TEE - kernel support is now upstream. What this means for open source securityLinaro
TEE security infrastructure is now upstream in the Linux kernel, thanks to the hard work of many people in the ARM open source ecosystem. In this upcoming webinar, Joakim Bech and Jens Wiklander of the Linaro Security Working Group explain:
‣ Why upstream Linux kernel driver support is an important milestone.
‣ The relationship with specifications such as GlobalPlatform.
‣ A recap of the design principles for the TEE driver.
‣ How to get involved with TEE development.
This webinar is based on the work of the Linaro Security Working Group. Their work helps Linaro achieve its mission of providing upstream open source support for the ARM ecosystem. The webinar will be of interest to developers and engineering managers who would like the latest status on TEE support in Linux, particularly those looking to develop secure applications with e.g. OP-TEE. It’s also a great case study for those interested in the challenges of Linux kernel upstreaming. There will be the opportunity to ask questions before, during and after the webinar.
🎙 Speakers:
Joakim Bech, Security Working Group Tech Lead, Linaro
Jens Wiklander, Security Working Group Engineer & Upstream Driver Author, Linaro
🎯 Moderator:
Bill Fletcher, EMEA Field Engineering, Linaro
✨ Register here
http://linaro.co/webinar01
For more information on...
On Linaro - Leading Collaboration in the ARM Ecosystem - linaro.org
On OP-TEE - the TEE in Linux using the ARM® TrustZone® technology op-tee.org
----------------------------------------------
Videos & Presentation
--
Introduction to OP-TEE
--
A great introduction to OP-TEE security written from the standpoint of Automotive Grade Linux. It's only 13 slides with some great diagrams explaining trusted execution, secure boot and isolation.
#Automotive #AGL #OP-TEE #Linux
https://www.slideshare.net/YannickGicquel/introduction-to-optee-26-may-2016
--
OP-TEE for Beginners and Porting Review
--
Explains the building blocks involved in Security including TrustZone, OP-TEE, Trusted Firmware etc. Goes into detail on how Secure Boot Works.. and Why. Explains how a simple secure Trusted Application interacts with OP-TEE and works. Brief overview on how to port OP-TEE to an ARM platform. Opens discussions for Potential Challenges and Hardware limitations and how they can be overcome.
#TrustedApplication #Trustzone
http://connect.linaro.org/resource/hkg15/hkg15-311-op-tee-for-beginners-and-porting-review/
Linux 4.x Tracing: Performance Analysis with bcc/BPFBrendan Gregg
Talk about bcc/eBPF for SCALE15x (2017) by Brendan Gregg. "BPF (Berkeley Packet Filter) has been enhanced in the Linux 4.x series and now powers a large collection of performance analysis and observability tools ready for you to use, included in the bcc (BPF Complier Collection) open source project. BPF nowadays can do system tracing, software defined networks, and kernel fast path: much more than just filtering packets! This talk will focus on the bcc/BPF tools for performance analysis, which make use of other built in Linux capabilities: dynamic tracing (kprobes and uprobes) and static tracing (tracepoints and USDT). There are now bcc tools for measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. Tracing superpowers have finally arrived, built in to Linux."
Optimizing SAO with Open Source Tools. A deep dive into the Phishing Intelligence Engine (PIE) and how users can leverage infrastructure and open source to automate and respond to threats.
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
Most 5G networks are built in fundamentally new ways, opening new hacking avenues.
Mobile networks have so far been monolithic systems from big vendors; now they become open vendor-mixed ecosystems. Networks are rapidly adopting cloud technologies including dockerization and orchestration. Cloud hacking techniques become highly relevant to mobile networks.
The talk dives into the hacking potential of the technologies needed for these open networks. We illustrate the security challenges with vulnerabilities we found in real-world networks.
LAS16-TR06: Remoteproc & rpmsg development
Speakers: Bjorn Andersson
Date: September 28, 2016
★ Session Description ★
Today the remoteproc & rpmsg code available in mainline serves as a base for numerous out-of-tree implementations, ranging from bug fixes to larger feature additions. As we’re discussing how to bring these additions towards mainline a common set of topics shows up between the various trees. This talk serves to give an insight into these discussions, ongoing work and connect people with interest in these subsystems.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-tr06
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-tr06/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Join this video course on Udemy. Click the below link
https://www.udemy.com/mastering-rtos-hands-on-with-freertos-arduino-and-stm32fx/?couponCode=SLIDESHARE
>> The Complete FreeRTOS Course with Programming and Debugging <<
"The Biggest objective of this course is to demystifying RTOS practically using FreeRTOS and STM32 MCUs"
STEP-by-STEP guide to port/run FreeRTOS using development setup which includes,
1) Eclipse + STM32F4xx + FreeRTOS + SEGGER SystemView
2) FreeRTOS+Simulator (For windows)
Demystifying the complete Architecture (ARM Cortex M) related code of FreeRTOS which will massively help you to put this kernel on any target hardware of your choice.
TEE - kernel support is now upstream. What this means for open source securityLinaro
TEE security infrastructure is now upstream in the Linux kernel, thanks to the hard work of many people in the ARM open source ecosystem. In this upcoming webinar, Joakim Bech and Jens Wiklander of the Linaro Security Working Group explain:
‣ Why upstream Linux kernel driver support is an important milestone.
‣ The relationship with specifications such as GlobalPlatform.
‣ A recap of the design principles for the TEE driver.
‣ How to get involved with TEE development.
This webinar is based on the work of the Linaro Security Working Group. Their work helps Linaro achieve its mission of providing upstream open source support for the ARM ecosystem. The webinar will be of interest to developers and engineering managers who would like the latest status on TEE support in Linux, particularly those looking to develop secure applications with e.g. OP-TEE. It’s also a great case study for those interested in the challenges of Linux kernel upstreaming. There will be the opportunity to ask questions before, during and after the webinar.
🎙 Speakers:
Joakim Bech, Security Working Group Tech Lead, Linaro
Jens Wiklander, Security Working Group Engineer & Upstream Driver Author, Linaro
🎯 Moderator:
Bill Fletcher, EMEA Field Engineering, Linaro
✨ Register here
http://linaro.co/webinar01
For more information on...
On Linaro - Leading Collaboration in the ARM Ecosystem - linaro.org
On OP-TEE - the TEE in Linux using the ARM® TrustZone® technology op-tee.org
----------------------------------------------
Videos & Presentation
--
Introduction to OP-TEE
--
A great introduction to OP-TEE security written from the standpoint of Automotive Grade Linux. It's only 13 slides with some great diagrams explaining trusted execution, secure boot and isolation.
#Automotive #AGL #OP-TEE #Linux
https://www.slideshare.net/YannickGicquel/introduction-to-optee-26-may-2016
--
OP-TEE for Beginners and Porting Review
--
Explains the building blocks involved in Security including TrustZone, OP-TEE, Trusted Firmware etc. Goes into detail on how Secure Boot Works.. and Why. Explains how a simple secure Trusted Application interacts with OP-TEE and works. Brief overview on how to port OP-TEE to an ARM platform. Opens discussions for Potential Challenges and Hardware limitations and how they can be overcome.
#TrustedApplication #Trustzone
http://connect.linaro.org/resource/hkg15/hkg15-311-op-tee-for-beginners-and-porting-review/
Linux 4.x Tracing: Performance Analysis with bcc/BPFBrendan Gregg
Talk about bcc/eBPF for SCALE15x (2017) by Brendan Gregg. "BPF (Berkeley Packet Filter) has been enhanced in the Linux 4.x series and now powers a large collection of performance analysis and observability tools ready for you to use, included in the bcc (BPF Complier Collection) open source project. BPF nowadays can do system tracing, software defined networks, and kernel fast path: much more than just filtering packets! This talk will focus on the bcc/BPF tools for performance analysis, which make use of other built in Linux capabilities: dynamic tracing (kprobes and uprobes) and static tracing (tracepoints and USDT). There are now bcc tools for measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. Tracing superpowers have finally arrived, built in to Linux."
Optimizing SAO with Open Source Tools. A deep dive into the Phishing Intelligence Engine (PIE) and how users can leverage infrastructure and open source to automate and respond to threats.
[cb22] Tales of 5G hacking by Karsten NohlCODE BLUE
Most 5G networks are built in fundamentally new ways, opening new hacking avenues.
Mobile networks have so far been monolithic systems from big vendors; now they become open vendor-mixed ecosystems. Networks are rapidly adopting cloud technologies including dockerization and orchestration. Cloud hacking techniques become highly relevant to mobile networks.
The talk dives into the hacking potential of the technologies needed for these open networks. We illustrate the security challenges with vulnerabilities we found in real-world networks.
LAS16-TR06: Remoteproc & rpmsg development
Speakers: Bjorn Andersson
Date: September 28, 2016
★ Session Description ★
Today the remoteproc & rpmsg code available in mainline serves as a base for numerous out-of-tree implementations, ranging from bug fixes to larger feature additions. As we’re discussing how to bring these additions towards mainline a common set of topics shows up between the various trees. This talk serves to give an insight into these discussions, ongoing work and connect people with interest in these subsystems.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-tr06
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-tr06/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Join this video course on Udemy. Click the below link
https://www.udemy.com/mastering-rtos-hands-on-with-freertos-arduino-and-stm32fx/?couponCode=SLIDESHARE
>> The Complete FreeRTOS Course with Programming and Debugging <<
"The Biggest objective of this course is to demystifying RTOS practically using FreeRTOS and STM32 MCUs"
STEP-by-STEP guide to port/run FreeRTOS using development setup which includes,
1) Eclipse + STM32F4xx + FreeRTOS + SEGGER SystemView
2) FreeRTOS+Simulator (For windows)
Demystifying the complete Architecture (ARM Cortex M) related code of FreeRTOS which will massively help you to put this kernel on any target hardware of your choice.
Purple Teaming is the idea of using a Red Team exercise with clear training objectives for the Blue Team.
Great exercises should not just be focused on testing a product, they should also test your active Blue Team members and their skills. But how does one start to think about a Purple Team exercise, how does one go about running one and what does it look like?
In this talk we will explain what, why and how, to plan an effective purple team exercise and give some examples. Most enterprise networks are Windows heavy so examples will heavily lean on this.
Testing Assumptions, gaps, blind spots is what being proactive is all about. This talk is both for the console folks and non-console folks.
IPsec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Examples of its use include:
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establishing extranet and intranet connectivity with partners
Enhancing electronic commerce security
eBPF (extended Berkeley Packet Filters) is a modern kernel technology that can be used to introduce dynamic tracing into a system that wasn't prepared or instrumented in any way. The tracing programs run in the kernel, are guaranteed to never crash or hang your system, and can probe every module and function -- from the kernel to user-space frameworks such as Node and Ruby.
In this workshop, you will experiment with Linux dynamic tracing first-hand. First, you will explore BCC, the BPF Compiler Collection, which is a set of tools and libraries for dynamic tracing. Many of your tracing needs will be answered by BCC, and you will experiment with memory leak analysis, generic function tracing, kernel tracepoints, static tracepoints in user-space programs, and the "baked" tools for file I/O, network, and CPU analysis. You'll be able to choose between working on a set of hands-on labs prepared by the instructors, or trying the tools out on your own test system.
Next, you will hack on some of the bleeding edge tools in the BCC toolkit, and build a couple of simple tools of your own. You'll be able to pick from a curated list of GitHub issues for the BCC project, a set of hands-on labs with known "school solutions", and an open-ended list of problems that need tools for effective analysis. At the end of this workshop, you will be equipped with a toolbox for diagnosing issues in the field, as well as a framework for building your own tools when the generic ones do not suffice.
Video: https://www.facebook.com/atscaleevents/videos/1693888610884236/ . Talk by Brendan Gregg from Facebook's Performance @Scale: "Linux performance analysis has been the domain of ancient tools and metrics, but that's now changing in the Linux 4.x series. A new tracer is available in the mainline kernel, built from dynamic tracing (kprobes, uprobes) and enhanced BPF (Berkeley Packet Filter), aka, eBPF. It allows us to measure latency distributions for file system I/O and run queue latency, print details of storage device I/O and TCP retransmits, investigate blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. This talk will summarize this new technology and some long-standing issues that it can solve, and how we intend to use it at Netflix."
Video: https://www.youtube.com/watch?v=JRFNIKUROPE . Talk for linux.conf.au 2017 (LCA2017) by Brendan Gregg, about Linux enhanced BPF (eBPF). Abstract:
A world of new capabilities is emerging for the Linux 4.x series, thanks to enhancements that have been included in Linux for to Berkeley Packet Filter (BPF): an in-kernel virtual machine that can execute user space-defined programs. It is finding uses for security auditing and enforcement, enhancing networking (including eXpress Data Path), and performance observability and troubleshooting. Many new open source tools that have been written in the past 12 months for performance analysis that use BPF. Tracing superpowers have finally arrived for Linux!
For its use with tracing, BPF provides the programmable capabilities to the existing tracing frameworks: kprobes, uprobes, and tracepoints. In particular, BPF allows timestamps to be recorded and compared from custom events, allowing latency to be studied in many new places: kernel and application internals. It also allows data to be efficiently summarized in-kernel, including as histograms. This has allowed dozens of new observability tools to be developed so far, including measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more.
This talk will summarize BPF capabilities and use cases so far, and then focus on its use to enhance Linux tracing, especially with the open source bcc collection. bcc includes BPF versions of old classics, and many new tools, including execsnoop, opensnoop, funcccount, ext4slower, and more (many of which I developed). Perhaps you'd like to develop new tools, or use the existing tools to find performance wins large and small, especially when instrumenting areas that previously had zero visibility. I'll also summarize how we intend to use these new capabilities to enhance systems analysis at Netflix.
Agenda:
In this talk we will present various locking mechanisms implemented in the linux kernel.
From System V locks to raw spinlocks and the RT patch.
Speaker:
Mark Veltzer - CTO of Hinbit and a senior instructor at John Bryce. Mark is also a member of the Free Source Foundation and contributes to many free projects.
https://github.com/veltzer
Webinar topic: Mikrotik Bridge Deep Dive
Presenter: Achmad Mardiansyah
In this webinar series, we will discuss about Mikrotik Bridge Deep Dive
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/AISGc9AGJtE
MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...MITRE - ATT&CKcon
Security teams have more detection tools at their disposal than ever before, yet most are still struggling to find even the most basic malicious activity occurring in their environments. Building effective detection analytics requires realistic data and the ability to iterate quickly in a rapid analytic development cycle.
This talk introduces a full lifecycle attack simulation and analytics development environment featuring the MITRE ATT&CK framework and the Atomic Red Team project using Splunk and Splunk Phantom mapped to an imaginary APT group, Taedonggang.
It focuses on how security teams can use such a system to rapidly develop and share new detection analytics. Links to all components referenced in the talk are provided, including a cloud-based dataset that can act as a playground for users who want to see the results of the activity.
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
Speakers:
Date: September 29, 2016
★ Session Description ★
ARM Trusted Firmware has established itself as a key part of the ARMv8-A software stack. Broadening its applicability across all segments, from embedded to enterprise, is challenging. This session discusses the latest developments, including extension into the 32-bit space.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-402
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-402/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
Eseguire più suite di test automatici insieme con Selenium IDE - Evolve Today! Stefano Trojani
Come decentrare le variabili di ambiente dalle suite di Selenium Ide per poter lanciare più suite insieme senza perdere niente. Una presentazione fatta con lo stile di Bioshock in art decò.
Purple Teaming is the idea of using a Red Team exercise with clear training objectives for the Blue Team.
Great exercises should not just be focused on testing a product, they should also test your active Blue Team members and their skills. But how does one start to think about a Purple Team exercise, how does one go about running one and what does it look like?
In this talk we will explain what, why and how, to plan an effective purple team exercise and give some examples. Most enterprise networks are Windows heavy so examples will heavily lean on this.
Testing Assumptions, gaps, blind spots is what being proactive is all about. This talk is both for the console folks and non-console folks.
IPsec provides the capability to secure communications across a LAN, across private and public WANs, and across the Internet. Examples of its use include:
Secure branch office connectivity over the Internet
Secure remote access over the Internet
Establishing extranet and intranet connectivity with partners
Enhancing electronic commerce security
eBPF (extended Berkeley Packet Filters) is a modern kernel technology that can be used to introduce dynamic tracing into a system that wasn't prepared or instrumented in any way. The tracing programs run in the kernel, are guaranteed to never crash or hang your system, and can probe every module and function -- from the kernel to user-space frameworks such as Node and Ruby.
In this workshop, you will experiment with Linux dynamic tracing first-hand. First, you will explore BCC, the BPF Compiler Collection, which is a set of tools and libraries for dynamic tracing. Many of your tracing needs will be answered by BCC, and you will experiment with memory leak analysis, generic function tracing, kernel tracepoints, static tracepoints in user-space programs, and the "baked" tools for file I/O, network, and CPU analysis. You'll be able to choose between working on a set of hands-on labs prepared by the instructors, or trying the tools out on your own test system.
Next, you will hack on some of the bleeding edge tools in the BCC toolkit, and build a couple of simple tools of your own. You'll be able to pick from a curated list of GitHub issues for the BCC project, a set of hands-on labs with known "school solutions", and an open-ended list of problems that need tools for effective analysis. At the end of this workshop, you will be equipped with a toolbox for diagnosing issues in the field, as well as a framework for building your own tools when the generic ones do not suffice.
Video: https://www.facebook.com/atscaleevents/videos/1693888610884236/ . Talk by Brendan Gregg from Facebook's Performance @Scale: "Linux performance analysis has been the domain of ancient tools and metrics, but that's now changing in the Linux 4.x series. A new tracer is available in the mainline kernel, built from dynamic tracing (kprobes, uprobes) and enhanced BPF (Berkeley Packet Filter), aka, eBPF. It allows us to measure latency distributions for file system I/O and run queue latency, print details of storage device I/O and TCP retransmits, investigate blocked stack traces and memory leaks, and a whole lot more. These lead to performance wins large and small, especially when instrumenting areas that previously had zero visibility. This talk will summarize this new technology and some long-standing issues that it can solve, and how we intend to use it at Netflix."
Video: https://www.youtube.com/watch?v=JRFNIKUROPE . Talk for linux.conf.au 2017 (LCA2017) by Brendan Gregg, about Linux enhanced BPF (eBPF). Abstract:
A world of new capabilities is emerging for the Linux 4.x series, thanks to enhancements that have been included in Linux for to Berkeley Packet Filter (BPF): an in-kernel virtual machine that can execute user space-defined programs. It is finding uses for security auditing and enforcement, enhancing networking (including eXpress Data Path), and performance observability and troubleshooting. Many new open source tools that have been written in the past 12 months for performance analysis that use BPF. Tracing superpowers have finally arrived for Linux!
For its use with tracing, BPF provides the programmable capabilities to the existing tracing frameworks: kprobes, uprobes, and tracepoints. In particular, BPF allows timestamps to be recorded and compared from custom events, allowing latency to be studied in many new places: kernel and application internals. It also allows data to be efficiently summarized in-kernel, including as histograms. This has allowed dozens of new observability tools to be developed so far, including measuring latency distributions for file system I/O and run queue latency, printing details of storage device I/O and TCP retransmits, investigating blocked stack traces and memory leaks, and a whole lot more.
This talk will summarize BPF capabilities and use cases so far, and then focus on its use to enhance Linux tracing, especially with the open source bcc collection. bcc includes BPF versions of old classics, and many new tools, including execsnoop, opensnoop, funcccount, ext4slower, and more (many of which I developed). Perhaps you'd like to develop new tools, or use the existing tools to find performance wins large and small, especially when instrumenting areas that previously had zero visibility. I'll also summarize how we intend to use these new capabilities to enhance systems analysis at Netflix.
Agenda:
In this talk we will present various locking mechanisms implemented in the linux kernel.
From System V locks to raw spinlocks and the RT patch.
Speaker:
Mark Veltzer - CTO of Hinbit and a senior instructor at John Bryce. Mark is also a member of the Free Source Foundation and contributes to many free projects.
https://github.com/veltzer
Webinar topic: Mikrotik Bridge Deep Dive
Presenter: Achmad Mardiansyah
In this webinar series, we will discuss about Mikrotik Bridge Deep Dive
Please share your feedback or webinar ideas here: http://bit.ly/glcfeedback
Check our schedule for future events: https://www.glcnetworks.com/en/schedule/
Follow our social media for updates: Facebook, Instagram, YouTube Channel, and telegram also discord
Recording available on Youtube
https://youtu.be/AISGc9AGJtE
MITRE ATT&CKcon 2018: From Automation to Analytics: Simulating the Adversary ...MITRE - ATT&CKcon
Security teams have more detection tools at their disposal than ever before, yet most are still struggling to find even the most basic malicious activity occurring in their environments. Building effective detection analytics requires realistic data and the ability to iterate quickly in a rapid analytic development cycle.
This talk introduces a full lifecycle attack simulation and analytics development environment featuring the MITRE ATT&CK framework and the Atomic Red Team project using Splunk and Splunk Phantom mapped to an imaginary APT group, Taedonggang.
It focuses on how security teams can use such a system to rapidly develop and share new detection analytics. Links to all components referenced in the talk are provided, including a cloud-based dataset that can act as a playground for users who want to see the results of the activity.
LAS16-402: ARM Trusted Firmware – from Enterprise to EmbeddedLinaro
LAS16-402: ARM Trusted Firmware – from Enterprise to Embedded
Speakers:
Date: September 29, 2016
★ Session Description ★
ARM Trusted Firmware has established itself as a key part of the ARMv8-A software stack. Broadening its applicability across all segments, from embedded to enterprise, is challenging. This session discusses the latest developments, including extension into the 32-bit space.
★ Resources ★
Etherpad: pad.linaro.org/p/las16-402
Presentations & Videos: http://connect.linaro.org/resource/las16/las16-402/
★ Event Details ★
Linaro Connect Las Vegas 2016 – #LAS16
September 26-30, 2016
http://www.linaro.org
http://connect.linaro.org
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
Eseguire più suite di test automatici insieme con Selenium IDE - Evolve Today! Stefano Trojani
Come decentrare le variabili di ambiente dalle suite di Selenium Ide per poter lanciare più suite insieme senza perdere niente. Una presentazione fatta con lo stile di Bioshock in art decò.
Creare Suite di Test Automatici intelligenti con Selenium IDEStefano Trojani
Come creare delle suite (test plan) intelligenti con Selenium IDE? Una completa guida che parte dal concettuale per andare nel dettaglio tecnico (non troppo) che spiega un approccio testing strutturato, partendo dagli use case, ai test case.
Un'introduzione approfondita al tool Selenium IDE. Cos'è, come funziona e come creare un primo Test Case. Esempi di come migliorare il codice del test case e come creare delle suite.
Come utilizzare la PEC nella vita di tutti i giorni al massimo delle sue pote...Stefano Trojani
Un corso che spiega gli utilizzi di tutti i giorni della Posta Elettronica Certifica: per contestare le multe, pagare la tassa sui rifiuti (TARI), inoltrare reclami alle banche, disdire contratti telefonici... e molto altro. Come registrarsi una PEC gratis ed essere subito operativo.
Test, Tools and Tips per tester e non.
Consigli su come affrontare il testing e come comportarsi con applicazioni di tipo web, con scenari e possibili soluzioni con vari tools a disposizione
FLSS vuole essere un supporto tecnologico alla gestione della vita condivisa, semplice, giocoso e facile da usare, volto a rendere piacevole e formativo quel periodo della vita in cui giovani studenti e lavoratori condividono un appartamento, soprattutto nelle grandi città dove i canoni d'affitto sono molto alti.
Validazione app.
Riprogettazione dell’interfaccia dell’applicazione ufficiale di Atm, “ATMobile”, con relativi test di usabilità.
L’obiettivo principale è quello di migliorare l’interazione uomo-applicazione in modo da renderne più intuitivo l’utilizzo e facilitare la ricerca delle informazioni
Agile Testing e UX: come ottenere il massimo da QA e DesignStefano Trojani
Un'analisi sulla sinergia che si genera lavorando fianco a fianco tra Agile Tester e UX.
Dopo una breve presentazione del ruolo dell'Agile Tester (che non è il vecchio tester del "waterfall") analizziamo quali sono le competenze condivise (es: personas, scenari, usability test...) e dimostriamo, con un esempio sul campo, che lavorando insieme possiamo analizzare il prodotto in ogni sua parte raggiungendo qualità superiore.
Sviluppare funzionalità aggiuntive di utilizzo comune centralizzandone il codice. Realizzare vere e proprie applicazioni mantenendo separati codice e dati. Creare strumenti di sviluppo personalizzati estendendo le potenzialità del Lotus Domino Designer. Integrare Symphony nelle applicazioni Notes.
Sono solo alcune delle opportunità offerte agli sviluppatori Domino dall'ambiente Eclipse.
Per chi, come chi scrive (classe Lotus Notes 4.5), fa parte della vecchia guardia "LotusScript & Formule" può non essere così spontaneo abbandonare tecniche consolidate cercando nuove soluzioni a necessità note (il lato oscuro della retrocompatibilità) ma le potenzialità offerte dal lunare e multipiattaforma IDE sono tali da meritare, demo alla mano, ben più di una possibilità.
Ripetete con me: Nooootes Moooon Attaaaack!
Slides dalle lezioni del corso di Interazione Uomo Macchina per il creo di laurea in Informatica - Università di Milano Bicocca - Prof.R.Polillo (a.a.2014-15) - Lezione del 18 marzo 2015
Il buon programmatore - consigli pratici per una vita feliceAndrea Dottor
Lavorando come consulente mi sono trovato spesso di fronte a problematiche (a volte banali), ma che erano la causa di gravi problemi di performance dell'appliccazione realizzata, oppure più banali, ma che rendevano il codice meno manutenibile e gestibile, specialmente lavorando in team. Vedere che nel tempo, persone/realtà diverse, commettono gli stessi errori mi ha fatto pensare a questa sessione...dove intendo elencare i problemi più comuni, che per causa di tempo o scarsa conoscenza, vengono commessi, e proporre delle soluzioni semplici da poter applicare fin da subito. (ASP.NET, ma non solo)
Questo file (39 Mb) contiene tutte le figure del libro di R.Polillo, "Facile da usare" (Apogeo, 2010), nell’ordine in cui compaiono nel libro. Esse sono rese disponibili a chiunque volessero utilizzarle per scopi didattici. Per le didascalie, si rimanda al libro stesso, reperibile anche in rete, in www.rpolillo.it
Attiva le mail su Register.it e configurale su MobileStefano Trojani
Un webinar che spiega come attivare le mail gratuite comprese nel dominio, configurarle su Mobile (iPhone / Android).
Come funziona (e come attivare) una casella Chatchall e forward. Come usare al meglio l'email stando sempre online con la Webmail/PIM (personal information manager)
Come inviare email e newsletter senza farle finire nello SPAMStefano Trojani
Una guida che spiega passo dopo passo come evitare che le mail e le tue Newsletter arrivino a destinazione senza essere prese come spam dai filtri. Segui i consigli pratici per creare newsletter di qualità (sia dal punto di vista del codice che del contenuto). Evita le HOT KEYWORD che ti faranno finire subito in spam, fai attenzione all'uso degli IP geografici... e molto ancora
Scenari di utilizzo di una mail con Active Sync (Exchange)Stefano Trojani
Un Webinar che mostra interessanti scenari sull'utilizzo da parte di aziende di server di posta avanzata (Exchange o Professional con Active Sync)
Con un occhio di riguardo per l'email professionali di Register.it
Plant UML come creare Grafici UML in modo facileStefano Trojani
Un Agile Tester spesso è chiamato a realizzare grafici UML per meglio analizzare flussi, funzionalità o sequenze.
Qui vediamo un tool gratuito: Plant UML, è estremamente facile, perché il sorgente del grafico E’ il grafico stesso.
Un Webinar che ho tenuto spiegando il funzionamento dell'email Professional di Register.it: il funzionamento della sincronizzazione (Active Sync) e modulo di condivisione della Webmail/PIM (Personal Information Manager)
Manuale di migrazione account Exchange 2003 su account Exchange di Office365 ...Stefano Trojani
Un tutorial che spiega come importare i dati di un account exchange 2003 sulla nuova piattaforma Office365 tramite importazione del file .ost (generato da Outlook)
Una breve storia della street photography partendo addirittura da un quadro di Degas fino ad i giorni nostri. RImandi, citazioni, rielaborazione del linguaggio fotografico nella storia iniziando da Aget fino a Bresson, da Doisneau a Erwitt fino a Vivian Maier. Poi gli attuali Martin Parr, Matt Stuart, Nick Turpin, Trent Parke e l'attualissimo e bravissimo Umberto Verdoliva.
Webinar sul Funzionamento della nuova mail/PIM di Register.itStefano Trojani
Il Webinar che ho tenuto il 29 aprile 2013 in Register in cui è stata presentata la nuova mail di Register. Non più una Webmail ma un vero e proprio PIM (Project Information Manager) a tutti gli effetti. Un Overview sul prodotto dalle tantissime features.
La presentazione del Webinar sulla PEC (Posta Elettronica Certificata) della piattafroma Register.it tenuto da Stefano Trojani. Cos'è la PEC, quali sono i suoi vantaggi, le classi di prodotto e i servizi offerti
2. Use Case Efficaci
Fase 1:
Attori, Obiettivi e Descrizioni
2
By Stefano Trojani – All rights reserved
3. Use Case Efficaci
Fase 1: Attori, Obiettivi e Descrizioni (parte prima)
Per iniziare è bene fare una diagramma del contesto in cui andremo a lavorare
identificando gli “attori” e gli obiettivi (o goals).
Per far ciò è necessario identificare:
Chi userà il sistema che stiamo progettando/realizzando (Attori)
Perché lo userà (lo scopo del flusso)
Una volta identificati gli obiettivi è possibile creare i primi Use Cases.
Nota: Ogni use case dovrà avere un nome con la sintassi:
VERBO (alla terza persona singolare) + NOME
(es: Fa Login alla Webmail).
By Stefano Trojani – All rights reserved
3
4. Use Case Efficaci
Fase 1: Attori, Obiettivi e Descrizioni (parte seconda)
Ogni Use Case deve avere una breve descrizione.
Per evitare ridondanze è possibile usare la struttura delle User Stories per descrivere
lo Use Case.
Il [nome attore] vuole [obiettivo del caso d'uso] in modo tale che [motivo per cui
vuole raggiungere tale obiettivo].
Lo use case derivato potrebbe essere:
L’Utente della WebMail vuole potersi loggarsi alla piattaforma per poter leggere le
sue Mail
4
By Stefano Trojani – All rights reserved
5. Use Case Efficaci
Fase 2:
Definire gli Use Case per sprint
5
By Stefano Trojani – All rights reserved
6. Use Case Efficaci
Fase 2: Definire gli Use Case per sprint
Una volta identificati gli Attori e fatti una serie di Use Case per un intero flusso si ha la
la struttura di base del progetto (che potrebbe essere un intero Package del Test Plan).
Nota: E’ sempre un errore entrare troppo nel dettaglio su processi ancora non
definiti: si rischia sempre di fare un doppio lavoro.
E’ bene decidere quale Use Case dovrà essere sviluppato nel prossimo sprint e
concentrarsi su quello.
6
By Stefano Trojani – All rights reserved
8. Use Case Efficaci
Fase 3: Scrivere Use Case (parte prima)
Il nucleo dello Use Case è lo scenario di successo (o Happy Ending, Success Scenario,
Positive End to End).
Ossia una lista indicativamente da 5 a 15 step che descrivono come un Attore si
interfaccia al sistema.
NOTA: Un Use Case è ben definito quando descrive in modo conciso come il sistema
si deve comportare.
E’ importante imparare a scrivere descrizioni brevi.
Ogni step deve descrivere un'azione intrapresa sia dal Sistema che dall’Attore.
8
By Stefano Trojani – All rights reserved
9. Use Case Efficaci
Fase 3: Scrivere Use Case (parte seconda)
Le azioni comuni rientrano in una delle seguenti categorie
Tipo di passo
Esempio
1.Il Sistema fornisce informazioni all‘Attore
Sistema visualizza i risultati della ricerca.
1.Il Sistema richiede info all‘Attore
Sistema richiede di accettare le T&C.
1.Il Sistema funziona per conto dell‘Attore
Sistema invia la richiesta al sistema di
pagamento.
1.L’Attore fa una scelta
L’utente accetta l'invito.
1.L’Attore fornisce informazioni al Sistema
L’utente inserisce i suoi dati anagrafici
9
By Stefano Trojani – All rights reserved
10. Use Case Efficaci
Fase 3: Scrivere Use Case (parte terza)
Per mantenere lo scenario leggibile e mantenibile è bene NON inserire informazioni
riguardanti :
•
•
•
•
•
}
l'interfaccia utente (UX)
content e testi
il formato dei dati passati
regole di business (Marketing)
prestazioni (e altri requisiti non funzionali)
By Stefano Trojani – All rights reserved
NO!
10
11. Use Case Efficaci
Fase 4:
adattare il livello di dettaglio
11
By Stefano Trojani – All rights reserved
12. Use Case Efficaci
Fase 4: adattare il livello di dettaglio
La scrittura dello Use Case può essere lunga e complessa (nome, descrizione, scenario
di successo, precondizioni… etc..)
A volte molti di questi step possono essere omettessi per evitare di descrivere casi
d’uso inutili
ESEMPIO: Conviene omettere tutti i casi di mistmatch di un login quando si deve
dettagliare un flusso più complesso.
TIP: Per iniziare si può provare a scrivere solo il nome e la descrizione (come una user
story). Se il processo funziona non sarà necessario aggiungere altro. Se servissero altri
dettagli sarà sempre possibile aggiungere maggiori informazioni in futuro.
12
By Stefano Trojani – All rights reserved
13. Adesso… Fare dei buoni Use Case
It’s UP to YOU!
By Stefano Trojani – All rights reserved
13