This white paper discusses approaches to simplifying RESTful search. It examines using the HTTP GET method for search and representing search criteria in URLs either through query parameters or embedded URLs. It also describes two languages - Feed Item Query Language (FIQL) and Resource Query Language (RQL) - that can be used to model complex search filter criteria in URLs. The paper provides an example of how Apache CXF incorporates FIQL support to enable expressing search expressions in URIs.
JAX-RS. Developing RESTful APIs with JavaJerry Kurian
The presentation discusses the basic REST principles and how to define a RESTful API.
The presentation then looks at the various facilities provided by JAX-RS for developing REST API using Java.
All the supported annotations and its usage are discussed with example
This is a presentation which describe the big picture of the Rest API. In this presentation I simply describe the theories with practical examples. Hope this presentation will cover the overall Rest API domain.
Simple REST-API overview for developers. An newer version is here: https://www.slideshare.net/patricksavalle/super-simple-introduction-to-restapis-2nd-version-127968966
In the high complexity web environment we're living in today, technical SEO is becoming more important that ever before. This presentation will take you through the basic stuff regarding technical sites optimization.
You will understand how to optimize you page / site <head> section, how to do an On-Page optimization, get better understanding about how to deal with duplicate content and a short explanation regarding redirects.
Les Hazlewood, Stormpath co-founder and CTO and the Apache Shiro PMC Chair demonstrates how to design a beautiful REST + JSON API. Includes the principles of RESTful design, how REST differs from XML, tips for increasing adoption of your API, and security concerns.
Presentation video: https://www.youtube.com/watch?v=5WXYw4J4QOU
More info: http://www.stormpath.com/blog/designing-rest-json-apis
Further reading: http://www.stormpath.com/blog
Sign up for Stormpath: https://api.stormpath.com/register
Stormpath is a user management and authentication service for developers. By offloading user management and authentication to Stormpath, developers can bring applications to market faster, reduce development costs, and protect their users. Easy and secure, the flexible cloud service can manage millions of users with a scalable pricing model.
JAX-RS. Developing RESTful APIs with JavaJerry Kurian
The presentation discusses the basic REST principles and how to define a RESTful API.
The presentation then looks at the various facilities provided by JAX-RS for developing REST API using Java.
All the supported annotations and its usage are discussed with example
This is a presentation which describe the big picture of the Rest API. In this presentation I simply describe the theories with practical examples. Hope this presentation will cover the overall Rest API domain.
Simple REST-API overview for developers. An newer version is here: https://www.slideshare.net/patricksavalle/super-simple-introduction-to-restapis-2nd-version-127968966
In the high complexity web environment we're living in today, technical SEO is becoming more important that ever before. This presentation will take you through the basic stuff regarding technical sites optimization.
You will understand how to optimize you page / site <head> section, how to do an On-Page optimization, get better understanding about how to deal with duplicate content and a short explanation regarding redirects.
Les Hazlewood, Stormpath co-founder and CTO and the Apache Shiro PMC Chair demonstrates how to design a beautiful REST + JSON API. Includes the principles of RESTful design, how REST differs from XML, tips for increasing adoption of your API, and security concerns.
Presentation video: https://www.youtube.com/watch?v=5WXYw4J4QOU
More info: http://www.stormpath.com/blog/designing-rest-json-apis
Further reading: http://www.stormpath.com/blog
Sign up for Stormpath: https://api.stormpath.com/register
Stormpath is a user management and authentication service for developers. By offloading user management and authentication to Stormpath, developers can bring applications to market faster, reduce development costs, and protect their users. Easy and secure, the flexible cloud service can manage millions of users with a scalable pricing model.
Overview of REST web service concepts (Representational State Transfer).
REST is a radically different approach for web services compared to the combo SOAP/WSDL.
REST defines an architectural style for web applications and web services.
REST makes heavy use of the underlying HTTP protocol.
REST itself is not a protocol but defines architectural principles based on the concept of addressable resources and a uniform access to these resources based on the well-known HTTP-methods GET, POST, PUT and DELETE.
The state of a client (web service consumer) is controlled by the REST web service through connected links between resources (resource oriented architecture). The client state however is stored on the client itself thus greatly increasing scalability of REST-based architectures.
The REST paradigm has mostly superseded SOAP / WSDL type web services in many enterprise applications. This is largely owed to the fact that the underlying HTTP protocol is well understood and proved its scalability in the WWW.
The Internet is full of Web Services, everyday more and more. Some services offer API (application programming interface) that developers use to build new applications (mash-ups). One of the most known and used technology for the machine-to-machine communication is SOAP (Simple Object Access Protocol) but in the last years we can use another paradigm, ReST (Representational State Transfer). How does it work?
I needed to ramp-up my Dev team on RESTful systems. Existing content on this topic was either too terse or too verbose.
So I created this deck as a necessary and sufficient tutorial on REST. The goal was for my Devs to walk away with enough of an understanding to be (and want to be) dangerous.
So here it is...REST in 18 slides (ok, 21 slides if you include Cover, References, and Thank You). This is more text-heavy than I prefer, but I needed an excuse to try out SlideShare so I opted for a presentation format.
This presentation aimed to explain what is REST and why it is commonly misunderstood. It focuses on describing REST from scientific point of view, based on Roy`s Fielding dissertation.
This slide show is from my presentation on what JSON and REST are. It aims to provide a number of talking points by comparing apples and oranges (JSON vs. XML and REST vs. web services).
Overview of REST web service concepts (Representational State Transfer).
REST is a radically different approach for web services compared to the combo SOAP/WSDL.
REST defines an architectural style for web applications and web services.
REST makes heavy use of the underlying HTTP protocol.
REST itself is not a protocol but defines architectural principles based on the concept of addressable resources and a uniform access to these resources based on the well-known HTTP-methods GET, POST, PUT and DELETE.
The state of a client (web service consumer) is controlled by the REST web service through connected links between resources (resource oriented architecture). The client state however is stored on the client itself thus greatly increasing scalability of REST-based architectures.
The REST paradigm has mostly superseded SOAP / WSDL type web services in many enterprise applications. This is largely owed to the fact that the underlying HTTP protocol is well understood and proved its scalability in the WWW.
The Internet is full of Web Services, everyday more and more. Some services offer API (application programming interface) that developers use to build new applications (mash-ups). One of the most known and used technology for the machine-to-machine communication is SOAP (Simple Object Access Protocol) but in the last years we can use another paradigm, ReST (Representational State Transfer). How does it work?
I needed to ramp-up my Dev team on RESTful systems. Existing content on this topic was either too terse or too verbose.
So I created this deck as a necessary and sufficient tutorial on REST. The goal was for my Devs to walk away with enough of an understanding to be (and want to be) dangerous.
So here it is...REST in 18 slides (ok, 21 slides if you include Cover, References, and Thank You). This is more text-heavy than I prefer, but I needed an excuse to try out SlideShare so I opted for a presentation format.
This presentation aimed to explain what is REST and why it is commonly misunderstood. It focuses on describing REST from scientific point of view, based on Roy`s Fielding dissertation.
This slide show is from my presentation on what JSON and REST are. It aims to provide a number of talking points by comparing apples and oranges (JSON vs. XML and REST vs. web services).
A Benchmark Test on Presto, Spark Sql and Hive on TezGw Liu
Presto、Spark SQLとHive on Tezの性能に関して、数万件から数十億件までのデータ上に、常用クエリパターンの実行スピードなどを検証してみた。
We conducted a benchmark test on mainstream big data sql engines including Presto, Spark SQL, Hive on Tez.
We focused on the performance over medium data (from tens of GB to 1 TB) which is the major case used in most services.
Many of the API design opinions found on the web are academic discussions revolving around interpretations of uncertain standards as opposed to what makes sense in the real world. The aim of this presentation is to describe the best common practices for a practical API design for the web applications
Many of the API design opinions found on the web are academic discussions revolving around interpretations of uncertain standards as opposed to what makes sense in the real world. The aim of this presentation is to describe the best common practices for a practical API design for the web applications
Many of the API design opinions found on the web are academic discussions revolving around interpretations of uncertain standards as opposed to what makes sense in the real world. The aim of this presentation is to describe the best common practices for a practical API design for the web applications.
This presentation was provided by Ralph LeVan of OCLC, during the NISO event "Next Generation Discovery Tools: New Tools, Aging Standards," held March 27 - March 28, 2008.
Design and Implementation of SOA Enhanced Semantic Information Retrieval web ...iosrjce
IOSR Journal of Computer Engineering (IOSR-JCE) is a double blind peer reviewed International Journal that provides rapid publication (within a month) of articles in all areas of computer engineering and its applications. The journal welcomes publications of high quality papers on theoretical developments and practical applications in computer technology. Original research papers, state-of-the-art reviews, and high quality technical notes are invited for publications.
E-commerce Search Engine with Apache Lucene/SolrVincenzo D'Amore
An introduction to the Search World with a special eye to E-Commerce by passing Apache Lucene and Solr. Explaining how and why to use a search engine, explaining what are the differences between rdbms and full text search, between the common search and the search applied to the e-commerce world. Also explaining what are the salient differences between Lucene and Solr.
Modern REST API design principles and rules.pdfAparna Sharma
Typically, when updating or developing an API like Newsdata.io which is a news API for a service to provide news data with quick response time, there are lengthy discussions about the API’s structure, naming, and functions. Although, over time, certain rules have emerged that can be applied to the process and aid in reaching a common ground while developing.
Site search is one of the core functionality of any website. This talk provides an overview of internal workings of CQ5 search, its limitations for implementing site search functionality and discusses design patterns & challenges for integrating various 3rd party search providers with CQ5/AEM.
Talk about Salesforce REST API: how to perform query, search or single-record CRUD operations; how to retrieve versions, list of custom object and object metadata and field metadata and presentation of demo page performing these requests
Automation API testing becoming a crucial part of most of the project. This whitepaper provides an insight into how API automation with REST Assured is certainly the way forward in API testing.
International Journal of Computer Science, Engineering and Information Techno...ijcseit
Web Services are independent software systems which offer machine-to-machine interactions over the
Internet to achieve well-described operations. With the advent of Service-Oriented Architecture (SOA),
Web Services have gained tremendous popularity. As the number of Web Services is increased, finding the
best service according to users requirements becomes a challenge. The Semantic Web Service discovery is
the process of finding the most suitable service that satisfies the user request. A number of approaches to
Web Service discovery have been proposed. In this paper, we classify them and determine the advantages
and disadvantages of each group, to help researchers to implement a new or to select the most appropriate
existing approach for Semantic Web Service discovery. We, also, provide a taxonomy which categorizes
Web Service discovery systems from different points of view. There are three different views, namely,
architectural view, automation view and matchmaking view. We focus on the matchmaking view which is
further divided into semantic-based, syntax-based and context-aware. We explain each sub-group of it in
detail, and then subsequently compare the sub-groups in terms of their merits and drawbacks.
WEB SERVICE DISCOVERY METHODS AND TECHNIQUES: A REVIEWijcseit
Web Services are independent software systems which offer machine-to-machine interactions over the
Internet to achieve well-described operations. With the advent of Service-Oriented Architecture (SOA),
Web Services have gained tremendous popularity. As the number of Web Services is increased, finding the
best service according to users requirements becomes a challenge. The Semantic Web Service discovery is
the process of finding the most suitable service that satisfies the user request. A number of approaches to
Web Service discovery have been proposed. In this paper, we classify them and determine the advantages
and disadvantages of each group, to help researchers to implement a new or to select the most appropriate
existing approach for Semantic Web Service discovery. We, also, provide a taxonomy which categorizes
Web Service discovery systems from different points of view. There are three different views, namely,
architectural view, automation view and matchmaking view. We focus on the matchmaking view which is
further divided into semantic-based, syntax-based and context-aware. We explain each sub-group of it in
detail, and then subsequently compare the sub-groups in terms of their merits and drawbacks.
Web service discovery methods and techniques a reviewijcseit
Web Services are independent software systems which offer machine-to-machine interactions over the
Internet to achieve well-described operations. With the advent of Service-Oriented Architecture (SOA),
Web Services have gained tremendous popularity. As the number of Web Services is increased, finding the
best service according to users requirements becomes a challenge. The Semantic Web Service discovery is
the process of finding the most suitable service that satisfies the user request. A number of approaches to
Web Service discovery have been proposed. In this paper, we classify them and determine the advantages
and disadvantages of each group, to help researchers to implement a new or to select the most appropriate
existing approach for Semantic Web Service discovery. We, also, provide a taxonomy which categorizes
Web Service discovery systems from different points of view. There are three different views, namely,
architectural view, automation view and matchmaking view. We focus on the matchmaking view which is
further divided into semantic-based, syntax-based and context-aware. We explain each sub-group of it in
detail, and then subsequently compare the sub-groups in terms of their merits and drawbacks.
Similar to Simplifying RESTful Search- Impetus Webinar (20)
Future-Proof Your Streaming Analytics Architecture- StreamAnalytix WebinarImpetus Technologies
Future-Proof Your Streaming Analytics Architecture- StreamAnalytix Webinar
View the webcast on http://bit.ly/1HFD8YR
The speakers from Forrester and Impetus talk about the options and optimal architecture to incorporate real-time insights into your apps that provisions benefitting from future innovation also.
Impetus White Paper- Handling Data Corruption in ElasticsearchImpetus Technologies
This white paper focuses on handling data corruption in Elasticsearch. It describes how to recover data from corrupted indices of Elasticsearch and re-index that data in a new index. The paper also guides you about Lucene’s index terminology
Deep Learning: Evolution of ML from Statistical to Brain-like Computing- Data...Impetus Technologies
Presentation on 'Deep Learning: Evolution of ML from Statistical to Brain-like Computing'
Speaker- Dr. Vijay Srinivas Agneeswaran,Director, Big Data Labs, Impetus
The main objective of the presentation is to give an overview of our cutting edge work on realizing distributed deep learning networks over GraphLab. The objectives can be summarized as below:
- First-hand experience and insights into implementation of distributed deep learning networks.
- Thorough view of GraphLab (including descriptions of code) and the extensions required to implement these networks.
- Details of how the extensions were realized/implemented in GraphLab source – they have been submitted to the community for evaluation.
- Arrhythmia detection use case as an application of the large scale distributed deep learning network.
SPARK USE CASE- Distributed Reinforcement Learning for Electricity Market Bi...Impetus Technologies
SPARK SUMMIT SESSION -
A majority of the electricity in the U.S. is traded in independent system operator (ISO) based wholesale markets. ISO-based markets typically function in a two-step settlement process with day-ahead (DA) financial settlements followed by physical real-time (spot) market settlements for electricity. In this work, we focus on obtaining equilibrium bidding strategies for electricity generators in DA markets. Electricity prices in DA markets are determined by the ISO, which matches competing supply offers from power generators with demand bids from load serving entities. Since there are multiple generators competing with one another to supply power, this can be modeled as a competitive Markov decision problem, which we solve using a reinforcement learning approach. For power networks of realistic sizes, the state-action space could explode, making the RL procedure computationally intensive. This has motivated us to solve the above problem over Spark. The talk provides the following takeaways:
1. Modeling the day-ahead market as a Markov decision process
2. Code sketches to show the markov decision process solution over Spark and Mahout over Apache Tez
3. Performance results comparing Mahout over Apache Tez and Spark.
Real-time Streaming Analytics: Business Value, Use Cases and Architectural Co...Impetus Technologies
Impetus webcast ‘Real-time Streaming Analytics: Business Value, Use Cases and Architectural Considerations’ available at http://bit.ly/1i6OrwR
The webinar talks about-
• How business value is preserved and enhanced using Real-time Streaming Analytics with numerous use-cases in different industry verticals
• Technical considerations for IT leaders and implementation teams looking to integrate Real-time Streaming Analytics into enterprise architecture roadmap
• Recommendations for making Real-time Streaming Analytics – real – in your enterprise
• Impetus StreamAnalytix – an enterprise ready platform for Real-time Streaming Analytics
Leveraging NoSQL Database Technology to Implement Real-time Data Architecture...Impetus Technologies
Impetus webcast "Leveraging NoSQL Database Technology to Implement Real-time Data Architectures” available at http://bit.ly/1g6Eaj4
This webcast:
• Presents trade-offs of using different approaches to achieve a real-time architecture
• Closely examines an implementation of a NoSQL based real-time architecture
• Shares specific capabilities offered by NoSQL Databases that enable cost and reliability advantages over other techniques
Maturity of Mobile Test Automation: Approaches and Future Trends- Impetus Web...Impetus Technologies
Impetus webcast " Maturity of Mobile Test Automation: Approaches and Future Trends " available at http://lf1.me/Pxb/
This Impetus webcast talks about:
• Mobile test automation challenges
• Evolution of test automation challenges from Unit tests to image based and object comparison methods
• What next?
• Impetus solution approach for comprehensive mobile testing automation
The Shared Elephant - Hadoop as a Shared Service for Multiple Departments – I...Impetus Technologies
For Impetus’ White Papers archive, visit- http://lf1.me/drb/
This white paper talks about the design considerations for enterprises to run Hadoop as a shared service for multiple departments.
As Hadoop becomes more mainstream and indispensable to enterprises, it is imperative that they build, operate and scale shared Hadoop clusters. The design considerations discussed in this paper will help enterprises accomplish the essential mission of running multi-tenant, multi-use Hadoop clusters at scale.
The white paper talks about Identity, Security, Resource Sharing, Monitoring and Operations on the Central Service.
For Impetus’ White Papers archive, visit- http://lf1.me/drb/
Performance Testing of Big Data Applications - Impetus WebcastImpetus Technologies
Impetus webcast "Performance Testing of Big Data Applications" available at http://lf1.me/cqb/
This Impetus webcast talks about:
• A solution approach to measure performance and throughput of Big Data applications
• Insights into areas to focus for increasing the effectiveness of Big Data performance testing
• Tools available to address Big Data specific performance related challenges
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...
Simplifying RESTful Search- Impetus Webinar
1. WHITE PAPER
Simplifying RESTful Search
Abstract
This white paper talks about how search over REST can
be simplified. We are not aiming at developing
standards for RESTful search, but will be discussing
how this problem can be approached.
Impetus Technologies Inc.
www.impetus.com
January 2012
2. Simplifying RESTful Search
Table of Contents
Introduction ........................................................................................................... 2
Search Requirements ............................................................................................. 3
HTTP Method Selection ......................................................................................... 4
URL Representation ............................................................................................... 4
Query Criteria vs. Embedded Criteria ................................................................ 4
Modeling Filter Criteria ...................................................................................... 5
Feed Item Query Language (FIQL) ..................................................................... 5
Resource Query Language (RQL) ....................................................................... 5
Case study: Apache CXF advance search features ................................................. 6
Summary ................................................................................................................ 7
Introduction
The REST architectural pattern is based around two basic principles:
1. Resources as URLs: A resource is something like an entity or a noun in
modeling language. Anything on the web is identified as a resource and
each unique resource is identified by a unique URL.
2. Operations as HTTP methods: REST leverages existing HTTP methods,
particularly GET, PUT, POST, and DELETE which map to a resource’s
read, create, modify and removal operations, respectively.
Any action performed by a client over HTTP, contains a URL and an HTTP
method. The URL represents the resource and the HTTP method represents the
action which needs to be performed over the resource.
Being a broad architectural style, REST always has different interpretations. The
ambiguity is exacerbated by the fact that there are not nearly enough HTTP
methods to support common operations. One of the most common examples is
the lack of a ‘search’ method. While search is one of the most extensively used
features across different applications, there have been no standards for
implementing this feature. Due to this, people tend to design search in different
ways. Given that REST aims to unify service architecture, any ambiguity must be
seen as weakening the argument for REST.
2
3. Simplifying RESTful Search
Search Requirements
Search is the most used feature across different web applications, and supports
almost similar features around different applications. Listed below are some of
the common constituents of search features:
• Search based on one or more criteria at a time
- Search red colored cars of type hatchback
color=red && type=hatchback
• Relational and conditional operator support
- Search red or black car with mileage greater than 10
Colour=red|black&& mileage > 10
• Wild card search
- Search car manufactured from company name starting with M
company=M*
• Pagination
- List all cars but fetch 100 results at a time
upperLimit=200 &&lowerLimit=101
• Range searches
- Get me all the cars launched between 2000 and 2010
launch year between (2000, 2010)
When we support search with such features, the search interface design itself
becomes complex. And when implemented in a REST framework, meeting all
these requirements (whilestill conforming to REST!) is challenging.
Coming back to the basic REST principles, there are two questions that need to
be answered:
1. Which HTTP method should be used for ‘search’?
2. How can an effective resource URL be created for search?
a. Query parameters versus Embedded URLs
b. Modeling filter criteria
3
4. Simplifying RESTful Search
HTTP Method Selection
Effectively, REST categorizes operations by their nature and associates well-
defined semantics with these categories. The idempotent operations are GET,
PUT, and DELETE (GET for read-only, PUT for update, DELETE for remove),
while the POST method is used for non-idempotent procedures like create.
By definition itself, search is a read only operation, which is used to request for
a collection of resources, filtered and based on some criteria. Therefore, the
GET HTTP method for the search feature is an obvious choice. However, with
GET, there is a constraint with respect to URL size if complex criteria are added
in the URL.
URL Representation
Query Criteria vs. Embedded Criteria
It is important to discuss this using an example. Say a user wishes to search for
four-doored sedan cars of blue color? What will the resource URL for this
request look like? Indicated below are two URLs that are syntactically different
but semantically the same:
• /cars/?color=blue&type=sedan&doors=4
• /cars/color:blue/type:sedan/doors:4
Both of the above URLs conform to the RESTful way of representing a resource
query, but are represented differently. While the first one uses the URL query
criteria to add filtering details, the latter follows an embedded URL approach.
The embedded URL approach is more readable and can take advantage of the
native caching mechanisms that exist on the web server for HTTP traffic.
However, this approach limits the user to provide parameters in a specific order.
Wrong parameter positions will cause an error or unwanted behavior. The two
instructions stated below look the same, but may not give the correct results
• /cars/color:red/type:sedan
• /cars/type:sedan/color:red
Also, since there is no standardization for embedding criteria, people can device
their own ways of representation.
It is imperative therefore, to consider the query criteria approach over the
embedded URL approach, though the representation is a bit complex and lacks
readability.
4
5. Simplifying RESTful Search
Modeling Filter Criteria
A search-results page is fundamentally RESTful even though its URL identifies a
query. The URL can incorporate SQL-like elements. While SQL is meant to filter
data fetched from the relational data, the new modeling language can filter data
from the hierarchical set of resources. This language can help in devising a
mechanism to communicate complex search requirements over URLs. In this
section, two such styles are discussed in detail.
Feed Item Query Language (FIQL)
The Feed Item Query Language (FIQL, pronounced ‘fickle’) is a simple but
flexible, URI-friendly syntax for expressing filters across the entries in a
syndicated feed. These filter expressions can be mapped at any RESTful service
and help in modeling complex filters. Provided below are some samples of such
web URLs against their respective SQLs.
SQL REST Search URLs
select * from actors where /actors?_s=firstname==PENELOPE;lastname
firstname=’PENELOPE’ and ==GUINESS
lastname=’GUINESS’
select * from actors where lastname /actors?_s=lastname==PEN*
like ‘PEN%’
select * from films where filmid=1 /films?_s=filmid==1;rentalduration!=0
and rentalduration<> 0
select * from films where filmid>= /films?_s=filmid=ge=995
995
select * from films where release /film?_s=releasedate=le=2005-05-
date < ‘27/05/2005’ 27T00:00:00.000%2B00:00
Resource Query Language (RQL)
Resource Query Language (RQL) defines a syntactically simple query language
for querying and retrieving resources. RQL is designed to be URI-friendly,
particularly as a query component of a URI, and highly extensible. RQL is a
superset of HTML’s URL encoding of form values, and a superset of Feed Item
Query Language (FIQL). RQL basically consists of a set of nestable named
operators which each have a set of arguments and operate on a collection of
resources.
5
6. Simplifying RESTful Search
Case study: Apache CXF advance search features
To support advance search capabilities, Apache CXF introduced FIQL support
with its JAX-RS implementation since the 2.3.0 release. With this feature, users
can now express complex search expressions using URI. Provided below is a
detailed note on how this feature can be used.
To work with FIQL queries, a SearchContext needs be injected into an
application code and used to retrieve a SearchCondition representing the
current FIQL query. This SearchCondition can be used in a number of ways
for finding the matching data.
@Path("books")
public class Books {
private Map<Long, Book> books;
@Context
private SearchContext context;
@GET
public List<Book>getBook() {
SearchCondition<Book>sc = searchContext.getCondition(Book.class);
//SearchConditionismet method can also be used to build a list of
matching beans
// iterate over all the values in the books map and return a collection
of matching beans
List<Book> found = sc.findAll(books.values());
return found;
}
}
The SearchCondition can also be used to get to all the search
requirements (originally expressed in FIQL) and do some manual comparisons
against the local data. SearchCondition for instance, provides a utility to
the SQL(String tableName, String... columnNames) method which internally
introspects all the search expressions constituting a current query and converts
them into an SQL expression:
// find all conditions with names starting from 'ami'
// and levels greater than 10 :
// ?_s="name==ami*;level=gt=10"
SearchCondition<Book>sc = searchContext.getCondition(Book.class);
assertEquals("SELECT * FROM table
WHERE
name LIKE 'ami%'
AND
level > '10'",
sq.toSQL("table"));
6
7. Simplifying RESTful Search
Summary
Data querying is a critical component of most applications. With the advance of
rich, client-driven Ajax applications and document oriented databases, new
querying techniques are needed; these techniques must be simple but
extensible, designed to work within URIs and query for collections of resources.
The NoSQL movement is opening the way for a more modular approach to
databases, and separating out modeling, validation, and querying concerns from
storage concerns. What is needed however, are new querying approaches to
match more modern architectural design.
About Impetus
Impetus Technologies offers Product Engineering and Technology R&D services for software product development.
With ongoing investments in research and application of emerging technology areas, innovative business models, and
an agile approach, we partner with our client base comprising large scale ISVs and technology innovators to deliver
cutting-edge software products. Our expertise spans the domains of Big Data, SaaS, Cloud Computing, Mobility
Solutions, Test Engineering, Performance Engineering, and Social Media among others.
Impetus Technologies, Inc.
5300 Stevens Creek Boulevard, Suite 450, San Jose, CA 95129, USA
Tel: 408.252.7111 | Email: inquiry@impetus.com
Regional Development Centers - INDIA: • New Delhi • Bangalore • Indore • Hyderabad
To know more visit: www.impetus.com
Disclaimers
The information contained in this document is the proprietary and exclusive property of Impetus Technologies Inc. except as otherwise indicated. No part of
this document, in whole or in part, may be reproduced, stored, transmitted, or used for design purposes without the prior written permission of Impetus
Technologies Inc.
7