Java is an object-oriented programming language created by James Gosling. It was originally called Oak but was later renamed to Java. The document discusses the different editions of Java including J2SE, J2EE, and J2ME. It also covers key Java technologies like applets, servlets, JSP, and Swing. The document provides an overview of Java features such as being platform independent, portable, multi-threaded, and having a Java Virtual Machine. It also discusses concepts like inheritance, interfaces, packages, exceptions, and input/output in Java.
This document discusses Android and iOS automation using Appium. It provides an overview of Appium, including that it is an open source test automation tool for mobile apps that supports automation of native, hybrid and mobile web apps. It also outlines the features of Appium, how to set up automation for Android and iOS apps, and demonstrates automating a mobile web app.
This document provides information for a bug bounty presentation. It introduces the speaker, Sagar Parmar, and his background in security. It then outlines topics to cover, including what a bug bounty is, how to get started as a new bug bounty hunter, tips for progressing, and example vulnerabilities to target like XSS, SQLi, SSRF, LFI, and RCE. Details are given on finding and reporting vulnerabilities with the goal of helping others learn and advance in bug bounty hunting.
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
Frans Rosén has reported hundreds of security issues using his big white hat since 2012. He have recieved the biggest bounty ever paid on HackerOne, and is one of the highest ranked bug bounty researchers of all time. He's been bug bounty hunting with an iPhone in Thailand, in a penthouse suite in Las Vegas and without even being present using automation. He'll share his stories about how to act when a company's CISO is screaming "SH******T F*CK" in a phone call 02:30 a Friday night, what to do when companies are sending him money without any reason and why Doctors without Borders are trying to hunt him down.
The document describes a methodology for discovering vulnerabilities in a fictional application with a microservices architecture. It involves mapping out all APIs, endpoints, subdomains and requests to extract a comprehensive list. Parameters are then fuzzed on all combinations to find unintended behaviors like old or unused endpoints exposing more data than intended, or endpoints making internal calls that can be exploited through server-side request forgery or path traversal. Examples are given of similar vulnerabilities discovered in real applications, such as an unused JSON API leaking private user data, path traversal through internal API calls, and account hijacking through improper protection of authentication keys.
Have ever heard that JavaScript is event-oriented? And that Node.js has a mainloop? Have you ever had issues with setTimeout, setInterval, setImmediate, nextTick order? This talk should help you with understanding deeply Node.js and Web event loop phases!
Java is an object-oriented programming language created by James Gosling. It was originally called Oak but was later renamed to Java. The document discusses the different editions of Java including J2SE, J2EE, and J2ME. It also covers key Java technologies like applets, servlets, JSP, and Swing. The document provides an overview of Java features such as being platform independent, portable, multi-threaded, and having a Java Virtual Machine. It also discusses concepts like inheritance, interfaces, packages, exceptions, and input/output in Java.
This document discusses Android and iOS automation using Appium. It provides an overview of Appium, including that it is an open source test automation tool for mobile apps that supports automation of native, hybrid and mobile web apps. It also outlines the features of Appium, how to set up automation for Android and iOS apps, and demonstrates automating a mobile web app.
This document provides information for a bug bounty presentation. It introduces the speaker, Sagar Parmar, and his background in security. It then outlines topics to cover, including what a bug bounty is, how to get started as a new bug bounty hunter, tips for progressing, and example vulnerabilities to target like XSS, SQLi, SSRF, LFI, and RCE. Details are given on finding and reporting vulnerabilities with the goal of helping others learn and advance in bug bounty hunting.
The Secret Life of a Bug Bounty Hunter – Frans Rosén @ Security Fest 2016Frans Rosén
Frans Rosén has reported hundreds of security issues using his big white hat since 2012. He have recieved the biggest bounty ever paid on HackerOne, and is one of the highest ranked bug bounty researchers of all time. He's been bug bounty hunting with an iPhone in Thailand, in a penthouse suite in Las Vegas and without even being present using automation. He'll share his stories about how to act when a company's CISO is screaming "SH******T F*CK" in a phone call 02:30 a Friday night, what to do when companies are sending him money without any reason and why Doctors without Borders are trying to hunt him down.
The document describes a methodology for discovering vulnerabilities in a fictional application with a microservices architecture. It involves mapping out all APIs, endpoints, subdomains and requests to extract a comprehensive list. Parameters are then fuzzed on all combinations to find unintended behaviors like old or unused endpoints exposing more data than intended, or endpoints making internal calls that can be exploited through server-side request forgery or path traversal. Examples are given of similar vulnerabilities discovered in real applications, such as an unused JSON API leaking private user data, path traversal through internal API calls, and account hijacking through improper protection of authentication keys.
Have ever heard that JavaScript is event-oriented? And that Node.js has a mainloop? Have you ever had issues with setTimeout, setInterval, setImmediate, nextTick order? This talk should help you with understanding deeply Node.js and Web event loop phases!
Spring Boot is a framework that makes it easy to create stand-alone, production-grade Spring based applications that you can "just run". It allows you to create stand-alone applications, embed Tomcat/Jetty directly with no need to deploy WAR files, and provides starter POMs to simplify configuration. Spring Boot applications are run by adding a spring-boot-gradle-plugin and can then be run as an executable JAR. Features include REST endpoints, security, external configuration, and production monitoring via Actuators.
In this core java training session, you will learn Collections – Lists, Sets. Topics covered in this session are:
• List – ArrayList, LinkedList
• Set – HashSet, LinkedHashSet, TreeSet
For more information about this course visit on this link: https://www.mindsmapped.com/courses/software-development/learn-java-fundamentals-hands-on-training-on-core-java-concepts/
This document provides examples of Java programming concepts and code snippets to demonstrate how to implement various Java features. It includes examples for Java basics like strings, arrays, files and directories as well as more advanced topics like collections, networking, threading and GUI programming. Each section breaks down a specific concept like string manipulation or environment settings into discrete code examples that show how to perform common tasks like comparing strings, setting the classpath, or splitting a string.
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...gmaran23
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech Talk - Dec 22 - 2015
Screen Recording: https://vimeo.com/gmaran23/AutomatingWebApplicationSecurityWithOWASPZAPDOTNETAPI
This document provides an introduction to JUnit and Mockito for testing Java code. It discusses how to set up JUnit tests with annotations like @Before, @After, and @Test. It also covers using JUnit assertions and test suites. For Mockito, the document discusses how to create and use mock objects to stub behavior and verify interactions. It provides examples of argument matchers and consecutive stubbing in Mockito.
This document discusses various types of API testing including functionality, usability, reliability, load, creativity, security, proficiency, and documentation testing. It provides two examples of API tests - one to test getting a list of countries and another to test getting details of a single country. Key aspects covered include generating test data, preparing variables, using prepared variables in tests, running test collections, and reviewing test results. The overall document provides guidance on developing comprehensive API tests.
Spring Boot allows creating standalone Spring applications with minimal configuration. It makes assumptions about dependencies and provides default configurations. It aims to provide a faster development experience for Spring. Some key Spring Boot components include auto-configuration, core functionality, CLI, actuator for monitoring, and starters for common dependencies. To use Spring Boot, create a project with the Spring Initializr, add code and configurations, then build a jar file that can be run standalone.
The document discusses automation testing for mobile apps using Appium. Appium allows for cross-platform mobile app testing by using the same tests across iOS and Android platforms. It functions by proxying commands to the devices to run tests using technologies like UIAutomation for iOS and UiAutomator for Android. While useful for local testing, Appium has limitations for scaling tests in continuous integration environments, where services like Sauce Labs are better suited.
This document contains an agenda and slides for a presentation on Spring Boot. The presentation introduces Spring Boot, which allows developers to rapidly build production-grade Spring applications with minimal configuration. It demonstrates how to quickly create a "Hello World" application using Spring Boot and discusses some of the features it provides out-of-the-box like embedded servers and externalized configuration. The presentation also shows how to add additional functionality like Thymeleaf templates and actuator endpoints to monitor and manage applications.
The document provides an overview of Mockito, a mocking framework for Java. It discusses the basics of stubbing and verifying mock method calls. It also covers additional Mockito features like argument matchers, verifying interaction counts, annotations, stubbing void methods, spying on real objects, integration with Spring, and the Mockito JUnit runner. Code examples are provided to demonstrate stubbing, verifying, argument matchers, stubbing void methods, spying, and integration with Spring.
The document discusses interfaces in Java. It defines an interface as a syntactically similar to a class but lacking instance variables and having methods declared without bodies. Interfaces are defined using the interface keyword. A class implements an interface by providing implementations for all the interface's methods. Variables can be declared with an interface type and refer to any class that implements the interface, allowing polymorphic calls through interfaces.
The document discusses an SSRF attack on Amazon EC2 Instance Metadata Service (IMDS) version 1. It describes how IMDSv1 could be accessed from outside the instance by exploiting vulnerabilities in a web application firewall (WAF). The attack allowed accessing credentials of an IAM role that had permissions to an S3 bucket storing personal information. To mitigate such risks, Amazon introduced IMDSv2, which the document then explains can still be bypassed using techniques like the Gopher protocol. It concludes by emphasizing the need for organizations to strengthen defenses against SSRF attacks.
Les slides de ma présentation à Devoxx France 2017.
Introduite en Java 8, l'API Collector vit dans l'ombre de l'API Stream, ce qui est logique puisqu'un collecteur doit se connecter à un stream pour fonctionner. Le JDK est organisé de sorte que l'on utilise surtout les collectors sur étagère : groupingBy, counting et quelques autres. Ces deux éléments masquent non seulement le modèle de traitement de données des collectors, mais aussi sa puissance et ses performances.
Ces présentation parle des collectors qui existent et qu'il faut connaître, ceux que l'on peut créer, ceux dont on se doute que l'on peut les créer une fois que l'on comprend un peu les choses, et les autres, tant les possibilités offertes par cette API sont illimitées.
The document discusses the Java Collections Framework, which includes interfaces like Collection, List, Set, and Map. It describes common implementations like ArrayList, LinkedList, HashSet, TreeSet, HashMap, and LinkedHashMap. It covers the core functionality provided by the interfaces and benefits of using the framework.
The document discusses JUnit 5, the next generation of the JUnit testing framework for Java. Key aspects include a new programming model using extensions, support for Java 8 features, and ways to migrate from earlier JUnit versions. The new framework consists of the JUnit Platform launcher, the JUnit Jupiter API for writing tests, and the JUnit Vintage engine for running JUnit 3 and 4 tests.
Bug bounty roadmap covers various techniques for finding vulnerabilities such as understanding the target application flow, using passive reconnaissance tools to discover assets, hacking with Burp Suite to find bugs like XSS and SQLi, and keeping up with new trends to improve bounty hunting. The presentation emphasizes thorough preparation and research to avoid duplicate reports and better understand the target before launching attacks. It also provides tips for writing high-quality bug reports to build good relationships with security teams.
# Alexa Video @ Youtube
https://www.youtube.com/watch?v=UOEIH2l9z7c
# Alexa Developer Console
https://developer.amazon.com/alexa
# Challenge
https://github.com/aws-ciel/alexa-challenge/blob/main/data.js
https://github.com/aws-ciel/alexa-challenge/blob/main/index.js
# Code in page 38
var rating = handlerInput.requestEnvelope.request.intent.slots.RatingSlot.value;
var speakOutput = '';
if(rating === 'the greatest movie'){
speakOutput = `The greatest movie is Inception.`;
}else if(rating === 'the worst movie'){
speakOutput = `The movie with the worst IMDb rating and number of IMDb votes of at least 50,000 is Reis at 1 out of 10.`;
}else{
speakOutput = `Sorry, I don't unserstand what you're asking.`;
}
return handlerInput.responseBuilder
.speak(speakOutput)
.reprompt(speakOutput)
.getResponse();
Spring Boot is a framework that makes it easy to create stand-alone, production-grade Spring based applications that you can "just run". It allows you to create stand-alone applications, embed Tomcat/Jetty directly with no need to deploy WAR files, and provides starter POMs to simplify configuration. Spring Boot applications are run by adding a spring-boot-gradle-plugin and can then be run as an executable JAR. Features include REST endpoints, security, external configuration, and production monitoring via Actuators.
In this core java training session, you will learn Collections – Lists, Sets. Topics covered in this session are:
• List – ArrayList, LinkedList
• Set – HashSet, LinkedHashSet, TreeSet
For more information about this course visit on this link: https://www.mindsmapped.com/courses/software-development/learn-java-fundamentals-hands-on-training-on-core-java-concepts/
This document provides examples of Java programming concepts and code snippets to demonstrate how to implement various Java features. It includes examples for Java basics like strings, arrays, files and directories as well as more advanced topics like collections, networking, threading and GUI programming. Each section breaks down a specific concept like string manipulation or environment settings into discrete code examples that show how to perform common tasks like comparing strings, setting the classpath, or splitting a string.
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech...gmaran23
Automating Web Application Security Testing With OWASP ZAP DOT NET API - Tech Talk - Dec 22 - 2015
Screen Recording: https://vimeo.com/gmaran23/AutomatingWebApplicationSecurityWithOWASPZAPDOTNETAPI
This document provides an introduction to JUnit and Mockito for testing Java code. It discusses how to set up JUnit tests with annotations like @Before, @After, and @Test. It also covers using JUnit assertions and test suites. For Mockito, the document discusses how to create and use mock objects to stub behavior and verify interactions. It provides examples of argument matchers and consecutive stubbing in Mockito.
This document discusses various types of API testing including functionality, usability, reliability, load, creativity, security, proficiency, and documentation testing. It provides two examples of API tests - one to test getting a list of countries and another to test getting details of a single country. Key aspects covered include generating test data, preparing variables, using prepared variables in tests, running test collections, and reviewing test results. The overall document provides guidance on developing comprehensive API tests.
Spring Boot allows creating standalone Spring applications with minimal configuration. It makes assumptions about dependencies and provides default configurations. It aims to provide a faster development experience for Spring. Some key Spring Boot components include auto-configuration, core functionality, CLI, actuator for monitoring, and starters for common dependencies. To use Spring Boot, create a project with the Spring Initializr, add code and configurations, then build a jar file that can be run standalone.
The document discusses automation testing for mobile apps using Appium. Appium allows for cross-platform mobile app testing by using the same tests across iOS and Android platforms. It functions by proxying commands to the devices to run tests using technologies like UIAutomation for iOS and UiAutomator for Android. While useful for local testing, Appium has limitations for scaling tests in continuous integration environments, where services like Sauce Labs are better suited.
This document contains an agenda and slides for a presentation on Spring Boot. The presentation introduces Spring Boot, which allows developers to rapidly build production-grade Spring applications with minimal configuration. It demonstrates how to quickly create a "Hello World" application using Spring Boot and discusses some of the features it provides out-of-the-box like embedded servers and externalized configuration. The presentation also shows how to add additional functionality like Thymeleaf templates and actuator endpoints to monitor and manage applications.
The document provides an overview of Mockito, a mocking framework for Java. It discusses the basics of stubbing and verifying mock method calls. It also covers additional Mockito features like argument matchers, verifying interaction counts, annotations, stubbing void methods, spying on real objects, integration with Spring, and the Mockito JUnit runner. Code examples are provided to demonstrate stubbing, verifying, argument matchers, stubbing void methods, spying, and integration with Spring.
The document discusses interfaces in Java. It defines an interface as a syntactically similar to a class but lacking instance variables and having methods declared without bodies. Interfaces are defined using the interface keyword. A class implements an interface by providing implementations for all the interface's methods. Variables can be declared with an interface type and refer to any class that implements the interface, allowing polymorphic calls through interfaces.
The document discusses an SSRF attack on Amazon EC2 Instance Metadata Service (IMDS) version 1. It describes how IMDSv1 could be accessed from outside the instance by exploiting vulnerabilities in a web application firewall (WAF). The attack allowed accessing credentials of an IAM role that had permissions to an S3 bucket storing personal information. To mitigate such risks, Amazon introduced IMDSv2, which the document then explains can still be bypassed using techniques like the Gopher protocol. It concludes by emphasizing the need for organizations to strengthen defenses against SSRF attacks.
Les slides de ma présentation à Devoxx France 2017.
Introduite en Java 8, l'API Collector vit dans l'ombre de l'API Stream, ce qui est logique puisqu'un collecteur doit se connecter à un stream pour fonctionner. Le JDK est organisé de sorte que l'on utilise surtout les collectors sur étagère : groupingBy, counting et quelques autres. Ces deux éléments masquent non seulement le modèle de traitement de données des collectors, mais aussi sa puissance et ses performances.
Ces présentation parle des collectors qui existent et qu'il faut connaître, ceux que l'on peut créer, ceux dont on se doute que l'on peut les créer une fois que l'on comprend un peu les choses, et les autres, tant les possibilités offertes par cette API sont illimitées.
The document discusses the Java Collections Framework, which includes interfaces like Collection, List, Set, and Map. It describes common implementations like ArrayList, LinkedList, HashSet, TreeSet, HashMap, and LinkedHashMap. It covers the core functionality provided by the interfaces and benefits of using the framework.
The document discusses JUnit 5, the next generation of the JUnit testing framework for Java. Key aspects include a new programming model using extensions, support for Java 8 features, and ways to migrate from earlier JUnit versions. The new framework consists of the JUnit Platform launcher, the JUnit Jupiter API for writing tests, and the JUnit Vintage engine for running JUnit 3 and 4 tests.
Bug bounty roadmap covers various techniques for finding vulnerabilities such as understanding the target application flow, using passive reconnaissance tools to discover assets, hacking with Burp Suite to find bugs like XSS and SQLi, and keeping up with new trends to improve bounty hunting. The presentation emphasizes thorough preparation and research to avoid duplicate reports and better understand the target before launching attacks. It also provides tips for writing high-quality bug reports to build good relationships with security teams.
# Alexa Video @ Youtube
https://www.youtube.com/watch?v=UOEIH2l9z7c
# Alexa Developer Console
https://developer.amazon.com/alexa
# Challenge
https://github.com/aws-ciel/alexa-challenge/blob/main/data.js
https://github.com/aws-ciel/alexa-challenge/blob/main/index.js
# Code in page 38
var rating = handlerInput.requestEnvelope.request.intent.slots.RatingSlot.value;
var speakOutput = '';
if(rating === 'the greatest movie'){
speakOutput = `The greatest movie is Inception.`;
}else if(rating === 'the worst movie'){
speakOutput = `The movie with the worst IMDb rating and number of IMDb votes of at least 50,000 is Reis at 1 out of 10.`;
}else{
speakOutput = `Sorry, I don't unserstand what you're asking.`;
}
return handlerInput.responseBuilder
.speak(speakOutput)
.reprompt(speakOutput)
.getResponse();
Swift Girls aims to give tools for girls and women to build their ideas.
https://www.facebook.com/groups/1260405513988915/?fref=ts
專為女生成立的討論社群
,不定期辦免費講座(基礎課程),以及一起來 free coding討論等聚會,希望不斷推廣而有更多女生一同透過交流學習,一起了解ios開發並能互相切磋,歡迎對Swift語言有興趣的一起加入!
發問解答工具
1. Github(程式碼儲存庫), stackOverFlow
2. google 大神
3. 社群發問
這次的範例
https://github.com/Avonee/swiftGirlsChatroom
14. 語意分析 (1)
Alexa, ask movie rating
who is the greatest movie of all time?
技能
意圖
語句
處理程序
15. 語意分析 (2)
n 技能 (Skill): 就像 App Store 或 Google Play 裡面的一個 APP 一樣
n 喚醒 (Invocation): 與您的技能關聯的關鍵詞
n 發出的命令 (Launch): open, tell, launch 或 ask.
n 意圖 (Intent): 哪些動作滿足使用者說出的請求
n 語句 (Utterance): 哪些語句表現出意圖
n 插槽 (Slot): 在意圖中的參數
n 處理程序 (Handler): 負責處理接收到的意圖
Alexa, ask movie rating who is the greatest movie of all time?
Wake word Launch
Invocation
Intent
Slot
16. 語意分析 (3)
Echo, tell plan my trip, I’d like to go to Japan.
Alexa, open plan my trip, I will go to Italy on September.
Wake word Launch Invocation Intent
Slot
Wake word Launch Invocation Intent
Slot Slot
Alexa, ask movie rating who is the greatest movie of all time?
Wake word Launch Intent
33. 建立自訂技能 (12)
1) 每次你修改了你的意圖時,你都必須要點選 Build Model 來更新它
2) 每次你修改了你的處理程序時,你都必須要點選 Deploy 來部署它
• 接下來讓我們測試一下我們自訂的技能吧!!
u 開啟測試功能
• 先輸入 movie rating
• 再輸入 who is the greatest movie
40. 挑戰: Plan The Trip (1)
1) 讓 Alexa 幫你找到適合你的度假地點吧
2) Alexa 藉由與你的一問一答,找到可能適合你的度假地點
3) 你只需要回答 Yes 或 No,結束後最高分的地點就是最適合你的地點
"Do you like hot spring?",
"Do you like museum?",
"Is air quality important to you?",
"Do you want to have street food?",
"Do you want to go to America?",
"Do you want to have Asian food?",
"Do you want to visit top university?",
"Do you wish to encounter movie stars?",
"Do you want to explore languages other than Chinese and English?"
"Budapest",
"Mexico City",
”Hokkaido",
"Taipei",
"Heidelberg",
"Los Angeles"
41. 挑戰: Plan The Trip (2)
"Do you like hot spring?"
"Do you like museum?"
"Is air quality important to you?"
"Do you want to have street food?"
"Do you want to go to America?"
"Do you want to have Asian food?"
"Do you want to visit top university?"
"Do you wish to encounter movie stars?"
"Do you want to explore languages other than Chinese and
English?"
"Budapest”
"Mexico City”
”Hokkaido”
"Taipei”
"Heidelberg”
"Los Angeles"
42. 挑戰: Plan The Trip (3-1)
問題
度假地點
問題與度假地點間的關聯性
https://github.com/aws-ciel/alexa-plan-a-trip/blob/main/lambda/data.js
43. 挑戰: Plan The Trip (3-2)
“ Do you like hot spring? “
Find the relationship between
question and resort
Yes
"Budapest", "Hokkaido", "Taipei"
score = {
"Budapest" = 1,
"Mexico City" = 0,
"Hokkaido" = 1,
"Taipei" = 1,
"Heidelberg" = 0,
"Los Angeles" = 0
}
Any
further
questions?
Find the highest score
No
Yes
44. 挑戰: Plan The Trip (4)
1) 點選 Create skill
2) 輸入 skill name 的地方輸入 plan the trip
3) 選擇 Custom model 和 Alexa-Hosted
4) 定義發出命令的關鍵字 (Launch keyword) 例 : summer trip
5) 建立一個名稱為 TripIntent 的意圖並且設置語句為 plan it 和 start planning
6) 建立一個預設意圖叫做 AMAZON.YesIntent 和 AMAZON.NoIntent。這兩個東西會
幫忙處理 Yes 和 No 的回答。
7) 將問題和度假地點匯入你的 skill project 中
45. 挑戰: Plan The Trip (5)
1) 當你說出關鍵字 (summer trip) 時表示你送出一個請求到 LaunchRequest,你將
會進入到 LaunchRequestHandler 這個處理程序。
2) 將問題和度假地點匯入到程式碼中:
u let data = require('./data’);
3) 定義問題的數量:
u const MAX_QUESTION_COUNT = data.questions.length;
46. 挑戰: Plan The Trip (6)
1) for loop
for (initialExpression; conditionExpression; incrementExpression) {
// code block to be executed;
}
2) Array
var myArray = [“A”, “B”, “C”, “D”]
for ( var i = 0; i < 10; i++) {
console.log( i );
}
for ( var i = 0; i < myArray.length; i++) {
console.log(myArray[i] );
}