GDG Cloud Taipei: Meetup #52 - Istio Security: API Authorization

Držte si klobouky, protože se proletíme letem světem – asynchronně, od PHP, přes Javascript, Web, C# až po Kotlin.

The document discusses various techniques for hacking mobile apps, using Pokemon Go as an example. It covers tamper checks, debugging checks, certificate pinning, root detection, and manipulating the zygote process to avoid detection. Specific hacking techniques demonstrated include decompiling apps with apktool, using Xposed modules like JustTrustMe to bypass certificate pinning, and suhide to hide the root status from apps.

** Full webinar recording here: https://youtu.be/cJqSr7ySTfo ** Staging environments are notoriously difficult to setup and maintain. Unless you have a top-notch DevOps team, staging environments are usually different from production environments, and because of that, are fraught with problems—from failing deployments, to out-of-disk-space errors, and various other errors. Even when the staging environment is great, it has one problem—there’s only one. If you want to test a feature branch, you have to “allocate time”, or alternatively install the feature branch and risk disrupting other testers. It’s time the testers took control! And build their own testing environments using Docker, Docker-Compose, and Kubernetes. In this talk, Sr. Software Architect Gil Tayar shows how to deploy an app on your local machine using Docker and Docker Compose, and run an E2E test on it. He also describes the necessary changes needed to make the application deployable in such a setup—turning it into a Twelve-Factor Application. Watch this hands-on session. and enjoy these key takeaways: Remind yourself why staging environments are problematic -- Learn what Docker is -- Quickly deploy an app that includes a frontend, backend service, and database, and run an E2E test on it -- Learn how Docker, Docker Compose and Kubernetes can help you easily build multiple ephemeral staging environments -- Enable you to help developers change their code so that it can be deployed using a Docker setup

A look at some of the configuration issues that containers introduce, and how to avoid or fix them. Discusses immutable infrastructure, the difference between build-time and runtime configuration, scheduler configuration and more.

Most AWS APIs will have limits on the amount of data you can send in one request and sometimes you really need to send a lot of data! To try to maximise the amount of data you can send, while still staying within the limits, some APIs support sending gzip-compressed payloads. But how can you send a gzipped request when using the Python SDK for AWS (boto3)? Well, I needed to answer this question recently and it turned out not to be as easy as I anticipated… Let’s jump into this rabbit hole together and let’s find out the answer!

A case study of the usage of Gradle in the Ratpack web framework. First, we'll examine the Ratpack Gradle plugins, including their functionality, implementation, and testing. Next, we'll examine the build script for the Ratpack project itself. Here, we'll discuss various details of the project's build, including handling multiple projects, multiple types of testing, support for multiple styles of target hardware (developer workstations, cloud CI), and more. For each, we'll go over the desired behavior, how it was achieved, and why it was necessary.

For the long time, we have used various build tools to package applications for new software releases or applying patches to existing applications etc. dependency management, version controlling, scalability, flexibility, single-multiple projects sup portability are some of the key areas that drove the selection of a build tool, This session focuses on Gradle as a successful build tool and looks into all the above areas and uses Groovy as a DSL. We will also look into how easy it is to use Gradle as compared to other open source build tools. Photos: https://plus.google.com/u/0/photos/105295086916869617504/albums/5739617166453582993 Gradle build tool that rocks with DSL By Rajmahendra Hegde at JavaOne Hyderabad, India on 4th May 2012

This is my presentation from TechBeats #3 hosted by Applause about Server-Side Swift framework called Vapor. Swift is a great language and possibility of using it also in backend is a huge benefit for any iOS developer out there. Using Vapor is a seamless experience. With this framework creating advance APIs by iOS developer is as easy as writing simple iOS app. https://www.meetup.com/TechBeats-hosted-by-Applause/events/254910023/

This Slide Share gives you an insight in the world of Gradle. Why is it a better option than for example maven, and how to use Gradle.

Процесс разработки не начинается и не заканчивается на написании кода программного продукта. Мы пишем документацию, придумываем, как это всё оттестировать, и заботимся о том, чтобы доступность приложения была на высоком уровне. Мы все делаем привычные вещи привычным для нас способом. Порой выполняя много ручной и неэффективной работы. Но что, если есть другой, радикальный подход. Можно ли формализовать свою деятельность и переложить её в код? Какие практики и инструменты для этого использовать? В докладе будет представлен личный опыт автора по автоматизации различных элементов разработки ПО.

This document summarizes the Guice dependency injection framework. It provides an overview of key Guice concepts like dependency injection, modules, and bindings. It also discusses Guice extensions like Warp Persist for persistence and transaction management and Google GIN which compiles Guice configuration at compile time for improved performance.

For you lazy coders out there, we offer the visual aids for the first 3 chapters of "Java Build Tools: Part 2 - A Decision Maker's Comparison of Maven, Gradle and Ant + Ivy". Here you can find the raw scores given to each tool based on 6 feature categories. **Download the full report to see Chapter 4, mapping the features against different user profiles**

在使用前端三巨頭開發網站的時候，如果沒特別對 meta tag 做處理的話，render 出來的結果會造成 social network 或是 search engine 的內容出現極大落差。而 prerender 可以將這種爬蟲類的 request，使用 headless chrome 的方式將內容完整呈現出來。 這場分���會從 CSR (client-side rendering) 及 SSR (server-side rendering) 的差異開場，帶入 Funliday 自行開發的 prerender 套件 pppr，以及 pppr 解決了哪些原本 prerender.io 不足的地方，並讓大家了解在使用 prerender 技術時會遇到的一些問題。 本次分享預計會提到下列內容：prerender, nodejs, expressjs, puppeteer, nginx, CSR, SSR, LRU cache, CDN

- CTO and lecturer who created Metarhia, an application server for Node.js that focuses on scalability, reliability, and clean architecture principles. - Metarhia includes packages for SQL, logging, configuration, schemas, and more that work together to provide an isolated and scalable backend. - It emphasizes simplicity, avoiding middleware and global dependencies, with features like live reloading, graceful shutdown, and automatic dependency injection.

BigQuery =Command line tools and Tips for business use= Mulodo Open Study Group (MOSG) @Ho chi minh, Vietnam http://www.meetup.com/Open-Study-Group-Saigon/events/231504491/

This presentation is Part 22 of the EWD 3 Training Course. It examines how to traverse Documents and navigate within them using DocumentNode methods and properties

This document discusses how to extend GeoServer functionality through scripting. It describes a community module that allows scripts to be written in languages like Groovy, Python and JavaScript. These scripts can be used to create web applications and services, custom filter functions, and rendering transformations. Examples are provided of color brewer and layer display apps, geometry buffer functions, and a Voronoi diagram WPS process built with scripts.

This document discusses JSON Web Tokens (JWT) for authentication. It begins by explaining the need for authorization in web applications and how token-based authentication addresses issues with server-based authentication. The structure of a JWT is described as a JSON object with a header, payload, and signature. Python libraries for working with JWT like PyJWT, Django REST Framework JWT, and Flask-JWT are presented. The document demonstrates generating and verifying JWT in Python code. Examples of using JWT for authentication in the Kalay IoT platform and Diuit messaging API are provided.

Erick Tedeschi fala sobre Segurança de identidade digital levando em consideração uma arquitetura de microserviço no InterCon 2016. Saiba mais em http://intercon2016.imasters.com.br/

In this presentation you will see a little example in how to use OAuth+OpenID Connect to improve microservices based on authorization and identity

It's silly to write the same functionality over and over again. Auth is the most often implemented functionality at web projects. Let's check how can we speed up development by using one of auth provider: Amazon Cognito, Google Firebase or Auth0. On code level we will use custom React Hooks.

This document summarizes the FIWARE security components Identity Manager (IdM) and Access Control (AC). It provides an overview of OAuth 2.0 authentication flows and describes three levels of authorization - authentication, basic authorization checking HTTP verbs and resources, and advanced authorization using XACML policies. Examples are given of validating access tokens, retrieving user info, and creating permissions and policies in IdM.

This slide deck gives an introduction to OAuth 2.0, starting with some concepts, explaining the flow plus a few hints. The reminder of the slides are about implementing an OAuth 2.0 server using the Apache Amber library (renamed to Apache Oltu lately). My impression is that many developers shy away as soon as they hear "security" and so I did not only want to talk about the concepts of OAuth 2.0 but also wanted to show how easily you can implement an OAuth 2.0 server ... hope it reduces the fear of contact a bit ... ;-)

OAuth is a widespread web-based standard. It’s purpose is to provide safe inter-application access to web resources without having to reveal passwords or other sensible credentials across the wire or to third party applications. After lots of tough discussions for two and a half years version 2.0 of this standard has been released – finally. This session gives you an introduction to OAuth 2.0. You will understand its concepts as well as its limitations and pitfalls. You will also learn how it feels to write your own OAuth 2.0 based application based on real-life code examples.

Building an enterprise level single sign-on application with the help of keycloak (Open Source Identity and Access Management). And understanding the way to secure your application; frontend & backend API’s. Managing user federation with minimum configuration.

This document provides an overview and examples of the NK API for developing mobile applications, websites, and OpenSocial applications. It describes REST and JS APIs for authentication, making requests, uploading photos, payments, inviting friends, adding shouts, and communicating with users. Code samples are given for common tasks like uploading photos, checking group membership, and sending messages between users. Developers can find full documentation and support for building applications on the NK platform.

在這個數位時代，資安事件層出不窮，密碼外流事件頻傳，傳統的密碼登入方式已經變得平凡到令人感到無聊。然而，這種登入方式也帶來了不少資安隱憂，因此我們迫切需要一種更安全的解決方案。 幸運的是，現在我們有了一個令人振奮的解決方案 - Passkeys！FIDO 聯盟推出的 Passkeys 規格，將完全改變我們登入的方式。現在，使用者不再需要記住繁瑣的密碼，只需擁有自己的 Passkey，就能輕鬆完成驗證。同時，這也意味著網站管理者不再需要儲存使用者的密碼，消除了密碼外洩以及釣魚網站帶來的風險。 本次分享將帶您深入探索 Passkeys 的原理，並透過實際的程式碼���範，展示如何實現 Passkeys 驗證服務。讓我們一同踏入安全的無密碼時代，探索未來資安的新里程碑！