BDD API Development with Symfony and Behat You may have built an API in Symfony before. You may have even written some browser tests in Beta. Did you ever consider using Behat to write integration tests for your API? If not, you definitely should. The portability and reusability of Behat steps make it the perfect platform for API integration tests. The Symfony kernel integration for Behat and absence of JavaScript in an API makes this match made in heaven. Pull up a cloud and let me show you the pure awesomeness that is BDD API Development with Symfony and Behat.
Symfony Live San Francisco 2017 - Symfony @ OpenSkyPablo Godel
OpenSky is one of the first large ecommerce platforms to use Symfony2. The whole marketplace has been running on Symfony for many years. Over this talk we will share:
how we use the framework and other PHP components
our deployment process
using Doctrine with MySQL and MongoDB
things we learned to avoid
running a large PHPUnit test suite
SymfonyCon Cluj 2017 - Symfony at OpenSkyPablo Godel
OpenSky is one of the first large ecommerce platforms to use Symfony2 and has been running on it for many years. On this talk we share how we use the framework and many tips about workflow, testing, deployment, Doctrine, migrations and much more.
Laravel is a great framework to use for web applications but what if you need to do more? What if you need to process data that would take longer than an HTTP request would allow?
Come learn how to harness the power of the console in your Laravel applications to do various tasks such as caching data from 3rd party APIs, expire old content from S3 or other data store, and batch process huge data sets without users having to wait for results. You can even automate tasks such as backing up your remote databases before you run migrations with artisan commands.
We'll cover creating basic artisan console commands, adding options and passing input, setting up cron jobs and scheduling our console commands to run at specific times, and how you can utilize 3rd party APIs to create fun automated message processing for social media networks.
A Quick Trip Down the Rabbit Hole - An Introduction into what the WP-REST-API is and what you can do with it. This is meant as an explanation for a site owner/project lead who wants to learn what this new technology means and for the developer who wants to understand where this will take the WordPress community over the next decade and beyond.
A short introduction to Elixir presented by Chi-chi Ekweozor at Manchester UK's MadLab on 20 February.
Learn how to use the ubiquitous pipeline operator |> to consume functions as data, pattern matching, modules, lists and other language constructs.
Laravel is a great framework to use for web applications but what if you need to do more? Come learn how to harness the power of the console in your Laravel applications to do various tasks such as caching data from 3rd party APIs, Expire old content from S3 or other data store, and batch process huge data sets without users having to wait for results. You can even automate tasks such as backing up your remote databases before you run migrations with artisan commands.
Symfony Live San Francisco 2017 - Symfony @ OpenSkyPablo Godel
OpenSky is one of the first large ecommerce platforms to use Symfony2. The whole marketplace has been running on Symfony for many years. Over this talk we will share:
how we use the framework and other PHP components
our deployment process
using Doctrine with MySQL and MongoDB
things we learned to avoid
running a large PHPUnit test suite
SymfonyCon Cluj 2017 - Symfony at OpenSkyPablo Godel
OpenSky is one of the first large ecommerce platforms to use Symfony2 and has been running on it for many years. On this talk we share how we use the framework and many tips about workflow, testing, deployment, Doctrine, migrations and much more.
Laravel is a great framework to use for web applications but what if you need to do more? What if you need to process data that would take longer than an HTTP request would allow?
Come learn how to harness the power of the console in your Laravel applications to do various tasks such as caching data from 3rd party APIs, expire old content from S3 or other data store, and batch process huge data sets without users having to wait for results. You can even automate tasks such as backing up your remote databases before you run migrations with artisan commands.
We'll cover creating basic artisan console commands, adding options and passing input, setting up cron jobs and scheduling our console commands to run at specific times, and how you can utilize 3rd party APIs to create fun automated message processing for social media networks.
A Quick Trip Down the Rabbit Hole - An Introduction into what the WP-REST-API is and what you can do with it. This is meant as an explanation for a site owner/project lead who wants to learn what this new technology means and for the developer who wants to understand where this will take the WordPress community over the next decade and beyond.
A short introduction to Elixir presented by Chi-chi Ekweozor at Manchester UK's MadLab on 20 February.
Learn how to use the ubiquitous pipeline operator |> to consume functions as data, pattern matching, modules, lists and other language constructs.
Laravel is a great framework to use for web applications but what if you need to do more? Come learn how to harness the power of the console in your Laravel applications to do various tasks such as caching data from 3rd party APIs, Expire old content from S3 or other data store, and batch process huge data sets without users having to wait for results. You can even automate tasks such as backing up your remote databases before you run migrations with artisan commands.
All the Laravel things: up and running to making $$Joe Ferguson
Laravel 5 has established itself as one of the best PHP rapid application development frameworks. Come learn about all the tools in the Laravel ecosystem designed to save you time and prevent you from writing the boring cruft you have to write for every application. We'll cover getting started with local development, building a basic application, and deploying to production. We'll review how Laravel easily handles vagrant, testing, oauth login services, billing and subscriptions services through Laravel Spark, and deploying your application with services such as Laravel Envoyer and Forge to manage your servers.
Grand Rapids PHP Meetup: Behavioral Driven Development with BehatRyan Weaver
Testing our applications is something we all do. Ahem, rather, it's something we all *wish* we did. In this chat, I'll introduce you to Behat (behat.org) (version 3!!!!): a behavior-driven-development (BDD) library that allows you to write functional tests against your application just by writing human-readable sentences/scenarios. To sweeten the deal these tests can be run in a real browser (via Selenium2) with just the flip of a switch. If you asked me to develop without Behat, I'd just retire. It's that sweet. By the end, you'll have everything you need to start functionally-testing with Behat in your new, or very old and ugly project.
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystemSidu Ponnappa
The Ruby ecosystem is pretty awesome when it comes to developing or
consuming HTTP APIs. On the publishing front, the Rails framework is
an attractive option because it supports publishing what are popularly
(but inaccurately) referred to as 'RESTful' APIs quickly and
effortlessly. On the consumer side, the Ruby ecosystem provides
several very fluent and powerful libraries that make it easy to
consume HTTP based APIs.
Since a significant proportion of projects today require that APIs be
both published and consumed, many of them wind up choosing Ruby as a
platform for the reasons mentioned above. This talk is targeted at
folks that are currently on such projects, or anticipate being on such
projects in the future.
We will cover:
Consuming HTTP APIs:
1) The basics of making HTTP calls with Ruby
2) The strengths and weaknesses of Ruby's Net::HTTP across 1.8, 1.9
and JRuby (possibly Rubinius if we have the time to do research)
3) Popular HTTP libraries that either make it easier to do HTTP by
providing better APIs, make it faster by using libCurl or both
4) Different approaches to deserializing popular encoding formats such
as XML and JSON and the pitfalls thereof
Producing HTTP APIs using Rails:
1) The basics of REST
2) What Rails gives you out of the box - content-type negotiation,
deserialization etc. and the limitations thereof
3) What Rails fails to give you out of the box - hypermedia controls etc.
4) What Rails does wrong - wrong PUT semantics, no support for PATCH,
error handling results in responses that violate the clients Accepts
header constraints etc.
4) How one can achieve Level 2 on the Richardson Maturity Model of
REST using Rails
5) Writing tests for all of this
At the end of this, our audience will understand how you can both
consume and produce HTTP APIs in the Ruby ecosystem. They will also
have a clear idea of what the limitations of such systems are and what
the can do to work around the limitations.
You might have read recently that composer made some changes to drastically improve performance of 'composer update' operations. Inspired by this I will give you further tips to make composer operations even faster.
I will also cover a few other composer power user tips to make you even more productive when using composer.
php[world] 2015 Training - Laravel from the Ground UpJoe Ferguson
Most of this training was code samples which are not included here.
Ready to jump into Laravel and start building applications and more? Ready to explore more than just Adventures in Laravel 5? Come learn the best practices for local development, building real world applications, and deploying your applications to production. Join us and learn how to leverage modern development practices so build powerful and robust applications. We will also cover how to test your application's functionality so you can be more confident in deployments and upgrades. Laravel 5.1 will be the framework's first "LTS" (Long term support) version so you can be certain there will be community and support for the life of your application.
My presentation from the PHP Matsuri 2011 conference. This presentation discusses the changes in CakePHP 2.0 and goes into more detail on some of the cooler features that PHP 5 allows us, and some of the internal restructuring.
One does not simply "Upgrade to Rails 3"testflyjets
A talk given at the February SD Ruby meeting in San Diego, covering the issues one might face when upgrading a Ruby on Rails application from version 2.3 to 3.2.
Covers items deprecated or eliminated between versions, testing strategies, pain points, gotchas and general suggestions for making the transition across major versions of the Rails framework.
For years, we at Countercept have seen adversaries across the threat pyramid make use of PowerShell tool-kits for lateral movement, data exfiltration and persistence over different environments. As defenders, we have done a pretty good job – PowerShell is a fading threat in time. Mimikatz execution through PowerShell? AMSI and PowerShell logging can handle that relatively well.
However, adversaries being adversaries don’t just give up. They have migrated tool-kits to areas where visibility is still limited – such as .NET. Favoured by adversaries due to its wide range of functionalities, ease of development, and default presence on modern Windows platforms, we have seen a significant increase in exploitation toolkits leveraging .NET to perform usual activities - but in an area where they are relatively hidden.
Be the first to get your hands on the new Ext JS 4. Ext JS 4 is a major advance in javascript frameworks providing significantly expanded and refactored functionality in practically every area of the product. We won't give away all the details just yet, come to the conference and find out!
Serverless technologies like AWS Lambda has drastically simplified the task of building reactive systems - drop a file into S3 and a Lambda function would be triggered to process it, push an event into a Kinesis stream and magically it'll be processed by a Lambda function in real-time, you can even use Lambda to automate the process of auditing and securing your AWS account by automatically reacting to rule violations to your security policy.
Join us in this talk to see some architectural design patterns that have emerged with AWS Lambda, and learn how to pick the right event source based on the tradeoffs you want. Amongst the many patterns we'll explore, here are a few to whet your appetite : pub-sub, cron, push-pull, saga and decoupled invocation.
Serverless Beyond Functions - CTO Club Made in JLMBoaz Ziniman
Serverless is changing the way businesses think about speed and cost of innovation but today, Serverless is not limited to the code running as a Lambda function.
In this session we will look into what it takes to run a full serverless application in production. We will cover additional services such as Serverless application management, storage solution for Serverless Apps, Step Functions for App orchestration and CI/CD and Monitoring for your full application lifecycle.
All the Laravel things: up and running to making $$Joe Ferguson
Laravel 5 has established itself as one of the best PHP rapid application development frameworks. Come learn about all the tools in the Laravel ecosystem designed to save you time and prevent you from writing the boring cruft you have to write for every application. We'll cover getting started with local development, building a basic application, and deploying to production. We'll review how Laravel easily handles vagrant, testing, oauth login services, billing and subscriptions services through Laravel Spark, and deploying your application with services such as Laravel Envoyer and Forge to manage your servers.
Grand Rapids PHP Meetup: Behavioral Driven Development with BehatRyan Weaver
Testing our applications is something we all do. Ahem, rather, it's something we all *wish* we did. In this chat, I'll introduce you to Behat (behat.org) (version 3!!!!): a behavior-driven-development (BDD) library that allows you to write functional tests against your application just by writing human-readable sentences/scenarios. To sweeten the deal these tests can be run in a real browser (via Selenium2) with just the flip of a switch. If you asked me to develop without Behat, I'd just retire. It's that sweet. By the end, you'll have everything you need to start functionally-testing with Behat in your new, or very old and ugly project.
I can haz HTTP - Consuming and producing HTTP APIs in the Ruby ecosystemSidu Ponnappa
The Ruby ecosystem is pretty awesome when it comes to developing or
consuming HTTP APIs. On the publishing front, the Rails framework is
an attractive option because it supports publishing what are popularly
(but inaccurately) referred to as 'RESTful' APIs quickly and
effortlessly. On the consumer side, the Ruby ecosystem provides
several very fluent and powerful libraries that make it easy to
consume HTTP based APIs.
Since a significant proportion of projects today require that APIs be
both published and consumed, many of them wind up choosing Ruby as a
platform for the reasons mentioned above. This talk is targeted at
folks that are currently on such projects, or anticipate being on such
projects in the future.
We will cover:
Consuming HTTP APIs:
1) The basics of making HTTP calls with Ruby
2) The strengths and weaknesses of Ruby's Net::HTTP across 1.8, 1.9
and JRuby (possibly Rubinius if we have the time to do research)
3) Popular HTTP libraries that either make it easier to do HTTP by
providing better APIs, make it faster by using libCurl or both
4) Different approaches to deserializing popular encoding formats such
as XML and JSON and the pitfalls thereof
Producing HTTP APIs using Rails:
1) The basics of REST
2) What Rails gives you out of the box - content-type negotiation,
deserialization etc. and the limitations thereof
3) What Rails fails to give you out of the box - hypermedia controls etc.
4) What Rails does wrong - wrong PUT semantics, no support for PATCH,
error handling results in responses that violate the clients Accepts
header constraints etc.
4) How one can achieve Level 2 on the Richardson Maturity Model of
REST using Rails
5) Writing tests for all of this
At the end of this, our audience will understand how you can both
consume and produce HTTP APIs in the Ruby ecosystem. They will also
have a clear idea of what the limitations of such systems are and what
the can do to work around the limitations.
You might have read recently that composer made some changes to drastically improve performance of 'composer update' operations. Inspired by this I will give you further tips to make composer operations even faster.
I will also cover a few other composer power user tips to make you even more productive when using composer.
php[world] 2015 Training - Laravel from the Ground UpJoe Ferguson
Most of this training was code samples which are not included here.
Ready to jump into Laravel and start building applications and more? Ready to explore more than just Adventures in Laravel 5? Come learn the best practices for local development, building real world applications, and deploying your applications to production. Join us and learn how to leverage modern development practices so build powerful and robust applications. We will also cover how to test your application's functionality so you can be more confident in deployments and upgrades. Laravel 5.1 will be the framework's first "LTS" (Long term support) version so you can be certain there will be community and support for the life of your application.
My presentation from the PHP Matsuri 2011 conference. This presentation discusses the changes in CakePHP 2.0 and goes into more detail on some of the cooler features that PHP 5 allows us, and some of the internal restructuring.
One does not simply "Upgrade to Rails 3"testflyjets
A talk given at the February SD Ruby meeting in San Diego, covering the issues one might face when upgrading a Ruby on Rails application from version 2.3 to 3.2.
Covers items deprecated or eliminated between versions, testing strategies, pain points, gotchas and general suggestions for making the transition across major versions of the Rails framework.
For years, we at Countercept have seen adversaries across the threat pyramid make use of PowerShell tool-kits for lateral movement, data exfiltration and persistence over different environments. As defenders, we have done a pretty good job – PowerShell is a fading threat in time. Mimikatz execution through PowerShell? AMSI and PowerShell logging can handle that relatively well.
However, adversaries being adversaries don’t just give up. They have migrated tool-kits to areas where visibility is still limited – such as .NET. Favoured by adversaries due to its wide range of functionalities, ease of development, and default presence on modern Windows platforms, we have seen a significant increase in exploitation toolkits leveraging .NET to perform usual activities - but in an area where they are relatively hidden.
Be the first to get your hands on the new Ext JS 4. Ext JS 4 is a major advance in javascript frameworks providing significantly expanded and refactored functionality in practically every area of the product. We won't give away all the details just yet, come to the conference and find out!
Serverless technologies like AWS Lambda has drastically simplified the task of building reactive systems - drop a file into S3 and a Lambda function would be triggered to process it, push an event into a Kinesis stream and magically it'll be processed by a Lambda function in real-time, you can even use Lambda to automate the process of auditing and securing your AWS account by automatically reacting to rule violations to your security policy.
Join us in this talk to see some architectural design patterns that have emerged with AWS Lambda, and learn how to pick the right event source based on the tradeoffs you want. Amongst the many patterns we'll explore, here are a few to whet your appetite : pub-sub, cron, push-pull, saga and decoupled invocation.
Serverless Beyond Functions - CTO Club Made in JLMBoaz Ziniman
Serverless is changing the way businesses think about speed and cost of innovation but today, Serverless is not limited to the code running as a Lambda function.
In this session we will look into what it takes to run a full serverless application in production. We will cover additional services such as Serverless application management, storage solution for Serverless Apps, Step Functions for App orchestration and CI/CD and Monitoring for your full application lifecycle.
Serverless technologies like AWS Lambda has drastically simplified the task of building reactive systems - drop a file into S3 and a Lambda function would be triggered to process it, push an event into a Kinesis stream and magically it'll be processed by a Lambda function in real-time, you can even use Lambda to automate the process of auditing and securing your AWS account by automatically reacting to rule violations to your security policy.
Join us in this talk to see some architectural design patterns that have emerged with AWS Lambda, and learn how to pick the right event source based on the tradeoffs you want. Amongst the many patterns we'll explore, here are a few to whet your appetite : pub-sub, cron, push-pull, saga and decoupled invocation.
Serveless design patterns (VoxxedDays Luxembourg)Yan Cui
Serverless technologies like AWS Lambda has drastically simplified the task of building reactive systems - drop a file into S3 and a Lambda function would be triggered to process it, push an event into a Kinesis stream and magically it'll be processed by a Lambda function in real-time, you can even use Lambda to automate the process of auditing and securing your AWS account by automatically reacting to rule violations to your security policy.
Join us in this talk to see some architectural design patterns that have emerged with AWS Lambda, and learn how to pick the right event source based on the tradeoffs you want. Amongst the many patterns we'll explore, here are a few to whet your appetite : pub-sub, cron, push-pull, saga and decoupled invocation.
Serverless technologies like AWS Lambda has drastically simplified the task of building reactive systems - drop a file into S3 and a Lambda function would be triggered to process it, push an event into a Kinesis stream and magically it'll be processed by a Lambda function in real-time, you can even use Lambda to automate the process of auditing and securing your AWS account by automatically reacting to rule violations to your security policy.
Join us in this talk to see some architectural design patterns that have emerged with AWS Lambda, and learn how to pick the right event source based on the tradeoffs you want. Amongst the many patterns we'll explore, here are a few to whet your appetite : pub-sub, cron, push-pull, saga and decoupled invocation.
Serveless Design Patterns (Serverless Computing London)Yan Cui
Serverless technologies like AWS Lambda has drastically simplified the task of building reactive systems - drop a file into S3 and a Lambda function would be triggered to process it, push an event into a Kinesis stream and magically it'll be processed by a Lambda function in real-time, you can even use Lambda to automate the process of auditing and securing your account by automatically reacting to rule violations to your security policy.
Join us in this talk to see some architectural design patterns that have emerged with Lambda, and how to pick the right event source based on the tradeoffs you want. Here are a few patterns that we'll cover in the talk: pub-sub, cron, push-pull, saga and decoupled invocation.
Integrating Ansible Tower with security orchestration and cloud managementJoel W. King
Ansible Durham Meetup, 13 July 2017.
Our guest speaker will be Joel W. King, Principal Architect at World Wide Technology. His focused is on enterprise Software-Defined Networking and network programmability.
He will talk about how Ansible Tower, through the northbound APIs, is integrated into the security orchestration platform Phantom Cyber, and using the same code base, extends infrastructure provisioning to Cisco CloudCenter (formerly CliQr), an application-centric public and private cloud management solution.
AWS IoT is a new managed service that enables Internet-connected things (sensors, actuators, devices, and applications) to easily and securely interact with each other and the cloud. In this session, we will discuss how constrained devices can leverage AWS IoT to send data to the cloud and receive commands back to the device from the cloud using protocol of their choice. We will discuss how devices can connect securely connect using MQTT, HTTP protocols and how can developers and businesses leverage several features of AWS IoT Rules Engine, Thing Shadow to build a real connected product. You don't want to miss this session if you are a maker or manufacturer of a connected device. We have a cool giveaway for you at the end of the session!
Serverless Design Patterns (London Dev Community)Yan Cui
Serverless technologies like AWS Lambda has drastically simplified the task of building reactive systems - drop a file into S3 and a Lambda function would be triggered to process it, push an event into a Kinesis stream and magically it'll be processed by a Lambda function in real-time, you can even use Lambda to automate the process of auditing and securing your AWS account by automatically reacting to rule violations to your security policy.
Join us in this talk to see some architectural design patterns that have emerged with AWS Lambda, and learn how to pick the right event source based on the tradeoffs you want. Amongst the many patterns we'll explore, here are a few to whet your appetite : pub-sub, cron, push-pull, saga and decoupled invocation.
The morning session, building out a facial recognition solution ultimately stored into a blockchain DB using the AWS platform.
Johannesburg Pop-up Loft Workshop 14 March 2019.
Building Voice Controls and Integrating with Automation Actions on an IoT Net...Intel® Software
Voice recognition is a natural method that people can use to interact with and automate smart devices. In this session, we build a microservice for automation of IoT using local fog computing resources and cloud-based serverless functions. We also create a voice-enabled chatbot that triggers automatic actions on an IoT network.
With third party clients connecting to your service you may find that the assumptions or opinions of a typical rails application are not robust enough. We'll run through some key considerations when building an API that will be consumed by a mobile app.
We built event-driven user interfaces for decades. What about bringing the same approach to mobile, web, and IoT backend applications? You have to understand how data flows and what is the propagation of changes, using reactive programming techniques. You can focus on the core functionalities to build and the relationships among the resources you use. Your application behaves similarly to a “spreadsheet”, where depending resources are updated automatically when something “happens”, and is decomposed into scalable microservices without having to manage the infrastructure. The resulting architecture is efficient and cost effective to run on AWS and managing availability, scalability and security becomes part of the implementation itself.
Building Scalable Services with Amazon API Gateway - Technical 201Amazon Web Services
The session introduces Amazon API Gateway and walks through common patterns and use-cases as implemented by API Gateway customers. The second part of the session is dedicated to diving deeper on the new features introduced in the API Gateway and how to make the most of them.
Speaker: Stefano Bulani, Sr Product Manager, Amazon Web Services
Featured Customer - Temando
Trusted by Default: The Forge Security & Privacy ModelAtlassian
Security and trust have become increasingly important requirements for our customers in Cloud. We’re working to make it easier for you to build and maintain secure apps for Atlassian products.
In this session, Engineering Team Lead Dugald Morrow and Principal Product Manager Joël Kalmanowicz will explain how security and trust have been baked into the Forge framework and the benefits the platform can offer you and your users. Learn how much less work it can be to build trusted apps customers will love on Forge by going deep on the safeguards we’re putting in place.
Developers or attendees with some software security experience will get the most out of this session.
Looking in from the outside, serverless seems so simple! And yet, many companies are struggling on their journey to serverless. In this talk, I highlight a number of mistakes companies are making when they adopt serverless.
In this session, learn how you evaluate, design, build, and manage distributed applications over hybrid infrastructures using Amazon Web Services. This session follows the evolution of a simple legacy data center expansion with
basic connectivity into managing complex hybrid applications. Along the way, we investigate best practice designs in use by AWS customers. Topics covered include: interconnectivity, availability, security, hybrid networks with Amazon VPC and AWS Direct Connect as well as automated provisioning with AWS CloudFormation, and configuration management with AWS OpsWorks.
Speakers:
Miha Kralj, AWS Solutions Architect
Amarpal S. Attwal, Senior Technical Lead, ICT Engineering, Just Eat
Koen van den Biggelaar, AWS Solutions Architect
Similar to Symfony Live San Franciso 2017 - BDD API Development with Symfony and Behat (20)
Gain a practical understanding of how to integrate AI capabilities into your PHP projects with examples from the leading sources of hosted AI: OpenAI and Hugging Face. Armed with this knowledge, you can unlock new possibilities for intelligent, dynamic, and user-centric PHP applications that leverage the power of Artificial Intelligence.
So, join us for this transformative journey as we bridge the gap between PHP and AI, opening the door to a world of smarter and more innovative web applications.
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
In this tutorial, you will learn how to write a secure API with future proof security utilizing JOSE. JOSE is a collection of complimentary standards: JWT, JWE, JWS, JWA, and JWK. JOSE is used by OAuth, OpenID, and others to secure communications between APIs and consumers. Now you can use it to secure your API.
Cryptography is the invisible layer protecting everything around us. As software engineers, we are required to have some understanding of cryptography. Most of us only have a cursory understanding. Let’s dive deep into algorithms and modes for encryption, digital signatures, hashing, and key derivation. To get the most from this presentation, it is expected that you have a basic understanding of cryptography.
Threat Modeling for Dummies - Cascadia PHP 2018Adam Englander
No developer wants to be responsible for a major data breach. Unfortunately, when it comes to application security, most developers have more questions than answers. How do I get started? Who should I be protecting against? How much security is enough? Is there a best practice to follow? In less than an hour, I will give you the tools you need to begin integrating threat modeling into your existing application lifecycle. Start building secure applications today.
Dutch PHP 2018 - Cryptography for BeginnersAdam Englander
Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography. This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.
php[tek] 2108 - Cryptography Advances in PHP 7.2Adam Englander
There were some pretty substantial cryptography advances in PHP 7.2. Most of these changes were made to make advanced cryptography easier to use. That’s a good thing for developers and end users alike. The addition of libsodium is a game changer. It makes synchronous and asynchronous cryptography a no-brainer and adds better hashing than we've ever had. Argon2i for passwords is pretty substantial as well. We’ll go over the changes and have some practical examples of each. Developers need to know about these advances and just how awesome they are.
php[tek] 2018 - Biometrics, fantastic failure point of the futureAdam Englander
This presentation attempts to prepare developers for the coming storm of biometric authentication. It is coming; for many, it is already here. Unfortunately, few of us have been prepared to select tools for utilizing biometric authentication properly. In this presentation, Adam Englander will express the special dangers of biometrics with regards to lifespan and storage. Due to the user's inability to change a biomteric, it is much more valuable to bad actors as the lifespan will undoubtedly exceed the lifespan of the cryptography. Any biometric database stolen today will likely be able to be cracked by the average computer in 20 years. This creates a unique problem many of us have not had to tackle before. We need a different mindset when thinking about biometrics. This presentation will try and give that much-needed perspective.
Biometric identification might be more secure than passwords, but it’s still vulnerable to hacking. Why not hold up a photograph of the phone owner to fool the new facial recognition system? In this presentation, Adam Englander will walk through the risks and dangers of leveraging biometrics for user authentication, and why we all should be thinking twice about it.
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
In this tutorial, you will learn how to write a secure API with future proof security utilizing JOSE. JOSE is a collection of complimentary standards: JWT, JWE, JWS, JWA, and JWK. JOSE is used by OAuth, OpenID, and others to secure communications between APIs and consumers. Now you can use it to secure your API.
With the dominance of Mobile Apps, Single Page Apps for the Web, and Micro-Services, we are all building more APIs than ever before. Like many other developers, I had struggled with finding the right mix of security and simplicity for securing APIs. Some standards from the IETF have made it possible to accomplish both. Let me show you how to utilize existing libraries to lock down you API without writing a ton of code.
Cryptography for Beginners - Midwest PHP 2018Adam Englander
Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography. This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.
Cryptography for Beginners - Sunshine PHP 2018Adam Englander
Cryptography is a complex and confusing subject. In this talk you will learn about the core components of cryptography used in software development: securing data with encryption, ensuring data integrity with hashes and digital signatures, and protecting passwords with key derivation functions. While learning how to use these components, you will also learn the best practices that drive strong cryptography . This talk won’t make you a cryptography expert but it will give you the knowledge necessary to use cryptography properly. No prior knowledge of cryptography is required for this presentation.
ConFoo Vancouver 2017 - Biometrics: Fantastic Failure Point of the FutureAdam Englander
Biometrics is all the rage. It has been touted as the best of all possible authentication methods. Very soon, your customers and standards boards will require you to implement some sort of biometric factor for authentication. Before you head down that road, you need to know the pitfalls to avoid before becoming the next big breach in the news. Learn a few tricks to help safely secure biometrics to protect your users.
Con Foo 2017 - Don't Loose Sleep - Secure Your RESTAdam Englander
Are you worried that your REST API may be the next victim of an attack by ruthless hackers? Don't fret. Utilizing the same standards implemented by OAuth 2.0 and OpenID Connect, you can secure your REST API. JSON Object Signing and Encryption (JOSE) is the core of a truly secure standards-based REST API. Let me show you how to ensure the data sent too and received from your API is as safe and secure as is reasonably possible.
Cryptography is a complex and confusing subject. In this session we'll distill PHP encryption down to its essential drivers. You'll learn what makes cryptography weak and strong. You'll learn the important questions to ask when making decisions regarding modules and libraries. This session won’t make you a cryptography expert but it will give you the knowledge necessary to protect your software from attack. No prior knowledge of cryptography is required for this session.
The Red Team, hackers, criminal organizations, and nation states, are a constant threat. The systems we build are the targets. We need to understand the human collateral that hangs in the balance. We embrace methodologies to write better code and make our lives better. They do nothing for the rest of humanity that is directly affected by security vulnerabilities we introduce. In this session we'll put a human face on the users of our software. It will challenge you to think in terms of flesh and blood rather than ones and zeros. We are all the Blue Team. We protect the rest of humanity. Join us in the fight. The Red Team is coming!
Asynchronous software development is rapidly moving from the niche to the mainstream. That mainstream now includes PHP. This workshop will give you hands on instruction in building an asynchronous application in PHP. We'll build a Twitter Bot utilizing the Amp concurrency framework for PHP and the Twitter Streaming API. During this time you'll learn the basics regarding the Amp event loop, generators and co-routines, and writing non-blocking code. Get ready for the future of PHP today.
Coder Cruise 2017 - The Red Team Is ComingAdam Englander
The Red Team, hackers, criminal organizations, and nation states, are a constant threat. The systems we build are the targets. We need to understand the human collateral that hangs in the balance. We embrace methodologies to write better code and make our lives better. They do nothing for the rest of humanity that is directly affected by security vulnerabilities we introduce. In this presentation, I will put a human face on the users of our software. I will challenge you to think in terms of flesh and blood rather than ones and zeros. We are all the Blue Team. We protect the rest of humanity. Join me in the fight. The Red Team is coming!
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
30. @adam_englander
You are dealing with this:
HTTP/1.1 200 OK
Date: Thu, 19 Oct 2017 06:28:02 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 1009
Server: GitHub.com
Status: 200 OK
Vary: Accept-Encoding
X-GitHub-Request-Id: CD6C:D7DE:E24F3B2:123F37BB:59E845F1
{
"login": "symfony",
"id": 143937,
"url": "https://api.github.com/orgs/symfony",
. . .
31. @adam_englander
Feature: All pages require login
As a user
In order to view the home page
I must login to the website
Scenario: Not logged in redirects to login page
When I go to the home page
Then I am redirected to the login page
Scenario: Logged sees page
Given I am logged in
When I go to the home page
Then I see hello Adam
Web
32. @adam_englander
Feature: All endpoints require OAuth token
As an API consumer
In order to access an endpoint
I must be authenticated
Scenario: Not logged in shows 401
When I access the status endpoint
Then the HTTPS Status is 401 Unauthorized
And the WWW-Authenticate header is Bearer
realm=“API Realm”
Scenario: Authorized returns endpoint response
Given a valid OAuth Token
When I access the status endpoint
Then the HTTP Status is 200 OK
Device to
Device
43. @adam_englander
Symfony Kernel Context
class SymfonyKernelFeatureContext
extends AbstractFeatureContext
implements KernelAwareContext
public function __construct() {
$this->psr7Factory = new DiactorosFactory();
}
public function setKernel(KernelInterface $kernel) {
$this->client = $kernel
->getContainer()->get(‘test.client');
}