Ruby Conf Preso

This document discusses breaking and penetration testing Ruby on Rails applications. It covers fingerprinting the Rails framework, testing the attack surface through routes, session security issues, authentication vulnerabilities, authorization testing, CSRF protection bypass, model attribute assignment and SQL injection issues, view rendering exploits, and insecure defaults. Recommended tools for analysis include Brakeman, grep searches, and the Ruby Mechanize and Nokogiri libraries. The document provides references for further Rails security best practices.

Slides for my talk at Ruby Ireland on 10 May 11. Showing some of the capabilities of mongoDB, using it from a Sinatra applications and deploying it to Heroku and Cloud Foundry

This document provides a fast-paced introduction to Ruby, Rails, and additional technologies. It begins with an overview of Ruby basics, syntax, and uses beyond scripts. It then covers Rails fundamentals including MVC architecture, scaffolding, models, views, controllers, and routes. Additional topics discussed include gems, Git, and deploying to Heroku. The document concludes by outlining a sample project to build a marketplace for buying and selling robot spare parts.

This document provides an introduction to Ruby on Rails presented by Arman Ortega. It outlines what will be covered including an overview of Ruby and Rails, the concept of convention over configuration in Rails, and performing CRUD (create, read, update, delete) operations. It then demonstrates creating a sample blog application in Rails and provides links for additional learning resources.

This document provides an overview of Ruby on Rails, Apache httpd, and Oracle. It discusses why Ruby on Rails is useful for rapid prototyping, and how it can be integrated with Apache and Oracle. The document demonstrates Rails generators, routing, testing with RSpec, and security features. It also outlines how to configure Apache and link Rails to an Oracle database. The presenter provides cheat sheets for creating a sample Rails application integrated with Devise, ActiveAdmin, and a database, with minimal code required. The key takeaway is that learning is fun through experimenting with different technologies.

Sling is a RESTful web application framework that uses JCR repositories like Apache Jackrabbit as its data store. Sling maps HTTP requests to content resources in the repository and uses the resource type to locate the appropriate rendering script. The request URL is decomposed into the resource path, selectors, extension, and suffix path. Sling searches for a node matching the resource path and then locates a script based on the resource type and any selectors. Sling scripts cannot be called directly and must be resolved through the resource to follow REST principles. This document discusses how Sling maps URLs to content resources and scripts to process requests.

The document discusses various techniques for penetration testing and attacking web applications using Ruby tools and libraries. It provides examples of using tools like Anemone for crawling sites, Casper for observing browser requests, Enchant for directory brute forcing, and Ciphersurfer for evaluating SSL configurations. The document encourages attackers to change their mindset and look for vulnerabilities from the perspective of an attacker rather than a developer.

The document describes contract-first and contract-last approaches to developing web services using Spring. It provides details on defining the service contract, creating message endpoints, mapping messages to endpoints, configuring marshaling and exceptions, and serving WSDL files. The key aspects are defining the XML schema first in contract-first, while contract-last derives the schema from the code. It also discusses using JDOM or marshalling endpoints to process messages.

a simple introduction to Cloud Foundry from the perspective of building applications using Cloud Foundry

The document discusses server side technologies, including server hardware, operating systems, and application software. It defines servers as more powerful hardware that processes requests from client devices. Common server hardware includes tower, rack mount, and blade servers, which have features like redundancy, virtualization support, and remote monitoring. Popular operating systems are Windows Server and Unix derivatives like Linux that provide security, remote administration, and support for various hardware platforms. Application servers and databases like Tomcat, Oracle, and SQL Server are used to service client requests and require persistence through databases.

This document provides an overview of server-side web programming and different technologies used to create dynamic web pages, including Common Gateway Interface (CGI), servlets, and JavaServer Pages (JSP). CGI allows building dynamic web sites by running programs on the server that can generate HTML responses. Servlets provide a Java-based alternative to CGI with improved performance, portability, and security. Servlets use a request-response model and are executed by a servlet container. JSP is a technology that simplifies web page programming by mixing static elements like HTML with scripting code.

Covers a wide variety of technologies and solutions available to develop effective Java based server side HTTP applications.

Examines the MVC design pattern and how Rails adheres to this powerful design pattern. Good introduction to Ruby on Rails framework.

A workshop held in StartIT as part of Catena Media learning sessions. We aim to dispel the notion that large PHP applications tend to be sluggish, resource-intensive and slow compared to what the likes of Python, Erlang or even Node can do. The issue is not with optimising PHP internals - it's the lack of proper introspection tools and getting them into our every day workflow that counts! In this workshop we will talk about our struggles with whipping PHP Applications into shape, as well as work together on some of the more interesting examples of CPU or IO drain.

The way JavaScript is standardized and improved is changing this year. Learning how will help you understand why transpilers have become so popular, and why we will likely be using them for a long time. Ember itself will need to adapt to changes in JavaScript, and we will take a look at how the existing object model might be migrated to a pure EcmaScript solution.

It will describes SOAP/REST differences and SOAP web services in detail with practical approach. it shows usage of SOAP, XML, JAVA, WSDL, XSD and RPC with examples.

The Camel project from Apache(camel.apache.org), is a very popular, light weight, open source integration framework. This presentation shows some interesting features of Camel and the unique advantages that Camel brings to your integration projects. Some business use cases are shown to explain how Camel makes open source integration a cakewalk. Table of contents: 1. An overview of Apache Camel 2. Integration architecture explained 3. Using Camel in different integration architectures 3.a. In the Securities domain 3.b. In the Travel domain 4. High Availability and Load Balancing with Camel

The document discusses quality in health and healthcare institutions. It defines quality as the degree to which delivered health services meet established standards and minimize risk and untoward outcomes. Quality has three dimensions: the quality of input resources, the quality process of service delivery, and the quality of outcomes from service use. Implementing quality requires approaches like total quality management, continuous quality improvement, Six Sigma, and benchmarking to measure quality through methods like control charts, cause-effect diagrams, and collecting data from focus groups and surveys. The outcomes of quality include improved patient safety, staff and patient satisfaction, and cost containment.

The document outlines a strategy to artificially induce panic in the startup market in order to lower valuations and reduce competition. It argues that generating an alarmist doomsday presentation comparing the current situation to the dot-com bust and aggressively leaking it could spread panic among startups and investors. This would downward pressure on valuations through panic in the short term. It may also reduce hedge fund money and competition in the market as public returns drop. However, there is a risk it could further close the exit window and lower valuations when exits eventually recover.

Computer Security Awareness Training

Public schools aim to educate children from diverse backgrounds. The document discusses the fact of evolution, which is that organisms change over generations, versus the theory of evolution, which proposes that organisms today evolved from earlier forms. It also discusses the theory of intelligent design, which argues that some features are best explained by an intelligent cause rather than natural selection alone.

Paper prototyping involves creating rough sketches of user interfaces on paper to test design ideas early in the development process. It allows representing screens and flows without coding to get quick feedback. Paper prototypes are effective for brainstorming, usability testing, and design exploration before committing to an implementation. While rough, paper prototypes provide a low-fidelity, low-cost way to evaluate designs and iterate before full development.

This document discusses achieving business agility through cloud technologies like APIs, cloud-aware applications, and cloud DevOps platforms. It covers several topics related to cloud computing including cloud drivers, cloud-oriented delivery domains, cloud architecture best practices, cloud application patterns, and shifting to cloud-aware application programming models. It also provides explanations of key concepts in platform as a service (PaaS) architectures like tenants, containers, and partitions for isolating and allocating resources for different users.

The document outlines a 5-step process for hiring a public relations firm: 1) assessing needs, 2) searching firms, 3) presentations and evaluations, 4) proposals, and 5) selection. It provides guidance on determining budget, objectives, services needed, and evaluating firm strategies, resources, media expertise, account teams, and intangibles like proactivity and chemistry. The goal is to choose a firm that can best help achieve marketing goals through PR services and build a long-term, profitable relationship.

Masculinity is often depicted in violent drawings by adolescent boys as a struggle for power and intimacy. These drawings were analyzed to understand how boys portray masculinity and relationships through violent imagery. The drawings seem to reflect boys grappling with developing their masculine identity and finding connection with others.

The document repeatedly states that all images have been collected from Google search and are owned by their respective rightful owners.

Usability leads to business benefits through increased conversion rates, loyalty rates, and transactions. Usability improvements can provide high returns through reduced costs, increased sales and customer retention. For example, fixing usability problems early in design saves 10-100 times the cost of fixing them later. Easy navigation and sufficient product information can increase sales up to 225%. Over 83% of users will leave a site if it takes too many clicks to find what they want. Quantifying user experience helps measure success rates, conversion rates, form completion, navigation paths, and error rates to improve a site's performance.