REST is as plain as the nose on your face. However, often exploring the secrets of this pattern ends up with the positive completion of two "Hello, World" class challenges. During this lecture we will focus on common problems and ways of handling them. We will deal with the security and best practices on topics like HATEOAS or versioning.
JDD2014: What you won't read in books about implementing REST services - Jak...PROIDEA
REST is as plain as the nose on your face. However, often exploring the secrets of this pattern ends up with the positive completion of two "Hello, World" class challenges. During this lecture we will focus on common problems and ways of handling them. We will deal with the security and best practices on topics like HATEOAS or versioning.
Take Control of your Integration Testing with TestContainersNaresha K
Slides from my demonstration titled "Take Control of your Integration Testing with TestContainers". Demonstrates using TestContainers for RDBMS and test driving S3 API with localstack.
Behat internals for advanced usage. Symfony Camp 2016Sergey Polischook
Part 1. Common understanding Behat and BDD
Part 2. Internal implementations of Behat Core and Behat Extensions
Part 3. Current implementation of Behat in OroCRM
RESTful API를 제공 하면서 API 문서를 항상 만들었습니다.
시간이 지남에 따라 제공된 API의 기능들은 추가 되거나 변경/삭제 되어 갔지만, 그에 반해 API 문서는 관리 소홀로 결국에는 불일치(API!=DOC)되면서 겪게 되는 API 문서 관리의 어려움을 우리는 자주 만나고 있습니다.
현재 한참 개발이 진행중인 스프링 프로젝트 중 Spring REST Docs를 사용해 API 문서를 손쉽게 자동으로 생성하고, 테스트까지 함께 할 수 있는 지에 대한 경험을 공유하고자 합니다.
Swagger를 넘어 이제는 Spring REST Docs으로...
이 세션에서는 Spring REST Docs + MVC Test 두 마리 토끼를 한번에 잡을 수 있는 방법을 살펴보고자 합니다.
Testcontainers - Geekout EE 2017 presentationRichard North
Unit testing our code on the JVM is well catered for with a lot of great tools that are mature and reliable – things tend to just work. Integrated testing, however, is another matter. Any time we face a situation where we need to involve non-JVM elements in our tests, we’re faced with painful environment setup and repeatability issues. Testcontainers aims to make integrated tests a little less unpleasant, through the power of Docker. Databases, Web browsers – in fact anything available as a Docker image – can be made available as a component to use in our tests.
In this talk, we’ll go through the motivations for building Testcontainers, its features, as well as some examples of using it in practice for testing various types of components.
JDD2014: What you won't read in books about implementing REST services - Jak...PROIDEA
REST is as plain as the nose on your face. However, often exploring the secrets of this pattern ends up with the positive completion of two "Hello, World" class challenges. During this lecture we will focus on common problems and ways of handling them. We will deal with the security and best practices on topics like HATEOAS or versioning.
Take Control of your Integration Testing with TestContainersNaresha K
Slides from my demonstration titled "Take Control of your Integration Testing with TestContainers". Demonstrates using TestContainers for RDBMS and test driving S3 API with localstack.
Behat internals for advanced usage. Symfony Camp 2016Sergey Polischook
Part 1. Common understanding Behat and BDD
Part 2. Internal implementations of Behat Core and Behat Extensions
Part 3. Current implementation of Behat in OroCRM
RESTful API를 제공 하면서 API 문서를 항상 만들었습니다.
시간이 지남에 따라 제공된 API의 기능들은 추가 되거나 변경/삭제 되어 갔지만, 그에 반해 API 문서는 관리 소홀로 결국에는 불일치(API!=DOC)되면서 겪게 되는 API 문서 관리의 어려움을 우리는 자주 만나고 있습니다.
현재 한참 개발이 진행중인 스프링 프로젝트 중 Spring REST Docs를 사용해 API 문서를 손쉽게 자동으로 생성하고, 테스트까지 함께 할 수 있는 지에 대한 경험을 공유하고자 합니다.
Swagger를 넘어 이제는 Spring REST Docs으로...
이 세션에서는 Spring REST Docs + MVC Test 두 마리 토끼를 한번에 잡을 수 있는 방법을 살펴보고자 합니다.
Testcontainers - Geekout EE 2017 presentationRichard North
Unit testing our code on the JVM is well catered for with a lot of great tools that are mature and reliable – things tend to just work. Integrated testing, however, is another matter. Any time we face a situation where we need to involve non-JVM elements in our tests, we’re faced with painful environment setup and repeatability issues. Testcontainers aims to make integrated tests a little less unpleasant, through the power of Docker. Databases, Web browsers – in fact anything available as a Docker image – can be made available as a component to use in our tests.
In this talk, we’ll go through the motivations for building Testcontainers, its features, as well as some examples of using it in practice for testing various types of components.
Contract-driven development with OpenAPI 3 and Vert.x | DevNation Tech TalkRed Hat Developers
Have you ever been frustrated by developing and documenting an HTTP API? When it comes down to defining the HTTP interface between frontend and backend, have you ever had problems specifying the parameters or the shape of the body without misunderstandings? In this talk we’ll introduce you to "Contract Driven Development" (or API Design First approach), a methodology that uses declarative API Contracts to enable developers to efficiently design, communicate, and evolve their HTTP APIs, while automating API implementation phases where possible. In order to implement this methodology, we’ll show you how to develop an API contract using OpenAPI 3 and how you can easily implement the HTTP endpoints using Vert.x Web OpenAPI.
Connect.Tech- Aqueduct: A server-side framework in Dartstable|kernel
A look at the Dart programming language and its new server-side framework, aqueduct. This talk will introduce the fundamentals of the Dart programming language and the tools and knowledge necessary to immediately get started building web server applications in aqueduct.
Breaking Dependencies to Allow Unit TestingSteven Smith
Unit testing software can be difficult, especially when the software wasn't designed to be testable. Dependencies on infrastructure concerns and software we don't control are one of the biggest contributors to testing difficulty. In this session, you'll learn the difference between unit tests and other kinds of tests, how to recognize and invert dependencies, and how to unit test your code's interactions with these dependencies without testing the infrastructure itself.
Presented at FalafelCON 2014, San Francisco, September 2014
The vJUG talk about jOOQ: Get Back in Control of Your SQLLukas Eder
jOOQ: Get Back in Control of Your SQL
SQL is a powerful and highly expressive language for queries against relational databases. SQL is established, standardised and hardly challenged by alternative querying languages. Nonetheless, in the Java ecosystem, there had been few relevant steps forward since JDBC to better integrate SQL into Java. All attention was given to object-relational mapping and language abstractions on a higher level, such as OQL, HQL, JPQL, CriteriaQuery. In the meantime, these abstractions have become almost as complex as SQL itself, regardless of the headaches they're giving to DBAs who can no longer patch the generated SQL.
jOOQ is a dual-licensed Open Source product filling this gap. It implements SQL itself as an internal domain-specific language in Java, allowing for the typesafe construction and execution of SQL statements of arbitrary complexity. This includes nested selects, derived tables, joins, semi-joins, anti-joins, self-joins, aliasing, as well as many vendor-specific extensions such as stored procedures, arrays, user-defined types, recursive SQL, grouping sets, pivot tables, window functions and many other OLAP features. jOOQ also includes a source code generator allowing you to compile queries in modern IDEs such as Eclipse very efficiently.
jOOQ is a good choice in a Java application where SQL and the specific relational database are important. It is an alternative when JPA / Hibernate abstract too much, JDBC too little. It shows, how a modern domain-specific language can greatly increase developer productivity, internalising SQL into Java.
4Developers 2015: REST w praktyce - tej dobrej i tej złej - Jakub KubryńskiPROIDEA
Jakub Kubryński
Language: Polish
REST jaki jest to każdy widzi i wie. Niemniej jednak często zgłębianie tajników tego wzorca czy też sposobów jego implementacji kończymy na pozytywnym wykonaniu dwóch zadań klasy “Hello, World”. Podczas tej prelekcji zajmiemy się problemami, jakie możemy napotkać a także sposobami ich rozwiązania. Powiemy sobie do czego REST się nadaje idealnie a do czego pasuje jak pięść do nosa. Zajmiemy się także tematem bezpieczeństwa i dobrych praktyk, dotyczących takich zagadnień jak HATEOS czy wersjonowanie.
Get Back in Control of your SQL with jOOQ - GeekOut by ZeroTurnaroundDataGeekery
SQL is a powerful and highly expressive language for queries against relational databases. SQL is established, standardised and hardly challenged by alternative querying languages. Nonetheless, in the Java ecosystem, there had been few relevant steps forward since JDBC to better integrate SQL into Java. All attention was given to object-relational mapping and language abstractions on a higher level, such as OQL, HQL, JPQL, CriteriaQuery. In the meantime, these abstractions have become almost as complex as SQL itself, regardless of the headaches they’re giving to DBAs who can no longer patch the generated SQL.
jOOQ is a dual-licensed Open Source product filling this gap. It implements SQL itself as an internal domain-specific language in Java, allowing for the typesafe construction and execution of SQL statements of arbitrary complexity. This includes nested selects, derived tables, joins, semi-joins, anti-joins, self-joins, aliasing, as well as many vendor-specific extensions such as stored procedures, arrays, user-defined types, recursive SQL, grouping sets, pivot tables, window functions and many other OLAP features. jOOQ also includes a source code generator allowing you to compile queries in modern IDEs such as Eclipse very efficiently.
jOOQ is a good choice in a Java application where SQL and the specific relational database are important. It is an alternative when JPA / Hibernate abstract too much, JDBC too little. It shows, how a modern domain-specific language can greatly increase developer productivity, internalising SQL into Java.
Andrew Betts Web Developer, The Financial Times at Fastly Altitude 2016
Running custom code at the Edge using a standard language is one of the biggest advantages of working with Fastly’s CDN. Andrew gives you a tour of all the problems the Financial Times and Nikkei solve in VCL and how their solutions work.
Get Back in Control of Your SQL with jOOQ at #Java2DaysLukas Eder
Get Back in Control of Your SQL with jOOQ, at #Java2Days.
SQL is a powerful and highly expressive language for queries against relational databases. SQL is established, standardised and hardly challenged by alternative querying languages. Nonetheless, in the Java ecosystem, there had been few relevant steps forward since JDBC to better integrate SQL into Java. All attention was given to object-relational mapping and language abstractions on a higher level, such as OQL, HQL, JPQL, CriteriaQuery. In the mean time, these abstractions have become almost as complex as SQL itself, regardless of the headaches they're giving to DBAs who can no longer patch the generated SQL.
jOOQ is a dual-licensed Open Source product filling this gap. It implements SQL itself as an internal domain-specific language in Java, allowing for the typesafe construction and execution of SQL statements of arbitrary complexity. This includes nested selects, derived tables, joins, semi-joins, anti-joins, self-joins, aliasing, as well as many vendor-specific extensions such as stored procedures, arrays, user-defined types, recursive SQL, grouping sets, pivot tables, window functions and many other OLAP features. jOOQ also includes a source code generator allowing you to compile queries in modern IDEs such as Eclipse very efficiently.
jOOQ is a good choice in a Java application where SQL and the specific relational database are important. It is an alternative when JPA / Hibernate abstract too much, JDBC too little. It shows, how a modern domain-specific language can greatly increase developer productivity, internalising SQL into Java.
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019Matt Raible
Spring Boot is an excellent way to build Java applications with the Spring Framework. If you’re developing apps that handle sensitive data, you should make sure they’re secure.
This session will cover HTTPS, dependency checking, CSRF, using a CSP to prevent XSS, OIDC, password hashing, and much more!
You’ll learn how to add these features to a real application, using the Java language you know and love.
* YouTube video: https://www.youtube.com/watch?v=PpqNMhe4Bd0
* Blog post: https://developer.okta.com/blog/2018/07/30/10-ways-to-secure-spring-boot
* Cheat sheet: https://snyk.io/blog/spring-boot-security-best-practices/
There's been a lot of movement in the Java EE world. From the release of its 8th edition to the shift to Eclipse Foundation and recent rebranding to Jakarta EE. At the same time Eclipse MicroProfile shown up on the EE scene with the primary goal of evolving the spec towards microservice architectures.
With all these changes happening rapidly what has happened to Arquillian, the de-facto testing tool for Java EE applications?
Come to this session, you are going to explore the new and noteworthy of the Arquillian constellation. How standard Arquillian tests has been simplified as well as how microservice architecture has impacted on Arquillian offering integrations for polyglot persistence tests, contract testing or deployment tests for Docker, Kubernetes, and Openshift.
You'll learn that Arquillian is not only for Java EE.
Contract-driven development with OpenAPI 3 and Vert.x | DevNation Tech TalkRed Hat Developers
Have you ever been frustrated by developing and documenting an HTTP API? When it comes down to defining the HTTP interface between frontend and backend, have you ever had problems specifying the parameters or the shape of the body without misunderstandings? In this talk we’ll introduce you to "Contract Driven Development" (or API Design First approach), a methodology that uses declarative API Contracts to enable developers to efficiently design, communicate, and evolve their HTTP APIs, while automating API implementation phases where possible. In order to implement this methodology, we’ll show you how to develop an API contract using OpenAPI 3 and how you can easily implement the HTTP endpoints using Vert.x Web OpenAPI.
Connect.Tech- Aqueduct: A server-side framework in Dartstable|kernel
A look at the Dart programming language and its new server-side framework, aqueduct. This talk will introduce the fundamentals of the Dart programming language and the tools and knowledge necessary to immediately get started building web server applications in aqueduct.
Breaking Dependencies to Allow Unit TestingSteven Smith
Unit testing software can be difficult, especially when the software wasn't designed to be testable. Dependencies on infrastructure concerns and software we don't control are one of the biggest contributors to testing difficulty. In this session, you'll learn the difference between unit tests and other kinds of tests, how to recognize and invert dependencies, and how to unit test your code's interactions with these dependencies without testing the infrastructure itself.
Presented at FalafelCON 2014, San Francisco, September 2014
The vJUG talk about jOOQ: Get Back in Control of Your SQLLukas Eder
jOOQ: Get Back in Control of Your SQL
SQL is a powerful and highly expressive language for queries against relational databases. SQL is established, standardised and hardly challenged by alternative querying languages. Nonetheless, in the Java ecosystem, there had been few relevant steps forward since JDBC to better integrate SQL into Java. All attention was given to object-relational mapping and language abstractions on a higher level, such as OQL, HQL, JPQL, CriteriaQuery. In the meantime, these abstractions have become almost as complex as SQL itself, regardless of the headaches they're giving to DBAs who can no longer patch the generated SQL.
jOOQ is a dual-licensed Open Source product filling this gap. It implements SQL itself as an internal domain-specific language in Java, allowing for the typesafe construction and execution of SQL statements of arbitrary complexity. This includes nested selects, derived tables, joins, semi-joins, anti-joins, self-joins, aliasing, as well as many vendor-specific extensions such as stored procedures, arrays, user-defined types, recursive SQL, grouping sets, pivot tables, window functions and many other OLAP features. jOOQ also includes a source code generator allowing you to compile queries in modern IDEs such as Eclipse very efficiently.
jOOQ is a good choice in a Java application where SQL and the specific relational database are important. It is an alternative when JPA / Hibernate abstract too much, JDBC too little. It shows, how a modern domain-specific language can greatly increase developer productivity, internalising SQL into Java.
4Developers 2015: REST w praktyce - tej dobrej i tej złej - Jakub KubryńskiPROIDEA
Jakub Kubryński
Language: Polish
REST jaki jest to każdy widzi i wie. Niemniej jednak często zgłębianie tajników tego wzorca czy też sposobów jego implementacji kończymy na pozytywnym wykonaniu dwóch zadań klasy “Hello, World”. Podczas tej prelekcji zajmiemy się problemami, jakie możemy napotkać a także sposobami ich rozwiązania. Powiemy sobie do czego REST się nadaje idealnie a do czego pasuje jak pięść do nosa. Zajmiemy się także tematem bezpieczeństwa i dobrych praktyk, dotyczących takich zagadnień jak HATEOS czy wersjonowanie.
Get Back in Control of your SQL with jOOQ - GeekOut by ZeroTurnaroundDataGeekery
SQL is a powerful and highly expressive language for queries against relational databases. SQL is established, standardised and hardly challenged by alternative querying languages. Nonetheless, in the Java ecosystem, there had been few relevant steps forward since JDBC to better integrate SQL into Java. All attention was given to object-relational mapping and language abstractions on a higher level, such as OQL, HQL, JPQL, CriteriaQuery. In the meantime, these abstractions have become almost as complex as SQL itself, regardless of the headaches they’re giving to DBAs who can no longer patch the generated SQL.
jOOQ is a dual-licensed Open Source product filling this gap. It implements SQL itself as an internal domain-specific language in Java, allowing for the typesafe construction and execution of SQL statements of arbitrary complexity. This includes nested selects, derived tables, joins, semi-joins, anti-joins, self-joins, aliasing, as well as many vendor-specific extensions such as stored procedures, arrays, user-defined types, recursive SQL, grouping sets, pivot tables, window functions and many other OLAP features. jOOQ also includes a source code generator allowing you to compile queries in modern IDEs such as Eclipse very efficiently.
jOOQ is a good choice in a Java application where SQL and the specific relational database are important. It is an alternative when JPA / Hibernate abstract too much, JDBC too little. It shows, how a modern domain-specific language can greatly increase developer productivity, internalising SQL into Java.
Andrew Betts Web Developer, The Financial Times at Fastly Altitude 2016
Running custom code at the Edge using a standard language is one of the biggest advantages of working with Fastly’s CDN. Andrew gives you a tour of all the problems the Financial Times and Nikkei solve in VCL and how their solutions work.
Get Back in Control of Your SQL with jOOQ at #Java2DaysLukas Eder
Get Back in Control of Your SQL with jOOQ, at #Java2Days.
SQL is a powerful and highly expressive language for queries against relational databases. SQL is established, standardised and hardly challenged by alternative querying languages. Nonetheless, in the Java ecosystem, there had been few relevant steps forward since JDBC to better integrate SQL into Java. All attention was given to object-relational mapping and language abstractions on a higher level, such as OQL, HQL, JPQL, CriteriaQuery. In the mean time, these abstractions have become almost as complex as SQL itself, regardless of the headaches they're giving to DBAs who can no longer patch the generated SQL.
jOOQ is a dual-licensed Open Source product filling this gap. It implements SQL itself as an internal domain-specific language in Java, allowing for the typesafe construction and execution of SQL statements of arbitrary complexity. This includes nested selects, derived tables, joins, semi-joins, anti-joins, self-joins, aliasing, as well as many vendor-specific extensions such as stored procedures, arrays, user-defined types, recursive SQL, grouping sets, pivot tables, window functions and many other OLAP features. jOOQ also includes a source code generator allowing you to compile queries in modern IDEs such as Eclipse very efficiently.
jOOQ is a good choice in a Java application where SQL and the specific relational database are important. It is an alternative when JPA / Hibernate abstract too much, JDBC too little. It shows, how a modern domain-specific language can greatly increase developer productivity, internalising SQL into Java.
10 Excellent Ways to Secure Your Spring Boot Application - Devoxx Belgium 2019Matt Raible
Spring Boot is an excellent way to build Java applications with the Spring Framework. If you’re developing apps that handle sensitive data, you should make sure they’re secure.
This session will cover HTTPS, dependency checking, CSRF, using a CSP to prevent XSS, OIDC, password hashing, and much more!
You’ll learn how to add these features to a real application, using the Java language you know and love.
* YouTube video: https://www.youtube.com/watch?v=PpqNMhe4Bd0
* Blog post: https://developer.okta.com/blog/2018/07/30/10-ways-to-secure-spring-boot
* Cheat sheet: https://snyk.io/blog/spring-boot-security-best-practices/
There's been a lot of movement in the Java EE world. From the release of its 8th edition to the shift to Eclipse Foundation and recent rebranding to Jakarta EE. At the same time Eclipse MicroProfile shown up on the EE scene with the primary goal of evolving the spec towards microservice architectures.
With all these changes happening rapidly what has happened to Arquillian, the de-facto testing tool for Java EE applications?
Come to this session, you are going to explore the new and noteworthy of the Arquillian constellation. How standard Arquillian tests has been simplified as well as how microservice architecture has impacted on Arquillian offering integrations for polyglot persistence tests, contract testing or deployment tests for Docker, Kubernetes, and Openshift.
You'll learn that Arquillian is not only for Java EE.
10 Excellent Ways to Secure Spring Boot Applications - Okta Webinar 2020Matt Raible
Spring Boot is an efficient way to build Java applications with the Spring Framework. If you’re developing apps that handle sensitive data, you should make sure they’re secure.
This session will cover HTTPS, dependency checking, CSRF, using a CSP to prevent XSS, OIDC, password hashing, and much more!
You’ll learn how to add these features to a real application, using the Java language you know and love.
* Blog post: https://developer.okta.com/blog/2018/07/30/10-ways-to-secure-spring-boot
* Cheat sheet: https://snyk.io/blog/spring-boot-security-best-practices/
* OIDC demo: http://bit.ly/spring-oidc-demo
Over the years there have been countless technical and social presentations doting on 5, 10, 12 ways to improve this, that and the other.
I will go through various performance tweaks (not tweets) for Oracle Application Express without limiting myself to a golden number.
These improvements will vary from simple PL/SQL refactoring; to monitoring for bottlenecks in your application; to cutting down maintenance time - which relates to the performance of you as an Oracle developer with only 24 hours in a day.
We may even visit a little APEX instrumentation on the way.
Multi Client Development with Spring - Josh Long jaxconf
No application is an island and this is more obvious today than ever as applications extend their reach into people's pockets, desktops, tablets, TVs, blueray players and cars. What's a modern developer to do to support these many platforms? In this talk, join Josh Long to learn how Spring can extend your reach through (sometimes Spring Security OAuth-secured) RESTful services exposed through Spring MVC, HTML5 and client specific rendering thanks to Spring Mobile, and powerful, native support for Android with Spring Android.
A Cocktail of Guice and Seam, the missing ingredients for Java EE 6Saltmarch Media
JSR-299 (the JSR formerly known as "WebBeans") has recently turned into "Contexts and Dependency Injection for the Java EE platform". Accompanied by Last Minute JEE 6 candidate JSR-330 ("Dependency Injection for Java") the two go hand in hand while one almost seems to rip a little bit of the concept of "WebBeans" apart further. We’ll take a look their synergies and how they fit in with the rest of Java SE as well as EE.
Similar to What you won't read in books about RESTful services (20)
This 7-second Brain Wave Ritual Attracts Money To You.!nirahealhty
Discover the power of a simple 7-second brain wave ritual that can attract wealth and abundance into your life. By tapping into specific brain frequencies, this technique helps you manifest financial success effortlessly. Ready to transform your financial future? Try this powerful ritual and start attracting money today!
APNIC Foundation, presented by Ellisha Heppner at the PNG DNS Forum 2024APNIC
Ellisha Heppner, Grant Management Lead, presented an update on APNIC Foundation to the PNG DNS Forum held from 6 to 10 May, 2024 in Port Moresby, Papua New Guinea.
1.Wireless Communication System_Wireless communication is a broad term that i...JeyaPerumal1
Wireless communication involves the transmission of information over a distance without the help of wires, cables or any other forms of electrical conductors.
Wireless communication is a broad term that incorporates all procedures and forms of connecting and communicating between two or more devices using a wireless signal through wireless communication technologies and devices.
Features of Wireless Communication
The evolution of wireless technology has brought many advancements with its effective features.
The transmitted distance can be anywhere between a few meters (for example, a television's remote control) and thousands of kilometers (for example, radio communication).
Wireless communication can be used for cellular telephony, wireless access to the internet, wireless home networking, and so on.
Multi-cluster Kubernetes Networking- Patterns, Projects and GuidelinesSanjeev Rampal
Talk presented at Kubernetes Community Day, New York, May 2024.
Technical summary of Multi-Cluster Kubernetes Networking architectures with focus on 4 key topics.
1) Key patterns for Multi-cluster architectures
2) Architectural comparison of several OSS/ CNCF projects to address these patterns
3) Evolution trends for the APIs of these projects
4) Some design recommendations & guidelines for adopting/ deploying these solutions.
# Internet Security: Safeguarding Your Digital World
In the contemporary digital age, the internet is a cornerstone of our daily lives. It connects us to vast amounts of information, provides platforms for communication, enables commerce, and offers endless entertainment. However, with these conveniences come significant security challenges. Internet security is essential to protect our digital identities, sensitive data, and overall online experience. This comprehensive guide explores the multifaceted world of internet security, providing insights into its importance, common threats, and effective strategies to safeguard your digital world.
## Understanding Internet Security
Internet security encompasses the measures and protocols used to protect information, devices, and networks from unauthorized access, attacks, and damage. It involves a wide range of practices designed to safeguard data confidentiality, integrity, and availability. Effective internet security is crucial for individuals, businesses, and governments alike, as cyber threats continue to evolve in complexity and scale.
### Key Components of Internet Security
1. **Confidentiality**: Ensuring that information is accessible only to those authorized to access it.
2. **Integrity**: Protecting information from being altered or tampered with by unauthorized parties.
3. **Availability**: Ensuring that authorized users have reliable access to information and resources when needed.
## Common Internet Security Threats
Cyber threats are numerous and constantly evolving. Understanding these threats is the first step in protecting against them. Some of the most common internet security threats include:
### Malware
Malware, or malicious software, is designed to harm, exploit, or otherwise compromise a device, network, or service. Common types of malware include:
- **Viruses**: Programs that attach themselves to legitimate software and replicate, spreading to other programs and files.
- **Worms**: Standalone malware that replicates itself to spread to other computers.
- **Trojan Horses**: Malicious software disguised as legitimate software.
- **Ransomware**: Malware that encrypts a user's files and demands a ransom for the decryption key.
- **Spyware**: Software that secretly monitors and collects user information.
### Phishing
Phishing is a social engineering attack that aims to steal sensitive information such as usernames, passwords, and credit card details. Attackers often masquerade as trusted entities in email or other communication channels, tricking victims into providing their information.
### Man-in-the-Middle (MitM) Attacks
MitM attacks occur when an attacker intercepts and potentially alters communication between two parties without their knowledge. This can lead to the unauthorized acquisition of sensitive information.
### Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) Attacks
Bridging the Digital Gap Brad Spiegel Macon, GA Initiative.pptxBrad Spiegel Macon GA
Brad Spiegel Macon GA’s journey exemplifies the profound impact that one individual can have on their community. Through his unwavering dedication to digital inclusion, he’s not only bridging the gap in Macon but also setting an example for others to follow.
3. "The Code is more what you'd call guidelines than actual rules. Welcome
aboard the Black Pearl, Miss Turner"
-- Cpt. Hector Barbossa to Elizabeth Swann
RT Ben Hale
jk@devskiller.com / @jkubrynski 3 / 48
6. POST vs PUT
jk@devskiller.com / @jkubrynski 6 / 48
7. POST vs PUT
POST creates new resources
jk@devskiller.com / @jkubrynski 7 / 48
8. POST vs PUT
POST creates new resources
PUT updates existing resources
PUT can create resource if ID is already known
jk@devskiller.com / @jkubrynski 8 / 48
9. Maybe PATCH?
no "out of the box" support
jk@devskiller.com / @jkubrynski 9 / 48
10. Maybe PATCH?
no "out of the box" support
partial update
@RequestMapping(value = "/{id}", method = PATCH)
public void updateArticle(HttpServletRequest request, @PathVariable("id") String id) {
Article currentArticle = repository.findOne(id);
Article updatedArticle = objectMapper.readerForUpdating(currentArticle)
.readValue(request.getReader());
repository.save(updatedArticle);
}
jk@devskiller.com / @jkubrynski 10 / 48
11. Caching
be aware - especially IE caches aggressively
jk@devskiller.com / @jkubrynski 11 / 48
12. Caching
be aware - especially IE caches aggressively
disable caching
@Configuration
public class RestConfig extends WebMvcConfigurerAdapter {
@Override
public void addInterceptors(InterceptorRegistry registry) {
WebContentInterceptor webContentInterceptor = new WebContentInterceptor();
webContentInterceptor.setCacheSeconds(0);
registry.addInterceptor(webContentInterceptor);
}
}
jk@devskiller.com / @jkubrynski 12 / 48
17. HATEOAS in Spring
public class Customer extends ResourceSupport { ... }
// or wrap entity into Resource object
jk@devskiller.com / @jkubrynski 17 / 48
18. HATEOAS in Spring
public class Customer extends ResourceSupport { ... }
// or wrap entity into Resource object
import static org.springframework.hateoas.mvc.ControllerLinkBuilder.*;
public HttpEntity<Customer> get(@PathVariable("id") String customerId) {
Customer customer = repository.findOne(customerId);
String pId = customer.getBoss();
String oId = customer.currentOrderId();
customer.add(linkTo(methodOn(CustomerController.class).get(customerId)).withSelfRel());
customer.add(linkTo(methodOn(CustomerController.class).get(pId)).withRel("parent"));
customer.add(linkTo(methodOn(OrderController.class).get(oId)).withRel("currentOrder"));
return new ResponseEntity<Customer>(customer, HttpStatus.OK);
}
public ResponseEntity create(@RequestBody Customer customer) {
String id = repository.save(customer);
return ResponseEntity.created(linkTo(CustomerController.class).slash(id).toUri())
.build();
}
jk@devskiller.com / @jkubrynski 18 / 48
19. @DanaDanger HTTP codes classification
20x: cool
30x: ask that dude over there
40x: you fucked up
50x: we fucked up
jk@devskiller.com / @jkubrynski 19 / 48
20. Exceptions
include detailed information
{
"status": 400,
"code": 40483,
"message": "Incorrect body signature",
"moreInfo": "http://www.mycompany.com/errors/40483"
}
jk@devskiller.com / @jkubrynski 20 / 48
21. Exceptions
include detailed information
{
"status": 400,
"code": 40483,
"message": "Incorrect body signature",
"moreInfo": "http://www.mycompany.com/errors/40483"
}
hide stacktrace
jk@devskiller.com / @jkubrynski 21 / 48
23. API Versioning
don't even think about
api.domain.com/v2/orders
URIs to the same resources should be fixed between
versions
jk@devskiller.com / @jkubrynski 23 / 48
24. API Versioning
don't even think about
api.domain.com/v2/orders
URIs to the same resources should be fixed between
versions
use Content-Type
1 version: application/vnd.domain+json
2 version: application/vnd.domain.v2+json
jk@devskiller.com / @jkubrynski 24 / 48
25. Filtering and sorting
GET /reviews?rating=5
GET /reviews?rating=5&sortAsc=author
jk@devskiller.com / @jkubrynski 25 / 48
26. Filtering and sorting
GET /reviews?rating=5
GET /reviews?rating=5&sortAsc=author
Dynamic queries are easier in POST body
jk@devskiller.com / @jkubrynski 26 / 48
27. Filtering and sorting
GET /reviews?rating=5
GET /reviews?rating=5&sortAsc=author
Dynamic queries are easier in POST body
POST /reviews/searches
GET /reviews/searches/23?page=2
jk@devskiller.com / @jkubrynski 27 / 48
34. HQL Injection
List<Product> products = em.createQuery(
"SELECT p FROM Product p where p.category = '" + categ + "'", Product.class)
.getResultList();
jk@devskiller.com / @jkubrynski 34 / 48
35. HQL Injection
List<Product> products = em.createQuery(
"SELECT p FROM Product p where p.category = '" + categ + "'", Product.class)
.getResultList();
categ = ' OR '1'='1
jk@devskiller.com / @jkubrynski 35 / 48
36. HQL Injection
List<Product> products = em.createQuery(
"SELECT p FROM Product p where p.category = '" + categ + "'", Product.class)
.getResultList();
categ = ' OR '1'='1
SELECT __fields__ FROM products WHERE category = '' OR '1'='1'
jk@devskiller.com / @jkubrynski 36 / 48
37. HQL Injection
List<Product> products = em.createQuery(
"SELECT p FROM Product p where p.category = '" + categ + "'", Product.class)
.getResultList();
categ = ' OR '1'='1
SELECT __fields__ FROM products WHERE category = '' OR '1'='1'
List<Product> products = em.createQuery(
"SELECT p FROM Product p where p.category = :categ", Product.class)
.setParameter("categ", categ)
.getResultList();
jk@devskiller.com / @jkubrynski 37 / 48
38. HQL Injection
List<Product> products = em.createQuery(
"SELECT p FROM Product p where p.category = '" + categ + "'", Product.class)
.getResultList();
categ = ' OR '1'='1
SELECT __fields__ FROM products WHERE category = '' OR '1'='1'
List<Product> products = em.createQuery(
"SELECT p FROM Product p where p.category = :categ", Product.class)
.setParameter("categ", categ)
.getResultList();
SELECT __fields__ FROM products WHERE category = ' OR ''1''=''1'''
jk@devskiller.com / @jkubrynski 38 / 48