples of each. The examples demonstrate how to use switch cases and loops to repeat blocks of code or make decisions based on variable values.
Enabling White-Box Reuse in a Pure Composition Languageelliando dias
This document discusses enabling white-box reuse in a pure composition language. It introduces a language extension to JPiccola, a composition language, that allows inheritance by generating subclasses at runtime. This enables accessing functionality from existing Java frameworks through inheritance while maintaining JPiccola's scripting style. The implementation generates bytecode for the subclasses by gathering class structure information and redirecting method calls to Piccola services. Examples show generating subclasses and interfaces. The extension integrates well with JPiccola and allows frameworks to be reused through inheritance when needed.
C is a procedural programming language. It was developed in the early 1970s and is still widely used. The document provides an overview of key aspects of C including data types, variables, constants, operators, control statements like if/else, and functions. It also discusses C programming concepts like low-level vs high-level languages, header files, comments, escape sequences, and more. The document serves as a useful introduction and reference for someone learning the basics of the C programming language.
A Java Implementer's Guide to Boosting Apache Spark Performance by Tim Ellison.J On The Beach
Apache Spark has rocked the big data landscape, quickly becoming the largest open source big data community with over 750 contributors from more than 200 organizations. Spark's core tenants of speed, ease of use, and its unified programming model fit neatly with the high performance, scalable, and manageable characteristics of modern Java runtimes. In this talk we introduce the Spark programming model, and describe some unique Java runtime capabilities in the JIT, fast networking, serialization techniques, and GPU off-loading that deliver the ultimate big data platform for solving business problems. We will show how solutions, previously infeasible with regular Java programming, become possible with a high performance Spark core runtime, enabling you to solve problems smarter and faster.
Structures-Declaring and Initializing, Nested structure, Array of Structure, Passing Structures to functions, Unions, typedef, enum, Bit fields.
Pointers: Declarations, Pointer arithmetic, Pointers and functions, call by value, Call by reference, Pointers and Arrays, Arrays of Pointers, Pointers and Structures. Meaning of static and dynamic memory allocation, Memory allocation functions.
Files: File modes, File functions, and File operations, Text and Binary files, Command Line arguments Preprocessor directives. Macros: Definition, types of Macros, Creating and implementing user defined header files
(This is presentation slide for RubyKaigi 2009)
Erubis is very fast and extensible implementation of eRuby. In this slides, I show you features of Erubis, and issues related to eRuby and solution by Erubis. Also I show you some ideas about the future of template system.
Some common microcontrollers used in the automotive industry include:
- NXP S32K - Used in engine control units, transmission control units, body control modules, etc. Popular automotive MCU family.
- Renesas RX - Used in engine control, transmission control, body electronics, infotainment systems. Widely used in Toyota, Honda vehicles.
- Infineon AURIX - Used in advanced driver assistance systems, electric power steering, x-by-wire applications.
- STMicroelectronics STM32 - Widely used in body control modules, instrument clusters, lighting systems. Popular automotive MCU.
- Texas Instruments MSP430 - Used in
The document contains details of 10 practical assignments for a programming language course. It includes examples of code snippets to demonstrate inheritance, polymorphism, delegates, constructors, exception handling, file I/O, adding a flash item to a website, and explanations of XML and DTDs. The assignments cover core concepts of .NET framework and C# programming language.
PyCon Canada 2015 - Is your python application secureIMMUNIO
In today’s world, it's easier than ever to innovate and create great web applications. You release often, but let’s be honest, if you're like most developers out there, you don't spend your days worrying about security. You know it’s important, but you aren’t security savvy. So ask yourself, is your Python application secure? Come learn some of the different ways a hacker (cracker) can attack your code, and some of the best practices out there. In the end, your security is your users’ security.
A computer program is a sequence of instructions that tells a computer to perform tasks. Programs are written by programmers in human-readable source code and then compiled into an executable form for the computer to run directly. Common programming languages include C++, Java, and Python. Switch-case statements allow programmers to write code that performs different actions depending on the value of a variable.
Is your python application secure? - PyCon Canada - 2015-11-07Frédéric Harper
In today’s world, it's easier than ever to innovate and create great web applications. You release often, but let’s be honest, if you're like most developers out there, you don't spend your days worrying about security. You know it’s important, but you aren’t security savvy. So ask yourself, is your Python application secure? Come learn some of the different ways a hacker (cracker) can attack your code, and some of the best practices out there. In the end, your security is your users’ security.
Try to imagine the amount of time and effort it would take you to write a bug-free script or application that will accept a URL, port scan it, and for each HTTP service that it finds, it will create a new thread and perform a black box penetration testing while impersonating a Blackberry 9900 smartphone. While you’re thinking, Here’s how you would have done it in Hackersh:
“http://localhost” \
-> url \
-> nmap \
-> browse(ua=”Mozilla/5.0 (BlackBerry; U; BlackBerry 9900; en) AppleWebKit/534.11+ (KHTML, like Gecko) Version/7.1.0.346 Mobile Safari/534.11+”) \
-> w3af
Meet Hackersh (“Hacker Shell”) – A new, free and open source cross-platform shell (command interpreter) with built-in security commands and Pythonect-like syntax.
Aside from being interactive, Hackersh is also scriptable with Pythonect. Pythonect is a new, free, and open source general-purpose dataflow programming language based on Python, written in Python. Hackersh is inspired by Unix pipeline, but takes it a step forward by including built-in features like remote invocation and threads. This 120 minute lab session will introduce Hackersh, the automation gap it fills, and its features. Lots of demonstrations and scripts are included to showcase concepts and ideas.
Framework design involves balancing many considerations, such as:
- Managing dependencies between components to allow for flexibility and evolution over time. Techniques like dependency injection and layering help achieve this.
- Designing APIs by first writing code samples for key scenarios and defining object models to support these samples to ensure usability.
- Treating simplicity as a feature by removing unnecessary requirements and reusing existing concepts where possible.
This document provides information about the Tor anonymity network and issues related to privacy, surveillance, and cryptography. It discusses how Tor works to anonymize users and protect their privacy, the importance of privacy in a democratic society, and risks of government surveillance and backdoors in encryption tools and software. It also summarizes the history of Tor and how it was originally developed by the US Naval Research Laboratory.
Præsentation for PROSA listing some threat and how to reduce risk - open source oyu can reuse slides for your own presentations https://github.com/kramshoej/security-courses
The document summarizes a presentation on IT security given by Henrik Lund Kramshøj. The presentation covers topics such as password security, using encryption tools to protect data, and two-factor authentication. It provides examples of password managers and hardware security keys that can be used to replace passwords. It also discusses using encryption protocols and virtual private networks to securely transmit data.
This document provides a summary of an internet security trends presentation from April 2013. It discusses various internet security reports from 2012 and 2013, key findings from 2011, an overview of common attack types, botnets like Carna that use insecure embedded devices, the Shodan search engine, vulnerabilities in Cisco IOS passwords, leaked passwords on GitHub and from other sites, the debate around replacing passwords, massive DDoS attacks against Spamhaus and the increasing use of DNS amplification attacks. It also covers topics like open DNS resolvers, BIND vulnerabilities, ingress filtering, IPv6 security, and the increasing prevalence of IPv6.
The document discusses the introduction and basics of IPv6. It covers why IPv6 was developed due to the depletion of IPv4 addresses, the differences between IPv4 and IPv6 headers and addressing, and how to obtain and use IPv6 addresses. It also provides examples of IPv6 addresses and prefixes.
This document provides an overview and instructions for a series of exercises for an ethical hacking workshop. It outlines 25 different exercises that cover topics like installing Putty and WinSCP for secure connections, logging into Unix servers, using basic Unix commands, gaining root access on Unix, booting a Backtrack live CD, installing Wireshark, and sniffing network packets. For each exercise, it provides the objective, suggested approach, hints, a potential solution, and discussion points. The goal is to expose participants to practical security tools and scenarios to help them learn techniques used in ethical hacking.
Taking AI to the Next Level in Manufacturing.pdfssuserfac0301
Read Taking AI to the Next Level in Manufacturing to gain insights on AI adoption in the manufacturing industry, such as:
1. How quickly AI is being implemented in manufacturing.
2. Which barriers stand in the way of AI adoption.
3. How data quality and governance form the backbone of AI.
4. Organizational processes and structures that may inhibit effective AI adoption.
6. Ideas and approaches to help build your organization's AI strategy.
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
Building Production Ready Search Pipelines with Spark and MilvusZilliz
Spark is the widely used ETL tool for processing, indexing and ingesting data to serving stack for search. Milvus is the production-ready open-source vector database. In this talk we will show how to use Spark to process unstructured data to extract vector representations, and push the vectors to Milvus vector database for search serving.
Ivanti’s Patch Tuesday breakdown goes beyond patching your applications and brings you the intelligence and guidance needed to prioritize where to focus your attention first. Catch early analysis on our Ivanti blog, then join industry expert Chris Goettl for the Patch Tuesday Webinar Event. There we’ll do a deep dive into each of the bulletins and give guidance on the risks associated with the newly-identified vulnerabilities.
Cosa hanno in comune un mattoncino Lego e la backdoor XZ?Speck&Tech
ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune.
Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile.
BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).
Salesforce Integration for Bonterra Impact Management (fka Social Solutions A...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on integration of Salesforce with Bonterra Impact Management.
Interested in deploying an integration with Salesforce for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Project Management Semester Long Project - Acuityjpupo2018
Acuity is an innovative learning app designed to transform the way you engage with knowledge. Powered by AI technology, Acuity takes complex topics and distills them into concise, interactive summaries that are easy to read & understand. Whether you're exploring the depths of quantum mechanics or seeking insight into historical events, Acuity provides the key information you need without the burden of lengthy texts.
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
GraphRAG for Life Science to increase LLM accuracyTomaz Bratanic
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
OpenID AuthZEN Interop Read Out - AuthorizationDavid Brossard
During Identiverse 2024 and EIC 2024, members of the OpenID AuthZEN WG got together and demoed their authorization endpoints conforming to the AuthZEN API
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/
Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit.
In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing.
van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 6
Security Tools Foss
1. Velkommen til
Security Tools
in Software Development
FOSS Aalborg
Henrik Lund Kramshøj
hlk@security6.net
http://www.security6.net
Slides are available as PDF and are in Danish only, sorry
c copyright 2009 Security6.net, Henrik Lund Kramshøj 1
2. ˚
Formal
Class Name
Attribute
Java Note
Attribute
Subclass
C# C
Package
Ruby
Class Name Class Name qualifier
PHP
T
Class
Groovy Attribute
Component
Attribute
Operation
Python Operation
Lære om værktøjer der kan forbedre sikkerhed for produktionssystemer
c copyright 2009 Security6.net, Henrik Lund Kramshøj 2
3. Internet - Here be dragons
c copyright 2009 Security6.net, Henrik Lund Kramshøj 3
4. Matrix style hacking anno 2003
c copyright 2009 Security6.net, Henrik Lund Kramshøj 4
6. buffer overflows et C problem
˚
Et buffer overflow er det der sker nar man skriver flere data end der er afsat plads til
˚ ˚
i en buffer, et dataomrade. Typisk vil programmet ga ned, men i visse tilfælde kan en
angriber overskrive returadresser for funktionskald og overtage kontrollen.
Stack protection er et udtryk for de systemer der ved hjælp af operativsystemer, pro-
grambiblioteker og lign. beskytter stakken med returadresser og andre variable mod
overskrivning gennem buffer overflows. StackGuard og Propolice er nogle af de mest
kendte.
c copyright 2009 Security6.net, Henrik Lund Kramshøj 6
7. Buffer og stacks
Variables Stack
buf: buffer 3
Program
Function
1) Read data
2) Process data strcpy ()
3) Continue {
copy data
return
}
main(int argc, char **argv)
{ char buf[200];
strcpy(buf, argv[1]);
printf(quot;%snquot;,buf);
}
c copyright 2009 Security6.net, Henrik Lund Kramshøj 7
8. Overflow - segmentation fault
1000
Variables Stack
buf: buffer overflow /bin/sh .... 1000 1000 1000 1000
3
Program
Function
1) Read data
2) Process data strcpy ()
3) Continue {
copy data
return
}
Bad function overwrites return value!
Control return address
Run shellcode from buffer, or from other place
c copyright 2009 Security6.net, Henrik Lund Kramshøj 8
9. Exploits
$buffer = quot;quot;;
$null = quot;x00quot;;
$nop = quot;x90quot;;
$nopsize = 1;
$len = 201; // what is needed to overflow, maybe 201, maybe more!
$the_shell_pointer = 0xdeadbeef; // address where shellcode is
# Fill buffer
for ($i = 1; $i < $len;$i += $nopsize) {
$buffer .= $nop;
}
$address = pack(’l’, $the_shell_pointer);
$buffer .= $address;
exec quot;$programquot;, quot;$bufferquot;;
Demo exploit in Perl
c copyright 2009 Security6.net, Henrik Lund Kramshøj 9
10. Hvordan finder man buffer overflow, og andre fejl
Black box testing
Closed source reverse engineering
White box testing
Open source betyder man kan læse og analysere koden
Source code review - automatisk eller manuelt
Fejl kan findes ved at prøve sig frem - fuzzing
Exploits virker typisk mod specifikke versioner af software
c copyright 2009 Security6.net, Henrik Lund Kramshøj 10
11. Forudsætninger
Bemærk: alle angreb har forudsætninger for at virke
Et angreb mod Telnet virker kun hvis du bruger Telnet
Et angreb mod Apache HTTPD virker ikke mod Microsoft IIS
Kan du bryde kæden af forudsætninger har du vundet!
c copyright 2009 Security6.net, Henrik Lund Kramshøj 11
12. ˚
Eksempler pa forudsætninger
Computeren skal være tændt
˚
Funktionen der misbruges skal være slaet til
Executable stack
Executable heap
Fejl i programmet
alle programmer har fejl
c copyright 2009 Security6.net, Henrik Lund Kramshøj 12
13. Software udvikling er nemt
Software udvikling er nemt
Du skal blot skrive perfekt kode første gang :-)
Sikkerhed er svært
Det er svært at skrive perfekt kode, om ikke umuligt
˚
Sa nu vil vi snakke om værktøjer til at forbedre situationen
c copyright 2009 Security6.net, Henrik Lund Kramshøj 13
14. Part 1 Low hanging fruits - easy
Højere kvalitet er mere sikkert
c copyright 2009 Security6.net, Henrik Lund Kramshøj 14
15. Coding standards - style
This file specifies the preferred style for kernel source files in the OpenBSD
source tree. It is also a guide for preferred user land code style. These guidelines
should be followed for all new code. In general, code can be considered “new
code” when it makes up about 50more of the file(s) involved. ...
Use queue(3) macros rather than rolling your own lists, whenever possible. Thus,
the previous example would be better written:
#include <sys/queue.h>
struct foo {
LIST_ENTRY(foo) link; /* Queue macro glue for foo lists */
struct mumble amumble; /* Comment for mumble */
int bar;
};
LIST_HEAD(, foo) foohead; /* Head of global foo list */
OpenBSD style(9)
c copyright 2009 Security6.net, Henrik Lund Kramshøj 15
16. Coding standards functions
The following copies as many characters from input to buf as will fit and NUL
terminates the result. Because strncpy() does not guarantee to NUL terminate
the string itself, it must be done by hand.
char buf[BUFSIZ];
(void)strncpy(buf, input, sizeof(buf) - 1);
buf[sizeof(buf) - 1] = ’0’;
Note that strlcpy(3) is a better choice for this kind of operation. The equivalent
using strlcpy(3) is simply:
(void)strlcpy(buf, input, sizeof(buf));
OpenBSD strcpy(9)
c copyright 2009 Security6.net, Henrik Lund Kramshøj 16
17. Compiler warnings - gcc -Wall
$ gcc -o demo demo.c
demo.c: In function main:
demo.c:4: warning: incompatible implicit declaration of built-in
function strcpy
$ gcc -Wall -o demo demo.c
demo.c:2: warning: return type defaults to int
demo.c: In function main:
demo.c:4: warning: implicit declaration of function strcpy
demo.c:4: warning: incompatible implicit declaration of built-in
function strcpy
demo.c:5: warning: control reaches end of non-void function
Easy to do!
c copyright 2009 Security6.net, Henrik Lund Kramshøj 17
18. No warnings = no errors?
$ cat demo2.c
#include <strings.h>
int main(int argc, char **argv)
{
char buf[200];
strcpy(buf, argv[1]);
return 0;
}
$ gcc -Wall -o demo2 demo2.c
Der er stadig alvorlige fejl!
c copyright 2009 Security6.net, Henrik Lund Kramshøj 18
19. Version control
Versionsstyring og configuration management har mange fordele
˚
Hvem ændrede, hvornar og hvad
Hvorfor blev der foretaget en ændring
Med versionsstyring kan pre-commit hooks implementeres
c copyright 2009 Security6.net, Henrik Lund Kramshøj 19
21. Eksempel Enforcer
In a Java project I work on, we use log4j extensively. Use of
System.out.println() bypasses the control that we get from log4j,
so we would like to discourage the addition of println calls in
our code.
We want to deny any commits that add a println into the code.
The world being full of exceptions, we do need a way to allow
some uses of println, so we will allow it if the line of code
that calls println ends in a comment that says it is ok:
System.out.println(quot;No log4j herequot;); // (authorized)
http://svn.collab.net/repos/svn/trunk/contrib/hook-scripts/enforcer/enforcer
c copyright 2009 Security6.net, Henrik Lund Kramshøj 21
22. Eksempel verify-po.py
#!/usr/bin/env python
quot;quot;quot;This is a pre-commit hook that checks whether the contents
of PO files committed to the repository are encoded in UTF-8.
quot;quot;quot;
http://svn.collab.net/repos/svn/trunk/tools/hook-scripts/verify-po.py
c copyright 2009 Security6.net, Henrik Lund Kramshøj 22
23. Part 2 Design for security - more work
Sikkerhed er kun effektivt hvis det tænkes ind i design
c copyright 2009 Security6.net, Henrik Lund Kramshøj 23
24. Secure Coding begynder med design
Secure Coding: Principles and Practices af Mark G. Graff, Kenneth R.
Van Wyk 2003
Architecture/design while you are thinking about the application
Implementation while you are writing the application
Operations After the application is in production
Ca. 200 sider, men tætpakket med information.
c copyright 2009 Security6.net, Henrik Lund Kramshøj 24
25. Sins in Software Security
19 Deadly Sins of Software Security af Michael Howard, David
Leblanc, John Viega 2005
Obligatorisk læsning for alle udviklere
˚
Forfatterne har skrevet mange gode bøger bade før og efter
Denne bog er præcis og giver overblik
Ca. 270 sider, let at læse.
Buffer Overruns, Format String Problems, Integer Overflows, SQL Injection, Command
Injection, Failing to Handle Errors, Cross-Site Scripting, Failing to Protect Network Traf-
fic, Magic URLs Hidden Form Fields, Improper Use of SSL and TLS, Weak Password-
Based Systems, Failing to Store and Protect Data Securely, Information Leakage, Im-
proper File Access, Trusting Network Name Resolution, Race Conditions, Unauthenti-
cated Key Exchange, Cryptographically Strong Random Numbers, Poor Usability
c copyright 2009 Security6.net, Henrik Lund Kramshøj 25
26. Part 3 Testing - more work now, less work in the long run
Test1
Test2
Test3
Test4
Højere kvalitet er mere sikkert
c copyright 2009 Security6.net, Henrik Lund Kramshøj 26
27. Hvorfor teste
Finde fejl under udviklingen af software
Sikre at software overholder krav til kvalitet
Finde fejl senere!
˚
Undga at gamle fejl optræder igen!
Test ofte
c copyright 2009 Security6.net, Henrik Lund Kramshøj 27
28. Unit testing - laveste niveau
public class TestAdder {
public void testSum() {
Adder adder = new AdderImpl();
assert(adder.add(1, 1) == 2);
assert(adder.add(1, 2) == 3);
assert(adder.add(2, 2) == 4);
assert(adder.add(0, 0) == 0);
assert(adder.add(-1, -2) == -3);
assert(adder.add(-1, 1) == 0);
assert(adder.add(1234, 988) == 2222);
}
}
Kan bruges til at teste enkelte dele af en applikation
Eksempel fra http://en.wikipedia.org/wiki/Unit_testing
c copyright 2009 Security6.net, Henrik Lund Kramshøj 28
29. Hudson and friends
Continous building and testing
Finder løbende fejl - hurtig feedback
c copyright 2009 Security6.net, Henrik Lund Kramshøj 29
30. Part 4 Analysis
Brug al den hjælp du kan til at finde fejl
c copyright 2009 Security6.net, Henrik Lund Kramshøj 30
31. Typer af analyse
statisk analyse
finder fejl uden at køre programmet
typisk findes konstruktioner som indeholder fejl, brug af forkerte funktioner m.v.
dynamisk analyse
findes ved at køre programmet, typisk i et specielt miljø
c copyright 2009 Security6.net, Henrik Lund Kramshøj 31
33. A Fool with a Tool is still a Fool
1. Run tool
2. Fix problems
3. Rinse repeat
Fixing problems?
char tmp[256]; /* Flawfinder: ignore */
strcpy(tmp, pScreenSize); /* Flawfinder: ignore */
Eksempel fra http://www.dwheeler.com/flawfinder/
c copyright 2009 Security6.net, Henrik Lund Kramshøj 33
34. PMD static ruleset based Java source code analyzer
http://pmd.sourceforge.net/
Spøjs note: 2009-02-08 PMD 4.2.5: bug fixes, new rule, new Android ruleset
c copyright 2009 Security6.net, Henrik Lund Kramshøj 34
35. Hard to do - manual analysis
Hvorfor ikke bare programmere sikkert?
Der er mange ressourcer tilgængelige:
Websites: Secure Programming for Linux and Unix HOWTO
http://www.dwheeler.com/secure-programs/
Bøger: 19 Deadly Sins of Software Security: Programming Flaws and How to Fix Them
Michael Howard, David LeBlanc, John Viega + deres andre bøger
Det er for svært, tager for lang tid!
c copyright 2009 Security6.net, Henrik Lund Kramshøj 35
36. Feedback
Sørg for feedback i jeres processer
˚ ˚ ˚
Maske nar I kun til denne del, sa sørg for at erfaringer opsamles for hvert projekt
˚
Læs ressourcer og lav design sa det bliver nemmere at sikre
˚
Fa antagelser = færre fejl
c copyright 2009 Security6.net, Henrik Lund Kramshøj 36
37. Dynamic analysis
˚
compile time vs. at run time nogle fejl kan ikke findes pa compile-time
˚ ˚
Er du doven sa oversæt og kør programmet pa OpenBSD ;-)
c copyright 2009 Security6.net, Henrik Lund Kramshøj 37
38. Part 5 Break it
Use fuzzers, hackertools, improve security by breaking it
c copyright 2009 Security6.net, Henrik Lund Kramshøj 38
39. Simple fuzzer
$ for i in 10 20 30 40 50
>> do
>> ./demo ‘perl -e quot;print ’A’x$iquot;‘
>> done
AAAAAAAAAA
AAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Memory fault
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Memory fault
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
Memory fault
Memory fault/segmentation fault - juicy!
c copyright 2009 Security6.net, Henrik Lund Kramshøj 39
40. Fuzz Revisited
Fuzz Revisited: A Re-examination of the Reliability of UNIX Utilities and Services
We have tested the reliability of a large collection of basic UNIX utility programs,
X-Window applications and servers, and networkservices. We used a simple
testing method of subjecting these programs to a random inputstream.
...
The result of our testing is that we can crash (with coredump) or hang (infiniteloop)
over 40% (in the worst case) of the basic programs and over 25% of the X-Window
applications.
...
We also tested how utility programs checked their return codes from the memory
allocation library routines by simulating the unavailability of virtual memory. We
could crash almost half of the programs that we tested in this way.
october 1995
c copyright 2009 Security6.net, Henrik Lund Kramshøj 40
41. Fuzzers
cat /dev/random
˚
Et program der kan give forskelligt fejlbehæftet input som maske kan identificere fejl
Jeg anbefaler bogen Fuzzing: Brute Force Vulnerability Discovery Michael Sutton,
Adam Greene, Pedram Amini og tilhørende website
Se: http://www.fuzzing.org/fuzzing-software
c copyright 2009 Security6.net, Henrik Lund Kramshøj 41
42. Fri adgang til hackerværktøjer
I 1993 skrev Dan Farmer og Wietse Venema artiklen
Improving the Security of Your Site by Breaking Into it
I 1995 udgav de softwarepakken SATAN
Security Administrator Tool for Analyzing Networks
We realize that SATAN is a two-edged sword - like many
tools, it can be used for good and for evil purposes. We
also realize that intruders (including wannabees) have
much more capable (read intrusive) tools than offered
with SATAN.
˚
Traditionen med abenhed er ført videre helt til idag
Se http://sectools.org og http://www.packetstormsecurity.org/
c copyright 2009 Security6.net, Henrik Lund Kramshøj 42
43. Part 6 Enhance and secure runtime environment
˚
Sidste chance er pa afviklingstidspunktet
c copyright 2009 Security6.net, Henrik Lund Kramshøj 43
44. Chroot, Jails and
˚
Der findes mange typer jails pa Unix
Ideer fra Unix chroot som ikke er en egentlig sikkerhedsfeature
• Unix chroot - bruges stadig, ofte i daemoner som OpenSSH
• FreeBSD Jails
• SELinux
• ˚
Solaris Containers og Zones - jails pa steroider
• VMware virtuelle maskiner, er det et jail?
˚
Hertil kommer et antal andre mader at adskille processer - sandkasser
˚
Husk ogsa de simple, database som _postgresql, Tomcat som tomcat, Postfix
˚
postsystem som _postfix, SSHD som sshd osv. - simple brugere, fa rettigheder
c copyright 2009 Security6.net, Henrik Lund Kramshøj 44
45. Defense in depth - flere lag af sikkerhed
root
skift til root
kræver
gruppe wheel
sudo kræver
kodeord
SSHD
kræver nøgler
firewall tillader kun
SSH fra bestemte IP
Forsvar dig selv med flere lag af sikkerhed!
c copyright 2009 Security6.net, Henrik Lund Kramshøj 45
46. JVM security policies
Udviklet sammen med Java
Meget kendt
˚ ˚
Bade Silverlight og JavaFX laner fra denne type model
c copyright 2009 Security6.net, Henrik Lund Kramshøj 46
47. Apache 6.0.18 catalina.policy (uddrag)
// ========== WEB APPLICATION PERMISSIONS =====================================
// These permissions are granted by default to all web applications
// In addition, a web application will be given a read FilePermission
// and JndiPermission for all files and directories in its document root.
grant {
// Required for JNDI lookup of named JDBC DataSource’s and
// javamail named MimePart DataSource used to send mail
permission java.util.PropertyPermission quot;java.homequot;, quot;readquot;;
permission java.util.PropertyPermission quot;java.naming.*quot;, quot;readquot;;
permission java.util.PropertyPermission quot;javax.sql.*quot;, quot;readquot;;
...
};
// The permission granted to your JDBC driver
// grant codeBase quot;jar:file:$catalina.home/webapps/examples/WEB-INF/lib/driver.jar!/-quot; {
// permission java.net.SocketPermission quot;dbhost.mycompany.com:5432quot;, quot;connectquot;;
// };
Eksempel fra apache-tomcat-6.0.18/conf/catalina.policy
c copyright 2009 Security6.net, Henrik Lund Kramshøj 47
48. Apple sandbox named generic rules
;; named - sandbox profile
;; Copyright (c) 2006-2007 Apple Inc. All Rights reserved.
;;
;; WARNING: The sandbox rules in this file currently constitute
;; Apple System Private Interface and are subject to change at any time and
;; without notice. The contents of this file are also auto-generated and not
;; user editable; it may be overwritten at any time.
;;
(version 1)
(debug deny)
(import quot;bsd.sbquot;)
(deny default)
(allow process*)
(deny signal)
(allow sysctl-read)
(allow network*)
c copyright 2009 Security6.net, Henrik Lund Kramshøj 48
49. Apple sandbox named specific rules
;; Allow named-specific files
(allow file-write* file-read-data file-read-metadata
(regex quot;ˆ(/private)?/var/run/named.pid$quot;
quot;ˆ/Library/Logs/named.log$quot;))
(allow file-read-data file-read-metadata
(regex quot;ˆ(/private)?/etc/rndc.key$quot;
quot;ˆ(/private)?/etc/resolv.conf$quot;
quot;ˆ(/private)?/etc/named.conf$quot;
quot;ˆ(/private)?/var/named/quot;))
˚
Eksempel fra /usr/share/sandbox pa Mac OS X
c copyright 2009 Security6.net, Henrik Lund Kramshøj 49
50. Gode operativsystemer
Nyere versioner af Microsoft Windows, Mac OS X og Linux distributionerne inkluderer:
• Buffer overflow protection
• Stack protection, non-executable stack
• Heap protection, non-executable heap
• Randomization of parameters stack gap m.v.
˚
OpenBSD er nok naet længst og et godt eksempel
http://www.openbsd.org/papers/
NB: meget af dette kræver relativt ny CPU og Memory Management Unit
˚
NB: meget fa embedded systemer eller operativsystemer til samme har beskyttelse!
c copyright 2009 Security6.net, Henrik Lund Kramshøj 50
51. Informationssikkerhed
Husk følgende:
Sikkerhed kommer fra langsigtede intiativer
Hvad er informationssikkerhed?
˚
Data pa elektronisk form
˚
Data pa fysisk form
Social engineering - The Art of Deception: Controlling the Human Element of Security
af Kevin D. Mitnick, William L. Simon, Steve Wozniak
Informationssikkerhed er en proces
c copyright 2009 Security6.net, Henrik Lund Kramshøj 51
52. ˚
Spørgsmal?
Henrik Lund Kramshøj
hlk@security6.net
http://www.security6.net
˚˚
I er altid velkomne til at sende spørgsmal pa e-mail
c copyright 2009 Security6.net, Henrik Lund Kramshøj 52
53. FreeScan.dk - gratis portscanning
http://www.freescan.dk
c copyright 2009 Security6.net, Henrik Lund Kramshøj 53
54. Buffer overflows
Hvis man vil lære at lave buffer overflows og exploit programmer er følgende doku-
menter et godt sted at starte
Smashing The Stack For Fun And Profit Aleph One
Writing Buffer Overflow Exploits with Perl - anno 2000
Følgende bog kan ligeledes anbefales: The Shellcoder’s Handbook : Discovering
and Exploiting Security Holes af Chris Anley, John Heasman, Felix Lindner, Gerardo
Richarte 2nd Edition , John Wiley & Sons, august 2007
˚
NB: bogen er avanceret og saledes IKKE for begyndere!
c copyright 2009 Security6.net, Henrik Lund Kramshøj 54
55. milw0rm - dagens buffer overflow
http://milw0rm.com/
c copyright 2009 Security6.net, Henrik Lund Kramshøj 55
56. Metasploit
Trinity brugte et exploit program
Idag findes der samlinger af exploits som milw0rm
Udviklingsværktøjerne til exploits er idag meget raffinerede!
http://www.metasploit.com/
c copyright 2009 Security6.net, Henrik Lund Kramshøj 56
57. Reklamer: kursusafholdelse
Følgende kurser afholdes med mig som underviser
• IPv6 workshop - 1 dag
Introduktion til Internetprotokollerne og forberedelse til implementering i egne netværk.
• Wireless teknologier og sikkerhed workshop - 2 dage
˚ ˚
En dag med fokus pa netværksdesign og fornuftig implementation af tradløse netværk, samt inte-
gration med hjemmepc og wirksomhedsnetværk.
• Hacker workshop 2 dage
Workshop med detaljeret gennemgang af hackermetoderne angreb over netværk, exploitprogram-
mer, portscanning, Nessus m.fl.
• Forensics workshop 2 dage
˚ ˚
Med fokus pa tilgængelige open source værktøjer gennemgas metoder og praksis af undersøgelse
˚
af diskimages og spor pa computer systemer
• Moderne Firewalls og Internetsikkerhed 2 dage
˚ ˚
Informere om trusler og aktivitet pa Internet, samt give et bud pa hvorledes en avanceret moderne
firewall idag kunne konfigureres.
˚
Se mere pa http://www.security6.net/courses.html
c copyright 2009 Security6.net, Henrik Lund Kramshøj 57