This document discusses taint-based dynamic analysis and leak detection. It provides an overview of how taint analysis works by assigning taint marks to tracked values, propagating those marks as values are operated on, and checking the taint marks to detect issues. It then discusses applications of taint analysis like attack prevention, information flow monitoring, testing, and detecting memory errors and leaks. Finally, it dives deeper into how leak detection specifically tracks pointers to allocated memory and reports errors if a pointer's taint mark reaches zero but the memory has not been freed.
Самые вкусные баги из игрового кода: как ошибаются наши коллеги-программисты ...DevGAMM Conference
Один из лучших способов снизить количество багов в играх – это показывать программистам, как не стоит писать код. В своём докладе я соберу самые вкусные и необычные ошибки, которые удалось найти в C++ и C# коде таких игр, как VVVVVV, Space Engineers, Command & Conquer, osu! и даже Doom. Я уверен, что каждый из слушателей обязательно узнает для себя что-то новое. В конце концов, это просто приятно – лично увидеть ошибки из кода знакомой и любимой игры!
Как работает LLVM бэкенд в C#. Егор Богатов ➠ CoreHard Autumn 2019corehard_by
LLVM содержит огромное количество оптимизаций и подходит в качестве бэкенда для многих языков программирования. Но все немного усложняется для Managed языков и JIT сценариев. В этом докладе Егор расскажет о трудностях, с которыми столкнулись в C# при реализации LLVM бэкенда.
Our new blog post featuring some common python programming patterns and their C++ equivalents is now up!
Leave us a comment below and let us know what you'd like to see covered in our future posts!
█ Read More
Technical Insights: Introduction to GraphQL|goo.gl/d7PyXH
Самые вкусные баги из игрового кода: как ошибаются наши коллеги-программисты ...DevGAMM Conference
Один из лучших способов снизить количество багов в играх – это показывать программистам, как не стоит писать код. В своём докладе я соберу самые вкусные и необычные ошибки, которые удалось найти в C++ и C# коде таких игр, как VVVVVV, Space Engineers, Command & Conquer, osu! и даже Doom. Я уверен, что каждый из слушателей обязательно узнает для себя что-то новое. В конце концов, это просто приятно – лично увидеть ошибки из кода знакомой и любимой игры!
Как работает LLVM бэкенд в C#. Егор Богатов ➠ CoreHard Autumn 2019corehard_by
LLVM содержит огромное количество оптимизаций и подходит в качестве бэкенда для многих языков программирования. Но все немного усложняется для Managed языков и JIT сценариев. В этом докладе Егор расскажет о трудностях, с которыми столкнулись в C# при реализации LLVM бэкенда.
Our new blog post featuring some common python programming patterns and their C++ equivalents is now up!
Leave us a comment below and let us know what you'd like to see covered in our future posts!
█ Read More
Technical Insights: Introduction to GraphQL|goo.gl/d7PyXH
What attracts researchers starting from the 60s till nowadays? What is studied in university by engineers in computer science and then successfully forgotten? What is at the heart of the compilers used daily by any software developer? Parsers! From a practical point of view using a small pill of theory, this session will bring lights on questions like: if there is so many parser-generators based on formal theory, then why javac, GCC and Clang are all hand-written? And how we, insiders of the world of parsing, do this at SonarSource for languages like Java, C/C++, C#, JavaScript, Python, COBOL?
Elixir è un nuovo linguaggio di programmazione che offre la gioia e la produttività di Ruby fondendola con la solidità e le performance di Erlang. In questo talk introdurrò velocemente il linguaggio di programmazione per concentrarmi sugli aspetti che fanno di Elixir un eccellente linguaggio per la creazione di sistemi concorrenti e distribuiti. Non perdete l'occasione di esplorare un linguaggio di programmazione che sarà protagonista nei prossimi anni. Attenzione! Questo talk potrebbe seriamente danneggiare il rapporto fra voi e il vostro linguaggio di programmazione preferito :-)
Presented at DevWeek (25th March 2015)
These days, testing is considered a sexy topic for programmers. Who’d have thought it? But what makes for good unit tests (GUTs)? There’s more to effective unit testing than just knowing the assertion syntax of a testing framework.
Testing represents a form of communication and, as such, it offers multiple levels and forms of feedback, not just basic defect detection. Effective unit testing requires an understanding of what forms of feedback and communication are offered by tests, and what styles encourage or discourage such qualities.
What style of test partitioning is most common, and yet scales poorly and is ineffective at properly expressing the behaviour of a class or component? What styles, tricks and tips can be used to make tests more specification-like and can scale as the codebase grows?
This session will address these questions and outline exactly what makes a good unit test.
An AVL tree, ordered by key insert: a standard insert; (log n) find: a standard find (without removing, of course); (log n) remove: a standard remove; (log n)
Add a 3rd field help that contains a short help string for each of t.pdfinfo245627
Add a 3rd field help that contains a short help string for each of the commands you were to
implement in assignment #3. Make sure that your array(s) are big enough to handle 5 extra items
beyond your initialization. To save time only include help for exercises 4, 5, 6 and 8 in this
assignment, and use No help for the other entries.
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
void ctrlCHandler(int signum)
{
fprintf(stderr,"Command server terminated using C\n");
exit(1);
}
char * fExport(char *cmd, char *tokensleft[])
{
setenv(tokensleft[0],tokensleft[1],1);
return "Command 'export' was received";
}
char * fChdir(char *cmd,char *tokensleft[])
{
int ch=chdir(tokensleft[0]);
if(ch<0)
perror("chdir change of directory not successful\n");
else
printf("chdir change of directory successful\n");
return "Command 'chdir' was received\n";
}
char * fAccess(char *cmd,char *tokensleft[])
{
int exists =0;
for(int i=0;tokensleft[i]; i++) {
exists =0;
if(access(tokensleft[i],F_OK)==0){
exists = 1;
printf("file %s exists\n",tokensleft[i]);
}else{
printf("file %s does not exists\n",tokensleft[i]);
}
if (exists == 1){
if(access(tokensleft[i],R_OK)==0) {
printf("file %s is readable\n",tokensleft[i]);
}else{printf("file %s is not readable\n",tokensleft[i]);}
if(access(tokensleft[i],W_OK)==0) {
printf("file %s is writeable\n",tokensleft[i]);
}else{
printf("file %s is not writeable\n",tokensleft[i]);
}
if(access(tokensleft[i],X_OK)==0) {
printf("file %s is executeable\n",tokensleft[i]);
}else{
printf("file %s is not executeable\n",tokensleft[i]);
}
}// exists if
} //for
return "Command 'acsess' was received\n";
}
char * fChmod(char *cmd,char *tokensleft[])
{
unsigned int octalPerm;
sscanf(tokensleft[0],"%o",&octalPerm);
for(int i=1;tokensleft[i]; i++) {
if(chmod(tokensleft[i],octalPerm)==0 ){
chmod(tokensleft[i],octalPerm);
}else{
printf("Error: %s \n",strerror(errno));
}
}
return "Command 'chmod' was received";
}
char * fPath(char *cmd,char *tokensleft[])
{
char *pathLink;
char actualPath[PATH_MAX+1];
char *pointer;
char *bName;
char *dName;
for(int i=0;tokensleft[i]; i++) {
pathLink = tokensleft[i];
pointer =realpath(pathLink,actualPath);
bName = basename(actualPath);
dName = dirname(tokensleft[i]);
if (pointer){
printf("The Real path of %s is: %s\n",tokensleft[i],actualPath);
printf("The Dir name path of %s is: %s\n",tokensleft[i],dName);
printf("The Base name of %s is: %s\n",tokensleft[i],bName);
}else{
printf("Error: %s \n",strerror(errno));
}
}
return "Command 'path' was received";
}
char * fTouch(char *cmd,char *tokensleft[])
{
extern int optind,optopt,opterr;
struct FLAG{
bool aFlag;
bool mFlag;
} flags = { false, false };
int t1 = time(NULL), t2 = time(NULL);
int argc = 0;
int flag;
for (int i = 0; tokensleft[i]; i++) {
argc++;
}
while ((flag = getopt(argc, tokensleft, "m.
Basic c++ 11/14 for python programmersJen Yee Hong
A short list of some common python programming patterns and their C++ equivalents. This can help programmers learn C++ in a more efficient way if he or she already knows Python.
Part of this material is used for internal training of Appier Inc, one of the leading artificial intelligence company in Asia.
Thank Appier Inc. for allowing me to share this.
assign4-2/.DS_Store
assign4-2/assign4_part2/mymem.h
#include <stddef.h>
typedef enum strategies_enum
{
NotSet = 0,
Best = 1,
Worst = 2,
First = 3,
Next = 4
} strategies;
char *strategy_name(strategies strategy);
strategies strategyFromString(char * strategy);
void initmem(strategies strategy, size_t sz);
void *mymalloc(size_t requested);
void myfree(void* block);
int mem_holes();
int mem_allocated();
int mem_free();
int mem_total();
int mem_largest_free();
int mem_small_free(int size);
char mem_is_alloc(void *ptr);
void* mem_pool();
void print_memory();
void print_memory_status();
void try_mymem(int argc, char **argv);
assign4-2/assign4_part2/memorytests.c
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <assert.h>
#include <time.h>
#include <unistd.h>
#include "mymem.h"
#include "testrunner.h"
/* performs a randomized test:
totalSize == the total size of the memory pool, as passed to initmem2
totalSize must be less than 10,000 * minBlockSize
fillRatio == when the allocated memory is >= fillRatio * totalSize, a block is freed;
otherwise, a new block is allocated.
If a block cannot be allocated, this is tallied and a random block is freed immediately thereafter in the next iteration
minBlockSize, maxBlockSize == size for allocated blocks is picked uniformly at random between these two numbers, inclusive
*/
void do_randomized_test(int strategyToUse, int totalSize, float fillRatio, int minBlockSize, int maxBlockSize, int iterations)
{
void * pointers[10000];
int storedPointers = 0;
int strategy;
int lbound = 1;
int ubound = 4;
int smallBlockSize = maxBlockSize/10;
if (strategyToUse>0)
lbound=ubound=strategyToUse;
FILE *log;
log = fopen("tests.log","a");
if(log == NULL) {
perror("Can't append to log file.\n");
return;
}
fprintf(log,"Running randomized tests: pool size == %d, fill ratio == %f, block size is from %d to %d, %d iterations\n",totalSize,fillRatio,minBlockSize,maxBlockSize,iterations);
fclose(log);
for (strategy = lbound; strategy <= ubound; strategy++)
{
double sum_largest_free = 0;
double sum_hole_size = 0;
double sum_allocated = 0;
int failed_allocations = 0;
double sum_small = 0;
struct timespec execstart, execend;
int force_free = 0;
int i;
storedPointers = 0;
initmem(strategy,totalSize);
clock_gettime(CLOCK_REALTIME, &execstart);
for (i = 0; i < iterations; i++)
{
if ( (i % 10000)==0 )
srand ( time(NULL) );
if (!force_free && (mem_free() > (totalSize * (1-fillRatio))))
{
int newBlockSize = (rand()%(maxBlockSize-minBlockSize+1))+minBlockSize;
/* allocate */
void * pointer = mymalloc(newBlockSize);
if (pointer != NULL)
pointers[storedPointers++] = pointer;
else
{
failed_allocations++;
force_free = 1;
}
}
else
{
int chosen;
void * pointe ...
Introduction to homomorphic encryption, encryption which allows computations on ciphertext. An overview of key aspects and the ideas that allow these schemes to work is given, as well as examples of how to apply it.
Christoph Matthies (@chrisma0), Hubert Hesse (@hubx), Robert Lehmann (@rlehmann)
Introduction to homomorphic encryption, encryption which allows computations on ciphertext. An overview of key aspects and the ideas that allow these schemes to work is given, as well as examples of how to apply it.
Christoph Matthies (@chrisma0), Hubert Hesse (@hubx), Robert Lehmann (@rlehmann)
What attracts researchers starting from the 60s till nowadays? What is studied in university by engineers in computer science and then successfully forgotten? What is at the heart of the compilers used daily by any software developer? Parsers! From a practical point of view using a small pill of theory, this session will bring lights on questions like: if there is so many parser-generators based on formal theory, then why javac, GCC and Clang are all hand-written? And how we, insiders of the world of parsing, do this at SonarSource for languages like Java, C/C++, C#, JavaScript, Python, COBOL?
Elixir è un nuovo linguaggio di programmazione che offre la gioia e la produttività di Ruby fondendola con la solidità e le performance di Erlang. In questo talk introdurrò velocemente il linguaggio di programmazione per concentrarmi sugli aspetti che fanno di Elixir un eccellente linguaggio per la creazione di sistemi concorrenti e distribuiti. Non perdete l'occasione di esplorare un linguaggio di programmazione che sarà protagonista nei prossimi anni. Attenzione! Questo talk potrebbe seriamente danneggiare il rapporto fra voi e il vostro linguaggio di programmazione preferito :-)
Presented at DevWeek (25th March 2015)
These days, testing is considered a sexy topic for programmers. Who’d have thought it? But what makes for good unit tests (GUTs)? There’s more to effective unit testing than just knowing the assertion syntax of a testing framework.
Testing represents a form of communication and, as such, it offers multiple levels and forms of feedback, not just basic defect detection. Effective unit testing requires an understanding of what forms of feedback and communication are offered by tests, and what styles encourage or discourage such qualities.
What style of test partitioning is most common, and yet scales poorly and is ineffective at properly expressing the behaviour of a class or component? What styles, tricks and tips can be used to make tests more specification-like and can scale as the codebase grows?
This session will address these questions and outline exactly what makes a good unit test.
An AVL tree, ordered by key insert: a standard insert; (log n) find: a standard find (without removing, of course); (log n) remove: a standard remove; (log n)
Add a 3rd field help that contains a short help string for each of t.pdfinfo245627
Add a 3rd field help that contains a short help string for each of the commands you were to
implement in assignment #3. Make sure that your array(s) are big enough to handle 5 extra items
beyond your initialization. To save time only include help for exercises 4, 5, 6 and 8 in this
assignment, and use No help for the other entries.
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
void ctrlCHandler(int signum)
{
fprintf(stderr,"Command server terminated using C\n");
exit(1);
}
char * fExport(char *cmd, char *tokensleft[])
{
setenv(tokensleft[0],tokensleft[1],1);
return "Command 'export' was received";
}
char * fChdir(char *cmd,char *tokensleft[])
{
int ch=chdir(tokensleft[0]);
if(ch<0)
perror("chdir change of directory not successful\n");
else
printf("chdir change of directory successful\n");
return "Command 'chdir' was received\n";
}
char * fAccess(char *cmd,char *tokensleft[])
{
int exists =0;
for(int i=0;tokensleft[i]; i++) {
exists =0;
if(access(tokensleft[i],F_OK)==0){
exists = 1;
printf("file %s exists\n",tokensleft[i]);
}else{
printf("file %s does not exists\n",tokensleft[i]);
}
if (exists == 1){
if(access(tokensleft[i],R_OK)==0) {
printf("file %s is readable\n",tokensleft[i]);
}else{printf("file %s is not readable\n",tokensleft[i]);}
if(access(tokensleft[i],W_OK)==0) {
printf("file %s is writeable\n",tokensleft[i]);
}else{
printf("file %s is not writeable\n",tokensleft[i]);
}
if(access(tokensleft[i],X_OK)==0) {
printf("file %s is executeable\n",tokensleft[i]);
}else{
printf("file %s is not executeable\n",tokensleft[i]);
}
}// exists if
} //for
return "Command 'acsess' was received\n";
}
char * fChmod(char *cmd,char *tokensleft[])
{
unsigned int octalPerm;
sscanf(tokensleft[0],"%o",&octalPerm);
for(int i=1;tokensleft[i]; i++) {
if(chmod(tokensleft[i],octalPerm)==0 ){
chmod(tokensleft[i],octalPerm);
}else{
printf("Error: %s \n",strerror(errno));
}
}
return "Command 'chmod' was received";
}
char * fPath(char *cmd,char *tokensleft[])
{
char *pathLink;
char actualPath[PATH_MAX+1];
char *pointer;
char *bName;
char *dName;
for(int i=0;tokensleft[i]; i++) {
pathLink = tokensleft[i];
pointer =realpath(pathLink,actualPath);
bName = basename(actualPath);
dName = dirname(tokensleft[i]);
if (pointer){
printf("The Real path of %s is: %s\n",tokensleft[i],actualPath);
printf("The Dir name path of %s is: %s\n",tokensleft[i],dName);
printf("The Base name of %s is: %s\n",tokensleft[i],bName);
}else{
printf("Error: %s \n",strerror(errno));
}
}
return "Command 'path' was received";
}
char * fTouch(char *cmd,char *tokensleft[])
{
extern int optind,optopt,opterr;
struct FLAG{
bool aFlag;
bool mFlag;
} flags = { false, false };
int t1 = time(NULL), t2 = time(NULL);
int argc = 0;
int flag;
for (int i = 0; tokensleft[i]; i++) {
argc++;
}
while ((flag = getopt(argc, tokensleft, "m.
Basic c++ 11/14 for python programmersJen Yee Hong
A short list of some common python programming patterns and their C++ equivalents. This can help programmers learn C++ in a more efficient way if he or she already knows Python.
Part of this material is used for internal training of Appier Inc, one of the leading artificial intelligence company in Asia.
Thank Appier Inc. for allowing me to share this.
assign4-2/.DS_Store
assign4-2/assign4_part2/mymem.h
#include <stddef.h>
typedef enum strategies_enum
{
NotSet = 0,
Best = 1,
Worst = 2,
First = 3,
Next = 4
} strategies;
char *strategy_name(strategies strategy);
strategies strategyFromString(char * strategy);
void initmem(strategies strategy, size_t sz);
void *mymalloc(size_t requested);
void myfree(void* block);
int mem_holes();
int mem_allocated();
int mem_free();
int mem_total();
int mem_largest_free();
int mem_small_free(int size);
char mem_is_alloc(void *ptr);
void* mem_pool();
void print_memory();
void print_memory_status();
void try_mymem(int argc, char **argv);
assign4-2/assign4_part2/memorytests.c
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <stdio.h>
#include <assert.h>
#include <time.h>
#include <unistd.h>
#include "mymem.h"
#include "testrunner.h"
/* performs a randomized test:
totalSize == the total size of the memory pool, as passed to initmem2
totalSize must be less than 10,000 * minBlockSize
fillRatio == when the allocated memory is >= fillRatio * totalSize, a block is freed;
otherwise, a new block is allocated.
If a block cannot be allocated, this is tallied and a random block is freed immediately thereafter in the next iteration
minBlockSize, maxBlockSize == size for allocated blocks is picked uniformly at random between these two numbers, inclusive
*/
void do_randomized_test(int strategyToUse, int totalSize, float fillRatio, int minBlockSize, int maxBlockSize, int iterations)
{
void * pointers[10000];
int storedPointers = 0;
int strategy;
int lbound = 1;
int ubound = 4;
int smallBlockSize = maxBlockSize/10;
if (strategyToUse>0)
lbound=ubound=strategyToUse;
FILE *log;
log = fopen("tests.log","a");
if(log == NULL) {
perror("Can't append to log file.\n");
return;
}
fprintf(log,"Running randomized tests: pool size == %d, fill ratio == %f, block size is from %d to %d, %d iterations\n",totalSize,fillRatio,minBlockSize,maxBlockSize,iterations);
fclose(log);
for (strategy = lbound; strategy <= ubound; strategy++)
{
double sum_largest_free = 0;
double sum_hole_size = 0;
double sum_allocated = 0;
int failed_allocations = 0;
double sum_small = 0;
struct timespec execstart, execend;
int force_free = 0;
int i;
storedPointers = 0;
initmem(strategy,totalSize);
clock_gettime(CLOCK_REALTIME, &execstart);
for (i = 0; i < iterations; i++)
{
if ( (i % 10000)==0 )
srand ( time(NULL) );
if (!force_free && (mem_free() > (totalSize * (1-fillRatio))))
{
int newBlockSize = (rand()%(maxBlockSize-minBlockSize+1))+minBlockSize;
/* allocate */
void * pointer = mymalloc(newBlockSize);
if (pointer != NULL)
pointers[storedPointers++] = pointer;
else
{
failed_allocations++;
force_free = 1;
}
}
else
{
int chosen;
void * pointe ...
Introduction to homomorphic encryption, encryption which allows computations on ciphertext. An overview of key aspects and the ideas that allow these schemes to work is given, as well as examples of how to apply it.
Christoph Matthies (@chrisma0), Hubert Hesse (@hubx), Robert Lehmann (@rlehmann)
Introduction to homomorphic encryption, encryption which allows computations on ciphertext. An overview of key aspects and the ideas that allow these schemes to work is given, as well as examples of how to apply it.
Christoph Matthies (@chrisma0), Hubert Hesse (@hubx), Robert Lehmann (@rlehmann)
How multi-fault injection breaks the security of smart cardsRiscure
At RSA Conference 2010 Riscure's Marc Witteman presented an essential overview of fault injection attacks theory and showed a number of practical attacks at hardware using FI.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
10. Dynamic Tainting Applications
Attack detection / prevention
Prevent stack smashing, SQL injection, buffer overruns, etc.
Attack detection / prevention
Information policy enforcement
Testing
Memory errors
Data lifetime
11. Dynamic Tainting Applications
Information policy enforcement
ensure classified information does not leave the system
Attack detection / prevention
Information policy enforcement
Testing
Memory errors
Data lifetime
12. Dynamic Tainting Applications
Testing
Coverage metrics, test data generation heuristic, etc.
✔/✘
Attack detection / prevention
Information policy enforcement
Testing
Memory errors
Data lifetime
13. Dynamic Tainting Applications
Attack detection / prevention
Information policy enforcement
Testing
Data lifetime
track how long sensitive data remains in an application
Memory errors
Data lifetime
14. Dynamic Tainting Applications
Attack detection / prevention
Information policy enforcement
Testing
Memory errors
Detect illegal memory access, leak detection, etc.
Memory errors
Data lifetime
19. Discover where the last pointer to un-freed memory is lost
Leak Detection Overview
20. Assign
taint marks
Propagate
taint marks
Check
taint marks
ptr1 = malloc(...) ➔ ptr1
ptr2 = calloc(...) ➔ ptr2
ptr3 = ptr1 ➔ ptr3 , ptr1
ptr1 = NULL ➔ ptr1 , ptr3
ptr4 = ptr2 + 1 ➔ ptr4 , ptr2
Report error if taint mark’s count is zero and
memory has not been freed.
1 1
1
Discover where the last pointer to un-freed memory is lost
Leak Detection Overview
21. Assign
taint marks
Propagate
taint marks
Check
taint marks
ptr1 = malloc(...) ➔ ptr1
ptr2 = calloc(...) ➔ ptr2
ptr3 = ptr1 ➔ ptr3 , ptr1
ptr1 = NULL ➔ ptr1 , ptr3
ptr4 = ptr2 + 1 ➔ ptr4 , ptr2
Report error if taint mark’s count is zero and
memory has not been freed.
1 1
1
Discover where the last pointer to un-freed memory is lost
Leak Detection Overview
# of pointers
tainted with
this color
22. Assign
taint marks
Propagate
taint marks
Check
taint marks
ptr1 = malloc(...) ➔ ptr1
ptr2 = calloc(...) ➔ ptr2
ptr3 = ptr1 ➔ ptr3 , ptr1
ptr1 = NULL ➔ ptr1 , ptr3
ptr4 = ptr2 + 1 ➔ ptr4 , ptr2
Report error if taint mark’s count is zero and
memory has not been freed.
1 1
1
Discover where the last pointer to un-freed memory is lost
Leak Detection Overview
23. Assign
taint marks
Propagate
taint marks
Check
taint marks
ptr1 = malloc(...) ➔ ptr1
ptr2 = calloc(...) ➔ ptr2
ptr3 = ptr1 ➔ ptr3 , ptr1
ptr1 = NULL ➔ ptr1 , ptr3
ptr4 = ptr2 + 1 ➔ ptr4 , ptr2
Report error if taint mark’s count is zero and
memory has not been freed.
2
1 1
1
1 2
2
2
1
1 2 2
Discover where the last pointer to un-freed memory is lost
Leak Detection Overview
24. Assign
taint marks
Propagate
taint marks
Check
taint marks
ptr1 = malloc(...) ➔ ptr1
ptr2 = calloc(...) ➔ ptr2
ptr3 = ptr1 ➔ ptr3 , ptr1
ptr1 = NULL ➔ ptr1 , ptr3
ptr4 = ptr2 + 1 ➔ ptr4 , ptr2
Report error if taint mark’s count is zero and
memory has not been freed.
2
1 1
1
1 2
2
2
1
1 2 2
In general propagation follows standard pointer arithmetic rules
Discover where the last pointer to un-freed memory is lost
Leak Detection Overview
25. Assign
taint marks
Propagate
taint marks
Check
taint marks
ptr1 = malloc(...) ➔ ptr1
ptr2 = calloc(...) ➔ ptr2
ptr3 = ptr1 ➔ ptr3 , ptr1
ptr1 = NULL ➔ ptr1 , ptr3
ptr4 = ptr2 + 1 ➔ ptr4 , ptr2
Report error if taint mark’s count is zero and
memory has not been freed.
2
3
1 1
1
1 2
2
2
1
1 2 2
In general propagation follows standard pointer arithmetic rules
Discover where the last pointer to un-freed memory is lost
Leak Detection Overview
31. Leakpoint implementation
Pointer to memory area 0x1C93AC0 (16 bytes)
allocated:
at malloc
by addhash (hash.c:50)
by parser (parser.c:210)
by readcell (parser.c:34)
by main (main.c:98)
was leaked:
at free
by delHtab (hash.c:28)
by grdcell(grdcell.c:354)
by main (main.c:227)
32. Leakpoint implementation
Pointer to memory area 0x1C93AC0 (16 bytes)
allocated:
at malloc
by addhash (hash.c:50)
by parser (parser.c:210)
by readcell (parser.c:34)
by main (main.c:98)
was leaked:
at free
by delHtab (hash.c:28)
by grdcell(grdcell.c:354)
by main (main.c:227)
33. Leakpoint implementation
Pointer to memory area 0x1C93AC0 (16 bytes)
allocated:
at malloc
by addhash (hash.c:50)
by parser (parser.c:210)
by readcell (parser.c:34)
by main (main.c:98)
was leaked:
at free
by delHtab (hash.c:28)
by grdcell(grdcell.c:354)
by main (main.c:227)