http://lanyrd.com/2012/yuiconf/szwrf/
Everyone agrees that application security is of crucial importance, and attacks on web frontends are getting more frequent, sophisticated, and dangerous. Yet the area of security testing of frontend and YUI-based applications has so far received little attention. This talk highlights the need to embed security testing in the standard repertoire of every Javascript and YUI developer, alongside with functionality and performance tests. We will emphasize the security testing as part of development workflow - writing and running tests alongside creating the code. Our main goal is to attract the YUI community's attention to this grey area and start a discussion and cooperation of webappsec and YUI worlds.
Jasmine is a JavaScript testing framework that can be used with JavaScript and CoffeeScript. It provides tools like suites, specs, matchers, spies and mocks to test asynchronous functions. Guard is a tool that can be used to automatically run Jasmine tests when files change. Jasmine-headless-webkit runs Jasmine tests in a headless browser environment. Jasmine-jquery adds jQuery specific matchers, fixtures, and event spies to Jasmine. Jasmine-ajax helps test ajax requests by defining responses and expectations.
Explored various java-script test-runners, which are capable of supporting JS tests on major browsers, of which JS-Test-Driver stands the most promising...
UI Testing Best Practices - An Expected JourneyOren Farhi
This slide focus on the good reasons for writing unit tests for testing ui.
Much like you're testing ui manually, you can have simple minimal code doing that for you.
Testing frontends with nightwatch & saucelabsTudor Barbu
Sooner or later, any application needs to be released. And before that, it needs to be tested. Ideally!
The purpose of this talk is to explore Nightwatch as a testing framework, how to set up an automated CI system using Travis and using SauceLabs as a browser farm.
See for code https://github.com/motanelu/bcn-js-news-widget
Good karma: UX Patterns and Unit Testing in Angular with KarmaExoLeaders.com
The document discusses unit testing in Angular with Karma. It provides examples of UX patterns in Angular like binding elements to variables, lists, and click handlers. It also covers what controllers and scopes are and examples of testing components in Angular like services, factories, and UI elements. Hands-on examples are provided for setting up a test environment and writing tests.
Thomas Fuchs discusses the importance of testing JavaScript code and provides examples of how to do unit testing of JavaScript with tools like Firebug, Test::Unit, and Rake. He addresses common objections to testing JavaScript and provides tips for debugging JavaScript across different browsers.
This document provides tips and best practices for minimizing crashes in Android applications. It recommends using static code checkers, writing tests, handling common issues like memory leaks, logging and measuring crashes, and hiding crashes from users. While it acknowledges that crashes cannot be fully eliminated due to device fragmentation, it emphasizes designing applications to crash as early as possible for easier debugging.
Unit Testing Express and Koa Middleware in ES2015Morris Singer
Even for JavaScript software developers well-versed in Agile practices, using test-driven development in the development of Node.js-based webservers can be challenging. In this presentation, I identify solutions to some of the most significant challenges to using TDD to build middleware stacks, with a focus on Express and Koa.
Jasmine is a JavaScript testing framework that can be used with JavaScript and CoffeeScript. It provides tools like suites, specs, matchers, spies and mocks to test asynchronous functions. Guard is a tool that can be used to automatically run Jasmine tests when files change. Jasmine-headless-webkit runs Jasmine tests in a headless browser environment. Jasmine-jquery adds jQuery specific matchers, fixtures, and event spies to Jasmine. Jasmine-ajax helps test ajax requests by defining responses and expectations.
Explored various java-script test-runners, which are capable of supporting JS tests on major browsers, of which JS-Test-Driver stands the most promising...
UI Testing Best Practices - An Expected JourneyOren Farhi
This slide focus on the good reasons for writing unit tests for testing ui.
Much like you're testing ui manually, you can have simple minimal code doing that for you.
Testing frontends with nightwatch & saucelabsTudor Barbu
Sooner or later, any application needs to be released. And before that, it needs to be tested. Ideally!
The purpose of this talk is to explore Nightwatch as a testing framework, how to set up an automated CI system using Travis and using SauceLabs as a browser farm.
See for code https://github.com/motanelu/bcn-js-news-widget
Good karma: UX Patterns and Unit Testing in Angular with KarmaExoLeaders.com
The document discusses unit testing in Angular with Karma. It provides examples of UX patterns in Angular like binding elements to variables, lists, and click handlers. It also covers what controllers and scopes are and examples of testing components in Angular like services, factories, and UI elements. Hands-on examples are provided for setting up a test environment and writing tests.
Thomas Fuchs discusses the importance of testing JavaScript code and provides examples of how to do unit testing of JavaScript with tools like Firebug, Test::Unit, and Rake. He addresses common objections to testing JavaScript and provides tips for debugging JavaScript across different browsers.
This document provides tips and best practices for minimizing crashes in Android applications. It recommends using static code checkers, writing tests, handling common issues like memory leaks, logging and measuring crashes, and hiding crashes from users. While it acknowledges that crashes cannot be fully eliminated due to device fragmentation, it emphasizes designing applications to crash as early as possible for easier debugging.
Unit Testing Express and Koa Middleware in ES2015Morris Singer
Even for JavaScript software developers well-versed in Agile practices, using test-driven development in the development of Node.js-based webservers can be challenging. In this presentation, I identify solutions to some of the most significant challenges to using TDD to build middleware stacks, with a focus on Express and Koa.
Performance optimization is a crucial aspect of building ‘snappy’ client-side applications and something which all developers using jQuery should bear in mind. In this talk, we're going to take a look at some of the best practices, tips and tricks for improving the performance of your jQuery code in 2011 with some quick wins and a few new surprises along the way.
This document discusses AngularJS performance and limits. It begins by covering view watches and data bindings, noting that having too many can lag the UI. It recommends using single bindings where possible. It also discusses only displaying visible elements, avoiding polluting scopes, and being aware of the performance of directives and external components. The document notes some technical limits of AngularJS with large dynamic data sets, and that for real-time apps with frequent data changes, a lightweight framework may be preferable. It emphasizes thinking about performance during development and not assuming frameworks are inherently fast. In summary, the document provides tips on optimizing AngularJS performance by reducing watches, only updating visible elements, and avoiding scope pollution.
This document provides an overview of the JavaFX community and ecosystem, including key people, blogs, books, tutorials, projects, frameworks, libraries, and more. It encourages joining the JavaFX community and contributing to open source projects to help grow skills. The presentation highlights over 30 frameworks and 45 libraries that have been developed for JavaFX.
The document discusses the JavaFX ecosystem, including layout managers like MigLayout and Medusa, widgets like JideFX and ControlsFX, styling libraries like JFoenix and BootstrapFX, testing tools like TestFX, frameworks like Afterburner.fx and MvvmFX, integration platforms like e(fx)clipse, libraries like AnchorFX and ReactFX, and GroovyFX for writing JavaFX applications in Groovy. It provides an overview of the various options available for building JavaFX user interfaces, styling applications, testing, and developing full applications.
This presentation is prepared for SVCC 2014 on Javascript Testing with Jasmine. It basically goes through basic Jasmine feature and provide tips for developers when they decide to start testing.
Intro To JavaScript Unit Testing - Ran MizrahiRan Mizrahi
The document introduces JavaScript testing and test-driven development (TDD). It discusses why software projects fail, challenges of testing JavaScript code, and how to use the Mocha and ChaiJS frameworks for TDD and behavior-driven development (BDD). It provides an example of writing unit tests for a user service function using TDD principles, implementing the code to pass the tests, and running the tests with Mocha. Benefits of testing code include short feedback cycles, high test coverage, documentation of specifications, and less time spent debugging.
Zombie.js is a lightweight framework for testing client-side JavaScript code in a simulated environment. It allows automation of tasks like verifying functional requirements, load testing, and checking databases. Zombie.js runs quickly, is easy to use and understand, supports promises and mainstream test frameworks, and does not require an IDE. It provides APIs for managing the DOM, forms, browser state, and events to simulate user interactions and test JavaScript code in a headless browser environment.
Javascript Test Automation Workshop (21.08.2014)Deutsche Post
The document summarizes a workshop on JS test automation using NightwatchJS and DalekJS. It introduces the presenters and provides an overview of the workshop goals, which are to learn rapid test development from scratch using NightwatchJS and DalekJS and compare them on real-world examples from an ING-DiBa Bank site. The document also covers NightwatchJS and DalekJS setup, examples of tests, assertions and commands, and two case studies to be developed using NightwatchJS.
node.js practical guide to serverside javascriptEldar Djafarov
This document provides an overview of Node.js and how to build server-side JavaScript applications with it. Some key points covered include:
- Node.js uses a single-threaded non-blocking I/O model that handles multiple requests concurrently using callbacks and an event loop.
- Common Node.js modules like Express make it easy to build REST APIs and web servers. Express uses middleware for common tasks like routing, static files, authentication etc.
- Testing Node.js applications can be done with frameworks like Mocha and Chai to write unit and integration tests, and the Request library to mock HTTP requests.
Unit testing JavaScript code with Jasmine allows developers to test functionality in isolation through matchers, spies, and asynchronous handling. Key benefits include cheaper QA, better documentation, improved code quality, and easier debugging. While some are deterred by complex asynchronous code or small projects, unit testing pays off through early bug detection and confidence that features work as intended.
WebDav implementations are complex and have many vulnerabilities. Hackers should test for XXE issues by sending XML payloads to methods like PROPPATCH and PROPFIND. XXE can be used to read files on the system or perform SSRF. Other issues include CSRF, authentication bypass by overwriting configuration files, and DoS attacks using large payloads. Developers should carefully follow security best practices for XML parsing and input validation when building WebDav services.
The document provides an overview of Node.js and the Express web framework. It discusses that Node.js is a platform for executing JavaScript files and includes utilities for network and file I/O. Express is a web application framework built on Node.js that uses middleware to handle requests. The document covers Express concepts like routing, middleware, templating, and popular middleware modules for tasks like compression, parsing request bodies, and sessions.
Play Framework and Ruby on Rails are web application frameworks that help developers build web applications. Both frameworks provide tools and libraries for common tasks like routing, database access, templates and more. Some key similarities include using MVC patterns, supporting SQL/NoSQL databases via libraries, and including tools for unit testing and deployment. Some differences are Play uses Scala and Java while Rails uses Ruby, and they have different project structures and ways of handling assets, templates and dependencies. Both aim to help developers build web applications faster with their features and ecosystem of supporting libraries.
Workshop: Functional testing made easy with PHPUnit & Selenium (phpCE Poland,...Ondřej Machulda
Annotated slides for phpCE workshop on November 3, 2017.
Workshop repository: https://github.com/OndraM/selenium-workshop-phpce
The workshop covered:
- setting up local development environment (using Docker)
- practical examples of functional tests implementation
- exploring possibilities of Selenium WebDriver
- parallel test execution using Steward
- hands-on Page Object design pattern
- dealing with asynchronous elements of web-pages (AJAX, JavaScript)
- general tips & tricks how to keep a maintainable suite of functional tests in a long-term
Presented at SCREENS 2013 in Toronto with Nick Van Weerdenburg
Save 10% off ANY FITC event with discount code 'slideshare'
See our upcoming events at www.fitc.ca
AngularJS is a hot, hot, hot topic. Building web and mobile apps in AngularJS is an ease but there is a learning curve. In this session, you’ll learn the ins and outs of AngularJS and leave the session knowing how to build killer AngularJS apps.
This document provides examples of how to write unit tests for different types of code using Karma and Mocha/Chai, including:
1. Testing filters, API calls, and actions by mocking dependencies and asserting on expected outputs or dispatched mutations.
2. Testing Vue components by mounting them and asserting on rendered output, emitted events, and component property values.
3. Testing Vuex actions by asserting they dispatch the correct mutations and handle store state as expected.
The examples demonstrate common testing patterns like mocking HTTP requests, injecting stubs, simulating events, and asserting on outputs to validate code behavior across different layers of an application.
These are the slides from my YUI3 presentation at Open Hack Day in London.
Code demo can be found here:
http://blog.davglass.com/files/openhackday/openhackday/code/photos/
Javascript unit testing, yes we can e bigAndy Peterson
This document discusses test-driven development for JavaScript using ScrewUnit and BlueRidge. It introduces the Carbon Five consulting firm and covers why JavaScript unit testing is important. It then demonstrates how to write behavioral tests using ScrewUnit's BDD style and shows a live example testing a wizard component. Some challenges of JavaScript testing like DOM cleanup and structure are addressed. The document emphasizes that JavaScript testing is possible and can be integrated into the development process.
Performance optimization is a crucial aspect of building ‘snappy’ client-side applications and something which all developers using jQuery should bear in mind. In this talk, we're going to take a look at some of the best practices, tips and tricks for improving the performance of your jQuery code in 2011 with some quick wins and a few new surprises along the way.
This document discusses AngularJS performance and limits. It begins by covering view watches and data bindings, noting that having too many can lag the UI. It recommends using single bindings where possible. It also discusses only displaying visible elements, avoiding polluting scopes, and being aware of the performance of directives and external components. The document notes some technical limits of AngularJS with large dynamic data sets, and that for real-time apps with frequent data changes, a lightweight framework may be preferable. It emphasizes thinking about performance during development and not assuming frameworks are inherently fast. In summary, the document provides tips on optimizing AngularJS performance by reducing watches, only updating visible elements, and avoiding scope pollution.
This document provides an overview of the JavaFX community and ecosystem, including key people, blogs, books, tutorials, projects, frameworks, libraries, and more. It encourages joining the JavaFX community and contributing to open source projects to help grow skills. The presentation highlights over 30 frameworks and 45 libraries that have been developed for JavaFX.
The document discusses the JavaFX ecosystem, including layout managers like MigLayout and Medusa, widgets like JideFX and ControlsFX, styling libraries like JFoenix and BootstrapFX, testing tools like TestFX, frameworks like Afterburner.fx and MvvmFX, integration platforms like e(fx)clipse, libraries like AnchorFX and ReactFX, and GroovyFX for writing JavaFX applications in Groovy. It provides an overview of the various options available for building JavaFX user interfaces, styling applications, testing, and developing full applications.
This presentation is prepared for SVCC 2014 on Javascript Testing with Jasmine. It basically goes through basic Jasmine feature and provide tips for developers when they decide to start testing.
Intro To JavaScript Unit Testing - Ran MizrahiRan Mizrahi
The document introduces JavaScript testing and test-driven development (TDD). It discusses why software projects fail, challenges of testing JavaScript code, and how to use the Mocha and ChaiJS frameworks for TDD and behavior-driven development (BDD). It provides an example of writing unit tests for a user service function using TDD principles, implementing the code to pass the tests, and running the tests with Mocha. Benefits of testing code include short feedback cycles, high test coverage, documentation of specifications, and less time spent debugging.
Zombie.js is a lightweight framework for testing client-side JavaScript code in a simulated environment. It allows automation of tasks like verifying functional requirements, load testing, and checking databases. Zombie.js runs quickly, is easy to use and understand, supports promises and mainstream test frameworks, and does not require an IDE. It provides APIs for managing the DOM, forms, browser state, and events to simulate user interactions and test JavaScript code in a headless browser environment.
Javascript Test Automation Workshop (21.08.2014)Deutsche Post
The document summarizes a workshop on JS test automation using NightwatchJS and DalekJS. It introduces the presenters and provides an overview of the workshop goals, which are to learn rapid test development from scratch using NightwatchJS and DalekJS and compare them on real-world examples from an ING-DiBa Bank site. The document also covers NightwatchJS and DalekJS setup, examples of tests, assertions and commands, and two case studies to be developed using NightwatchJS.
node.js practical guide to serverside javascriptEldar Djafarov
This document provides an overview of Node.js and how to build server-side JavaScript applications with it. Some key points covered include:
- Node.js uses a single-threaded non-blocking I/O model that handles multiple requests concurrently using callbacks and an event loop.
- Common Node.js modules like Express make it easy to build REST APIs and web servers. Express uses middleware for common tasks like routing, static files, authentication etc.
- Testing Node.js applications can be done with frameworks like Mocha and Chai to write unit and integration tests, and the Request library to mock HTTP requests.
Unit testing JavaScript code with Jasmine allows developers to test functionality in isolation through matchers, spies, and asynchronous handling. Key benefits include cheaper QA, better documentation, improved code quality, and easier debugging. While some are deterred by complex asynchronous code or small projects, unit testing pays off through early bug detection and confidence that features work as intended.
WebDav implementations are complex and have many vulnerabilities. Hackers should test for XXE issues by sending XML payloads to methods like PROPPATCH and PROPFIND. XXE can be used to read files on the system or perform SSRF. Other issues include CSRF, authentication bypass by overwriting configuration files, and DoS attacks using large payloads. Developers should carefully follow security best practices for XML parsing and input validation when building WebDav services.
The document provides an overview of Node.js and the Express web framework. It discusses that Node.js is a platform for executing JavaScript files and includes utilities for network and file I/O. Express is a web application framework built on Node.js that uses middleware to handle requests. The document covers Express concepts like routing, middleware, templating, and popular middleware modules for tasks like compression, parsing request bodies, and sessions.
Play Framework and Ruby on Rails are web application frameworks that help developers build web applications. Both frameworks provide tools and libraries for common tasks like routing, database access, templates and more. Some key similarities include using MVC patterns, supporting SQL/NoSQL databases via libraries, and including tools for unit testing and deployment. Some differences are Play uses Scala and Java while Rails uses Ruby, and they have different project structures and ways of handling assets, templates and dependencies. Both aim to help developers build web applications faster with their features and ecosystem of supporting libraries.
Workshop: Functional testing made easy with PHPUnit & Selenium (phpCE Poland,...Ondřej Machulda
Annotated slides for phpCE workshop on November 3, 2017.
Workshop repository: https://github.com/OndraM/selenium-workshop-phpce
The workshop covered:
- setting up local development environment (using Docker)
- practical examples of functional tests implementation
- exploring possibilities of Selenium WebDriver
- parallel test execution using Steward
- hands-on Page Object design pattern
- dealing with asynchronous elements of web-pages (AJAX, JavaScript)
- general tips & tricks how to keep a maintainable suite of functional tests in a long-term
Presented at SCREENS 2013 in Toronto with Nick Van Weerdenburg
Save 10% off ANY FITC event with discount code 'slideshare'
See our upcoming events at www.fitc.ca
AngularJS is a hot, hot, hot topic. Building web and mobile apps in AngularJS is an ease but there is a learning curve. In this session, you’ll learn the ins and outs of AngularJS and leave the session knowing how to build killer AngularJS apps.
This document provides examples of how to write unit tests for different types of code using Karma and Mocha/Chai, including:
1. Testing filters, API calls, and actions by mocking dependencies and asserting on expected outputs or dispatched mutations.
2. Testing Vue components by mounting them and asserting on rendered output, emitted events, and component property values.
3. Testing Vuex actions by asserting they dispatch the correct mutations and handle store state as expected.
The examples demonstrate common testing patterns like mocking HTTP requests, injecting stubs, simulating events, and asserting on outputs to validate code behavior across different layers of an application.
These are the slides from my YUI3 presentation at Open Hack Day in London.
Code demo can be found here:
http://blog.davglass.com/files/openhackday/openhackday/code/photos/
Javascript unit testing, yes we can e bigAndy Peterson
This document discusses test-driven development for JavaScript using ScrewUnit and BlueRidge. It introduces the Carbon Five consulting firm and covers why JavaScript unit testing is important. It then demonstrates how to write behavioral tests using ScrewUnit's BDD style and shows a live example testing a wizard component. Some challenges of JavaScript testing like DOM cleanup and structure are addressed. The document emphasizes that JavaScript testing is possible and can be integrated into the development process.
A brief introduction to javascript test driven development (TDD) towards several point of views by using qUnit, Karma & Jasmine, NodeJS tape module and custom frameworks.
Server Side JavaScript - You ain't seen nothing yetTom Croucher
This document discusses using JavaScript on the server side with Node.js and the YUI framework. It begins by explaining why server-side JavaScript is useful and discusses JavaScript runtimes like V8, SpiderMonkey, and Rhino. It then covers Node.js, CommonJS frameworks, and how to use YUI modules on the server by enabling YUI's module loader. Examples are provided for accessing remote data, rendering HTML on the server, and implementing progressive enhancement.
Mathilde Lemée & Romain Maton
La théorie, c’est bien, la pratique … aussi !
Venez nous rejoindre pour découvrir les profondeurs de Node.js !
Nous nous servirons d’un exemple pratique pour vous permettre d’avoir une premiere experience complete autour de Node.js et de vous permettre de vous forger un avis sur ce serveur Javascript qui fait parler de lui !
http://soft-shake.ch/2011/conference/sessions/incubator/2011/09/01/hands-on-nodejs.html
Video: https://www.youtube.com/watch?v=b6yLwvNSDck
Here's the showdown you've been waiting for: Node.js vs Play Framework. Both are popular open source web frameworks that are built for developer productivity, asynchronous I/O, and the real time web. But which one is easier to learn, test, deploy, debug, and scale? Should you pick Javascript or Scala? The Google v8 engine or the JVM? NPM or Ivy? Grunt or SBT? Two frameworks enter, one framework leaves.
This is the English version of the presentation. For the version with Japanese subtitles, see http://www.slideshare.net/brikis98/nodejs-vs-play-framework-with-japanese-subtitles
This document discusses building automated acceptance tests that are stable and maintainable for continuous delivery. It emphasizes that developers should own acceptance testing by writing tests in the same way they write production code. This includes writing many unit and regression tests, optimizing for test execution, using immutable environments like Docker for isolation, and leveraging techniques like parallelization and separation of concerns with domain-specific languages. The document also provides examples of testing strategies, tools, and processes that can help achieve this goal.
Leverage patterns of large-scale JS – such as modules, publish-subscribe and delegation – to achieve extreme performance without sacrificing maintainability.
Node.js vs Play Framework (with Japanese subtitles)Yevgeniy Brikman
Video: http://www.nicovideo.jp/watch/1410857293
Here's the showdown you've been waiting for: Node.js vs Play Framework. Both are popular open source web frameworks that are built for developer productivity, asynchronous I/O, and the real time web. But which one is easier to learn, test, deploy, debug, and scale? Should you pick Javascript or Scala? The Google v8 engine or the JVM? NPM or Ivy? Grunt or SBT? Two frameworks enter, one framework leaves.
This version of the presentation has Japanese subtitles. For the English only version, see http://www.slideshare.net/brikis98/nodejs-vs-play-framework
JavaScript is evolving with the addition of modules, platform consistency, and harmony features. Modules allow JavaScript code to be organized and avoid naming collisions. CommonJS and AMD module formats are used widely. Platform consistency is improved through polyfills that mimic future APIs for older browsers. Harmony brings language-level modules and features like destructuring assignment, default parameters, and promises to JavaScript. Traceur compiles Harmony code to existing JavaScript.
How and why i roll my own node.js frameworkBen Lin
1) The document discusses the author's experience building their own node.js web framework, including their background with other technologies like Ruby on Rails.
2) It describes the key features of their framework, such as MVC structure, middleware support, asset packaging, and command line tools.
3) The author explains that they rolled their own framework to learn more about how frameworks work, have more control over the technology stack, and because node.js performance is better than Ruby on Rails. They emphasize that building the framework was a fun learning experience.
The document discusses unit testing in Grails using the Spock testing framework. It covers the basics of unit testing including goals, advantages, and challenges. It then provides an overview of Spock and examples of writing unit tests in Spock including mocking methods, domains, configurations, and dependencies. The document also discusses how to write unit tests for controllers and integration tests in Grails using Spock.
09 - express nodes on the right angle - vitaliy basyuk - it event 2013 (5)Igor Bronovskyy
09 - Express Nodes on the right Angle - Vitaliy Basyuk - IT Event 2013 (5)
60 вузлів під правильним кутом - миттєва розробка програмних додатків використовуючи Node.js + Express + MongoDB + AngularJS.
Коли ми беремось за новий продукт, передусім ми думаємо про пристрасть, яка необхідна йому, щоб зробити користувача задоволеним і відданим нашому баченню. А що допомагає нам здобути прихильність користувачів? Очевидно, що окрім самої ідеї, також важлими будуть: зручний користувацький інтерфейс, взаємодія в реальному часі та прозора робота з даними. Ці три властивості ми можемо здобути використовучи ті чи інші засоби, проте, коли все лиш починається, набагато зручніше, якщо інструменти допомагають втілити бажане, а не відволікають від головної мети.
Ми розглянемо процес розробки, використовуючи Node.js, Express, MongoDB та AngularJS як найбільш корисного поєднання для отримання вагомої переваги вже на старті вашого продукту.
Віталій Басюк
http://itevent.if.ua/lecture/express-nodes-right-angle-rapid-application-development-using-nodejs-express-mongodb-angular
Introduction to Nightwatch.js artifacts, usage in a CI environment, and current integration with Drupal 8.
Video of session: https://www.youtube.com/watch?v=9GYZJ1AZqI8
IBM Cloud University: Build, Deploy and Scale Node.js MicroservicesChris Bailey
The document discusses key aspects of building scalable microservices including containerization, orchestration, monitoring, and performance optimization. It provides code examples for containerizing a Node.js application, deploying it with Kubernetes using a Helm chart, and implementing continuous delivery with Jenkins pipelines and DevOps toolchains. The document also covers understanding microservices performance by analyzing architecture diagrams showing public/private networks, services, and databases.
Workflow para desenvolvimento Web & Mobile usando grunt.jsDavidson Fellipe
This document discusses using Grunt.js to automate workflows for mobile development. It begins by explaining why automation is useful, then discusses various task runners like Grunt, Make, Ant, etc. It focuses on Grunt, explaining how to set it up, configure it with plugins, and use tasks like Compass, Watch, Uglify, Imagemin. Finally, it shows how to integrate Grunt with PhoneGap for mobile app development. The overall document provides an introduction and guide to using Grunt.js to improve the development process.
CollabSphere 2021 - DEV114 - The Nuts and Bolts of CI/CD With a Large XPages ...Jesse Gallagher
Though Domino makes working with build servers and CI/CD pipelines difficult, it is possible to do so even with complex applications. This session will discuss the specifics of using several OpenNTF projects - NSF ODP Tooling, the Jakarta XPages Runtime, and XPages Jakarta EE Support - as well as open-source technologies such as Docker to build, test, and deploy Java-based Domino applications for testing and staging. This builds on previous sessions about the NSF ODP Tooling and Maven generally.
Testing NodeJS with Mocha, Should, Sinon, and JSCoveragemlilley
This document discusses how to test NodeJS applications using the Mocha testing framework, the Should assertion library, and Sinon for spies/stubs/mocks. It covers setting up Mocha and Should, writing synchronous and asynchronous tests, using hooks, the Should DSL for assertions, running and configuring tests, integrating Sinon, and measuring test coverage with node-jscoverage.
Ähnlich wie Security testing of YUI powered applications (20)
Fueling AI with Great Data with Airbyte WebinarZilliz
This talk will focus on how to collect data from a variety of sources, leveraging this data for RAG and other GenAI use cases, and finally charting your course to productionalization.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Your One-Stop Shop for Python Success: Top 10 US Python Development Providersakankshawande
Simplify your search for a reliable Python development partner! This list presents the top 10 trusted US providers offering comprehensive Python development services, ensuring your project's success from conception to completion.
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Introduction of Cybersecurity with OSS at Code Europe 2024Hiroshi SHIBATA
I develop the Ruby programming language, RubyGems, and Bundler, which are package managers for Ruby. Today, I will introduce how to enhance the security of your application using open-source software (OSS) examples from Ruby and RubyGems.
The first topic is CVE (Common Vulnerabilities and Exposures). I have published CVEs many times. But what exactly is a CVE? I'll provide a basic understanding of CVEs and explain how to detect and handle vulnerabilities in OSS.
Next, let's discuss package managers. Package managers play a critical role in the OSS ecosystem. I'll explain how to manage library dependencies in your application.
I'll share insights into how the Ruby and RubyGems core team works to keep our ecosystem safe. By the end of this talk, you'll have a better understanding of how to safeguard your code.
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframePrecisely
Inconsistent user experience and siloed data, high costs, and changing customer expectations – Citizens Bank was experiencing these challenges while it was attempting to deliver a superior digital banking experience for its clients. Its core banking applications run on the mainframe and Citizens was using legacy utilities to get the critical mainframe data to feed customer-facing channels, like call centers, web, and mobile. Ultimately, this led to higher operating costs (MIPS), delayed response times, and longer time to market.
Ever-changing customer expectations demand more modern digital experiences, and the bank needed to find a solution that could provide real-time data to its customer channels with low latency and operating costs. Join this session to learn how Citizens is leveraging Precisely to replicate mainframe data to its customer channels and deliver on their “modern digital bank” experiences.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Driving Business Innovation: Latest Generative AI Advancements & Success StorySafe Software
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Skybuffer SAM4U tool for SAP license adoptionTatiana Kojar
Manage and optimize your license adoption and consumption with SAM4U, an SAP free customer software asset management tool.
SAM4U, an SAP complimentary software asset management tool for customers, delivers a detailed and well-structured overview of license inventory and usage with a user-friendly interface. We offer a hosted, cost-effective, and performance-optimized SAM4U setup in the Skybuffer Cloud environment. You retain ownership of the system and data, while we manage the ABAP 7.58 infrastructure, ensuring fixed Total Cost of Ownership (TCO) and exceptional services through the SAP Fiori interface.
What is an RPA CoE? Session 1 – CoE VisionDianaGray10
In the first session, we will review the organization's vision and how this has an impact on the COE Structure.
Topics covered:
• The role of a steering committee
• How do the organization’s priorities determine CoE Structure?
Speaker:
Chris Bolin, Senior Intelligent Automation Architect Anika Systems
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...Alex Pruden
Folding is a recent technique for building efficient recursive SNARKs. Several elegant folding protocols have been proposed, such as Nova, Supernova, Hypernova, Protostar, and others. However, all of them rely on an additively homomorphic commitment scheme based on discrete log, and are therefore not post-quantum secure. In this work we present LatticeFold, the first lattice-based folding protocol based on the Module SIS problem. This folding protocol naturally leads to an efficient recursive lattice-based SNARK and an efficient PCD scheme. LatticeFold supports folding low-degree relations, such as R1CS, as well as high-degree relations, such as CCS. The key challenge is to construct a secure folding protocol that works with the Ajtai commitment scheme. The difficulty, is ensuring that extracted witnesses are low norm through many rounds of folding. We present a novel technique using the sumcheck protocol to ensure that extracted witnesses are always low norm no matter how many rounds of folding are used. Our evaluation of the final proof system suggests that it is as performant as Hypernova, while providing post-quantum security.
Paper Link: https://eprint.iacr.org/2024/257
HCL Notes and Domino License Cost Reduction in the World of DLAUpanagenda
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/
The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this!
We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model.
Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward.
These topics will be covered
- Reducing license cost by finding and fixing misconfigurations and superfluous accounts
- How do CCB and CCX licenses really work?
- Understanding the DLAU tool and how to best utilize it
- Tips for common problem areas, like team mailboxes, functional/test users, etc
- Practical examples and best practices to implement right away
Main news related to the CCS TSI 2023 (2023/1695)Jakub Marek
An English 🇬🇧 translation of a presentation to the speech I gave about the main changes brought by CCS TSI 2023 at the biggest Czech conference on Communications and signalling systems on Railways, which was held in Clarion Hotel Olomouc from 7th to 9th November 2023 (konferenceszt.cz). Attended by around 500 participants and 200 on-line followers.
The original Czech 🇨🇿 version of the presentation can be found here: https://www.slideshare.net/slideshow/hlavni-novinky-souvisejici-s-ccs-tsi-2023-2023-1695/269688092 .
The videorecording (in Czech) from the presentation is available here: https://youtu.be/WzjJWm4IyPk?si=SImb06tuXGb30BEH .
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
Discover top-tier mobile app development services, offering innovative solutions for iOS and Android. Enhance your business with custom, user-friendly mobile applications.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
Northern Engraving | Nameplate Manufacturing Process - 2024
Security testing of YUI powered applications
1. Security Testing Of YUI Powered Applications
November 15, 2012 YUIConf 2012 Dmitry Savintsev, Albert Yu
2. Who we are
Dmitry Savintsev
- Yahoo Developer / Paranoid of 12+ years
- Assembly -> C++ -> PHP -> Javascript
- @dimisec, github.com/dmitris
Albert Yu
- Yahoo Engineer / Paranoid since 2005
- @yukinying
3. Agenda:
Why Security Testing
JavaScript Testing vs. Pentesting
Tools of Trade
Testing for XSS
Static Code Analysis
The Road Ahead
4. Testing Well-Known Benefits
States and validates application behavior
“runnable documentation”
No tests – not maintainable
5. Security defects – highest negative impact
Users’ data at stake!
Your app WILL be tested by the world
6. Sad state of web application security
XSS is prevailing
Server- and OS-level Javascript
Need to pull all stops
7. Modern Javascript Testing:
Unit, functional integration testing
Code coverage / reporting tools
Integral part of the CI workflow
8. Pentesting
• Established practice in webappsec world
• Combination of manual poking & use of
different tools (ex. Burp Proxy)
• Flourishing consulting business
10. JS Dev and Webappsec need each other
• Javascript eats the world
• Just look at Yahoo! (Cocktails…)
• Mobile / alt screens huge impetus
• Attack surface rapidly expanding
• Dire shortage of manpower and talent
11. Security testing challenges
• “End of scanning”
• Difficult-to-impossible to test
automatically
• “surface discovery” – mapping FE apps
• Highly situation / context dependent
12. Code and feature coverage problem
Testing needs to be guided through the app
Testing and coding in close proximity
Power to the developers!!
13. Tools for (security) testing
• Selenium / Webdriver
• Greatly matured in the recent years
• JS bindings still new (only remote server)
• PhantomJS (and Ghostdriver)
• YUI Test
20. JSLint, JSHint
Thanks to NodeJS, now they are available as
CLI tool.
% # JavaScript Good Parts
% npm -g install jslint
% jslint --white --browser
foo.js
% # JavaScript Less Good Parts
% # Better reporting
% npm -g install jshint
21. $ jslint --white --browser yui-debug.js
yui-debug.js
#1 'YUI' was used before it was defined.
if (typeof YUI != 'undefined') { // Line 15, Pos 12
#2 Expected '!==' and instead saw '!='.
if (typeof YUI != 'undefined') { // Line 15, Pos 16
#3 Unexpected dangling '_' in '_YUI'.
YUI._YUI = YUI; // Line 16, Pos 9
$ jshint yui-debug.js
yui-debug.js: line 59, col 9, Redefinition of 'YUI'.
yui-debug.js: line 385, col 26, Missing semicolon.
yui-debug.js: line 617, col 35, 'loader' is already defined.
yui-debug.js: line 632, col 18, Don't make functions within a
loop.
yui-debug.js: line 997, col 17, ['loader'] is better written
in dot notation.
yui-debug.js: line 2210, col 34, Expected an assignment or
function call and instead saw an expression.
22. A Very Rough Benchmark
Disclaimers
1. jQuery and YUI benchmark are not correct as the code does not stored on
the path that stores Todomvc sample.
2. JSLint stops when it sees critical error or too many errors.
3. Minified code may affect the reporting.
4. No yui-lint customizations.
23. Benchmarks on YUI Gallery
Running yui-lint (custom .jshintrc)
461 gallery modules
42 without any issues
74 warnings in average
86 modules > 100 issues
873 issues in maximum
26. Develop – where we run it now (?)
Commit – where it should be run
Review – and here as well
Merge
Release
27. var express = require('express');
var app = express();
var Y = require('yui/io-base');
app.get('/api*', function(req, res){
var params = require('url').parse(req.url, true);
var url = "http://localhost:3000/json/" +
params.query.question ;
Y.io(url, { on: { complete: function(id, e) {
try {
var json = JSON.parse(e.responseText);
} catch (err) { console.log(err); }
res.end( json.answer + "n" );
} } }); });
app.get('/json/whoami', function(req, res)
{ res.end('{"answer":"bob"}'); });
app.get('/json/*', function(req, res)
{ res.end("Error: I don't understand"); });
app.listen(3000);
28. try {
var json =
JSON.parse(e.responseText);
} catch (err) {
console.log(err); }
res.end( json.answer + "n" );
}
29. JSLINT OUTPUT:
#1 Missing 'use strict' statement.
var params = require('url').parse(req…
#2 'json' was used before it was defined.
try { json = JSON.parse(e.responseText); }
Usually easier to enforce on server side.
Frontend code are harder to enforce:
1. Multiple script blocks
2. Browser compatibilities
3. Excuses ..?
4. Frontend code will not be run on server?
34. ES5 Strict Mode
Opt-in via “use strict” pragma
Option 1: Globally applying on same file/block/eval
block.
"use strict";
YUI.use(...
same script block, eval, file
Option 2: Function level
YUI.use('...’, function(Y){
"use strict";
var a = ...
35. The Big 4
// 1. Global Variable Protection
var dump_this_as_global = function() {
"use strict";
console.log(this.a);
// Err:
// Cannot read property 'a' of
// undefined
};
dump_this_as_global();
dump_this_as_global.call({a:1});
36. // 2. Global Variable Implicit
// Declaration
(function implicit_var() {
"use strict";
for( var obj in list ) { ...
// Err: obj is not defined
})();
console.log(i);
DON’T DO THIS IN NODEJS
37. // 3. function inside function
(function function_function () {
"use strict";
if (1!=2) function dummy() { };
// Err: functions can only be
// declared at top level or
// immediately within
// another function
})();
38. // 4. Duplicated property
(function duplicate() {
"use strict";
var a = {b:1, b:2};
console.log(a.b);
})();
http://www.flickr.com/photos/djackmanson/489401961/Reviewer to complain? Or someone hurt ?
Consider adding it into your test script today and enforce it
http://www.flickr.com/photos/katjung/1199062421/
Why these are bad
Why these are bad
Lastly, we could talk about some interesting findings on use strictAmazon has a JS flattening code which accidentally included use strict in the middle of it (since one file has it) and it breaks another scriptMozilla has a MDN page that provides very comprehensive details on use strict. However, the JS on that page is not having strict mode enabled.
When you set to do at least some security-related tests, you have to consider more carefully edge cases, unintended usage of the application (interface, function etc.), assumptions made about the types of usage and input, whether protections are made, how they are implemented, and whether the implementation of those protection measures / controls is done in a way that allows to understand and verify in sufficient isolation.