From Runtime Failures to Patches: Study of Patch Generation in Production
Size: px
Start display at page:

Download "From Runtime Failures to Patches: Study of Patch Generation in Production"

Transcription

1 From Runtime Failures to Patches: Study of Patch Generation in Production Advisors: Martin Monperrus & Lionel Seinturier Thomas Durieux July 12, 2018 INRIA & University of Lille

2 Windows sends more than 100 million error reports per day! 0

3 Outline Automatic Program Repair BikiniProxy: Patch Generation for Client-side applications BikiniProxy Demo BikiniProxy Architecture BikiniProxy Evaluation Itzal: Patch Generation for Server-side applications Itzal Concept Itzal Architecture Itzal Evaluation Conclusion 1

4 Automatic Program Repair Buggy Application Repair Strategy Oracle (e.g: Crash) 2

5 Automatic Patch Generation Buggy Program GenProg, Nopol,... Failure Oracle: Failing Tests Regression Oracle: Passing Tests 3

6 Test-based automatic program repair Use the test suite as the specification of the program. Status Tests Test Functionality 1 Test Functionality 2 Test Functionality 3 4

7 Test-based automatic program repair Use the test suite as the specification of the program. Common usage: reproduce a bug with a test suite Status Tests Test Functionality 1 Test Functionality 2 Test Functionality 3 Reproduce Bug-X 4

8 Test-based automatic program repair Use the test suite as the specification of the program. Goal: make the failing test pass Status Tests Test Functionality 1 Test Functionality 2 Test Functionality 3 Reproduce Bug-X 4

9 Automatic Program Repair Problem Automatic Program Repair relies of a failing test-case. Our solution Use the production system for patch generation. 5

10 Outline Automatic Program Repair BikiniProxy: Patch Generation for Client-side applications BikiniProxy Demo BikiniProxy Architecture BikiniProxy Evaluation Itzal: Patch Generation for Server-side applications Itzal Concept Itzal Architecture Itzal Evaluation Conclusion 6

11 BikiniProxy Demo 6

12 BikiniProxy Architecture User Firefox Web Server 7

13 BikiniProxy Architecture image.png style.css script.js page.html User Firefox Web Server 7

14 BikiniProxy Architecture image.png JS Error style.css script.js page.html User Firefox Web Server 7

15 BikiniProxy Architecture User Firefox Web Server 7

16 BikiniProxy Architecture Proxy User Firefox Web Server 7

17 BikiniProxy Architecture image.png style.css script.js page.html Proxy User Firefox Web Server 7

18 BikiniProxy Architecture image.png style.css script.js biki-page.html Proxy User Firefox Web Server 7

19 BikiniProxy Architecture image.png JS Error style.css script.js biki-page.html Proxy User Firefox Web Server 7

20 BikiniProxy Architecture BikiniProxy Backend image.png JS Error style.css script.js biki-page.html Proxy User Firefox Web Server 7

21 BikiniProxy Architecture BikiniProxy Backend image.png style.css biki-script.js biki-page.html Proxy User Firefox Web Server 7

22 Repair Strategies 1. HTTP/HTTPS Redirector changes HTTP to HTTPS 2. HTML Element Creator creates HTML elements 3. Library Injector injects missing libraries 4. Line Skipper adds a precondition to a statement 5. Object Creator initializes a null variable 8

23 Evaluation Protocal 1. Access a buggy page 2. Collect the errors on the page 3. Activate BikiniProxy 4. Access the buggy page with BikiniProxy activated 5. Collect the errors on the page with BikiniProxy activated 9

24 Evaluation Benchmark: DeadClick Crawling stats Value # Visited Pages # Pages with Error 4282 (4.5%) Benchmarks stats Value # Pages with Reproduced Errors 555 # Domains 466 # Average # resources per page # Average scripts per page # Min errors per page 1 # Average errors per page 1.49 # Max errors per page 10 # Average pages size 1.98mb 10

25 Evaluation Results Error Results XXX is not defined 184/307 (59.93%) Cannot read property XXX of null 42/176 (23.86%) XXX is not a function 11/111 (9.9%) Unexpected token X 2/61 (3.27%) Cannot set property XXX of null 11/24 (45.83%) Invalid or unexpected token 0/21 (0%) Unexpected identifier 0/15 (0%) Script error for: XXX 2/10 (20%) The manifest specifies... 0/7 (0%) adsbygoogle.push() error: No slot 0/7 (0%) 53 different errors 248/826 (30.02%) 11

26 Evaluation Results Metric Name # Pages Percent All Errors Disappeared 176/ % Some Errors Disappeared 42/ % Different/Additional Errors 140/ % No Strategy Applied 196/ % 12

27 BikiniProxy Highlights First fully automatic patch generation Patch generation without changing the production applicatio First benchmark of JavaScript failures 13

28 Outline Automatic Program Repair BikiniProxy: Patch Generation for Client-side applications BikiniProxy Demo BikiniProxy Architecture BikiniProxy Evaluation Itzal: Patch Generation for Server-side applications Itzal Concept Itzal Architecture Itzal Evaluation Conclusion 14

29 Itzal Concept Firefox Web Server 15

30 Itzal Concept Buggy output Firefox Web Server 15

31 Itzal Concept Expected output Firefox Patched Web Server 15

32 Itzal Concept Inconsistent output Firefox Patched Web Server 15

33 Itzal Concept Buggy output Firefox Web Server 15

34 Itzal Concept Buggy output Firefox Web Server Patch Service Patched Web Server 15

35 Itzal Concept Buggy output Firefox Web Server Patch Service Patched Web Server Expected output 15

36 Itzal Concept Expected output? Firefox Web Server Patch Service Patched Web Server Expected output 15

37 Itzal Concept Highlights Patch generation in production. Patch regression with production inputs. Sandboxed repair environment repair the program without affecting the production. 16

38 Itzal Architecture Client Application Client: e.g. a browser Application: e.g. a web server 17

39 Itzal Architecture Application Client Shadower Shadower: intercepts and duplicates the requests 17

40 Itzal Architecture Application Failure Oracle Client Shadower Patch Service Patch Service: generates patches that fix the requests Failure Oracle: detects if a request is passing or failing 17

41 Itzal Architecture Application Failure Oracle Client Shadower Patch Service Regression Service Regression Oracle Regression: executes passing request on patched applications Regression Oracle: compares the output of the application and the patched application 17

42 Itzal Architecture Application Failure Oracle Client Shadower Patch Service Developer Regression Service Reporting Regression Oracle Reporting: communicates the patches to the developers (Dashboard, Pull Request,...) 17

43 Itzal Oracle Failure Oracle: decides if a request is valid or not (e.g. HTTP status 5xx) Regression Oracle: decides if the patch does not modify the behavior for all non-failing requests. 18

44 Itzal Prototype e-commerce HTTP status 5xx Workload Shadower NPEFix 19

45 NPEFix Ok Execution Start Execution End Failure 20

46 NPEFix NPE1 Line 3 Strategy: return new Date(); Ok Execution Start Execution End Failure 20

47 NPEFix NPE1 Line 3 Strategy: return new Date(); Ok Execution Start Strategy: return null; Strategy: new Date().toString(); Execution End NPE2 Line 6 Failure 20

48 NPEFix NPE1 Line 3 Strategy: return new Date(); Ok Execution Start Strategy: return null; Strategy: new Date().toString(); Execution End NPE2 Line 6 Strategy: return; Failure 20

49 Itzal Evaluation 3 evaluations 1. Evaluate the patch generation from a failing execution 2. Evaluate the regression oracle to detect behavior changes 3. Cases studies 21

50 Itzal Patch Generation Evaluation Patch Models Bug NPEFix Exception-Stopper # Valid # Invalid # Valid # Invalid 34 bugs from 14 applications

51 Itzal Regression Oracle Evaluation HTTP status Oracles HTTP content # Method # Block Is Valid Patch? Patches Patch 1 0% 0% 0% 0% Yes Patch 2 0% 21% 6% 6% No Patch 3 0% 15% 7% 7% No 23

52 Itzal Case Study Evaluation 24

53 Itzal Case Study Evaluation 25

54 Generated Patch for Mayocat FlatStrategyPriceCalculator.java 37,2 +37,5 +if (carrier.getperitem() == null) { +return null; +} price = price.add(carrier.getperitem().multiply( BigDecimal.valueOf(numberOfItems))); 26

55 Outline Automatic Program Repair BikiniProxy: Patch Generation for Client-side applications BikiniProxy Demo BikiniProxy Architecture BikiniProxy Evaluation Itzal: Patch Generation for Server-side applications Itzal Concept Itzal Architecture Itzal Evaluation Conclusion 27

56 Conclusion Take Away Patch generation in production. Patch regression with production inputs. Evaluation production system is hard. Future Work New regression oracles Automatic patch generation with developers 28

Similar documents

How to Design a Program Repair Bot? Insights from the Repairnator Project

How to Design a Program Repair Bot? Insights from the Repairnator Project How to Design a Program Repair Bot? Insights from the Repairnator Project Simon Urli, Zhongxing Yu, Lionel Seinturier, Martin Monperrus simon.urli@inria.fr February, 26 th, 2018 Inria & University of Lille

More information

DynaMoth: Dynamic Code Synthesis for Automatic Program Repair

DynaMoth: Dynamic Code Synthesis for Automatic Program Repair DynaMoth: Dynamic Code Synthesis for Automatic Program Repair AST 2016 Thomas Durieux & Martin Monperrus March 6, 2017 Inria & University of Lille Automatic test-suite based repair DynaMoth is an automatic

More information

Learning to Synthesize. Yingfei Xiong, Bo Wang, Guirong Fu, Linfei Zang Peking University June 2, 2018

Learning to Synthesize. Yingfei Xiong, Bo Wang, Guirong Fu, Linfei Zang Peking University June 2, 2018 Learning to Synthesize Yingfei Xiong, Bo Wang, Guirong Fu, Linfei Zang Peking University June 2, 2018 Outline GI and L2S Components of L2S Application Conclusion Genetic Improvement GI can systematically

More information

Dynamic Patch Generation for Null Pointer Exceptions Using Metaprogramming

Dynamic Patch Generation for Null Pointer Exceptions Using Metaprogramming Dynamic Patch Generation for Null Pointer Exceptions Using Metaprogramming Thomas Durieux, Benoit Cornu, Lionel Seinturier, Martin Monperrus To cite this version: Thomas Durieux, Benoit Cornu, Lionel Seinturier,

More information

Automatic Repair of Real Bugs in Java: A Large-Scale Experiment on the Defects4J Dataset

Automatic Repair of Real Bugs in Java: A Large-Scale Experiment on the Defects4J Dataset Automatic Repair of Real Bugs in Java: A Large-Scale Experiment on the Defects4J Dataset Matias Martinez, Thomas Durieux, Romain Sommerard, Jifeng Xuan, Martin Monperrus 1 Automatic Software Repair Automatic

More information

Identifying Patch Correctness in Test-based Program Repair. Yingfei Xiong, Xinyuan Liu, Muhan Zeng, Lu Zhang, Gang Huang Peking University

Identifying Patch Correctness in Test-based Program Repair. Yingfei Xiong, Xinyuan Liu, Muhan Zeng, Lu Zhang, Gang Huang Peking University Identifying Patch Correctness in Test-based Program Repair Yingfei Xiong, Xinyuan Liu, Muhan Zeng, Lu Zhang, Gang Huang Peking University Test-based Program Repair Passing test Passing test Passing test

More information

IntroClassJava: A Benchmark of 297 Small and Buggy Java Programs

IntroClassJava: A Benchmark of 297 Small and Buggy Java Programs IntroClassJava: A Benchmark of 297 Small and Buggy Java Programs Thomas Durieux, Martin Monperrus To cite this version: Thomas Durieux, Martin Monperrus. IntroClassJava: A Benchmark of 297 Small and Buggy

More information

ASTOR: A Program Repair Library for Java

ASTOR: A Program Repair Library for Java ASTOR: A Program Repair Library for Java Matias Martinez University of Lugano, Switzerland Martin Monperrus University of Lille & Inria, France ABSTRACT During the last years, the software engineering

More information

INF5750. Introduction to JavaScript and Node.js

INF5750. Introduction to JavaScript and Node.js INF5750 Introduction to JavaScript and Node.js Outline Introduction to JavaScript Language basics Introduction to Node.js Tips and tools for working with JS and Node.js What is JavaScript? Built as scripting

More information

Evolution of the "Web

Evolution of the Web Evolution of the "Web App" @HenrikJoreteg @Hoarse_JS THIS USED TO BE SIMPLE! 1. WRITE SOME HTML 2. LAY IT OUT WITH FRAMES OR TABLES 3. FTP IT TO A SERVER! 4. BAM! CONGRATULATIONS, YOU RE A WEB DEVELOPER!

More information

Using the vrealize Orchestrator Operations Client. vrealize Orchestrator 7.5

Using the vrealize Orchestrator Operations Client. vrealize Orchestrator 7.5 Using the vrealize Orchestrator Operations Client vrealize Orchestrator 7.5 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/ If you have comments

More information

Performance Metrics for.net: Application Defender

Performance Metrics for.net: Application Defender White Paper Security Performance Metrics for.net: Application Defender Table of Contents page Abstract... 1 Results... 4 Abstract For every IT person, understanding the performance impact of adding a new

More information

Automatic Analysis and Repair of Exception Bugs for Java Programs

Automatic Analysis and Repair of Exception Bugs for Java Programs Automatic Analysis and Repair of Exception Bugs for Java Programs Benoit Cornu To cite this version: Benoit Cornu. Automatic Analysis and Repair of Exception Bugs for Java Programs. Software Engineering

More information

Antifragile Software and Genetic Improvement. Martin Monperrus University of Lille & Inria, France

Antifragile Software and Genetic Improvement. Martin Monperrus University of Lille & Inria, France Antifragile Software and Genetic Improvement Martin Monperrus University of Lille & Inria, France CREST Open Workshop on Genetic Improvement Jan 2016 1 Exception Handling Analysis and Transformation Using

More information

Web Browser Application Troubleshooting Guide. Table of Contents

Web Browser Application Troubleshooting Guide. Table of Contents Web Browser Application Troubleshooting Guide The following trouble shooting guide outlines tips for common problems which may resolve incorrect or unexpected behavior of NMFTA s web based applications.

More information

Test Plan. Version Created

Test Plan. Version Created Test Plan Version 1.0 2008.10.24 Created 2008.10.14 Yahoo! Property View Rob Shaw Team Leader Jacob McDorman Project Leader Robert Read Technologist Brad Van Dyk Editor Table of Contents [1] Introduction...

More information

B-Refactoring: Automatic Test Code Refactoring to Improve Dynamic Analysis

B-Refactoring: Automatic Test Code Refactoring to Improve Dynamic Analysis B-Refactoring: Automatic Test Code Refactoring to Improve Dynamic Analysis Jifeng Xuan, Benoit Cornu, Matias Martinez, Benoit Baudry, Lionel Seinturier, Martin Monperrus To cite this version: Jifeng Xuan,

More information

CFS Browser Compatibility

CFS Browser Compatibility CFS Browser Compatibility This document outlines the requirements for browsers certified by Oracle, for use with our current version of CFS. The information contained here has been consolidated from documents

More information

Fighting Layout Bugs. Techniques to automatically verify the work of HTML and CSS programmers QCon London 2010

Fighting Layout Bugs. Techniques to automatically verify the work of HTML and CSS programmers QCon London 2010 Fighting Layout Bugs Techniques to automatically verify the work of HTML and CSS programmers QCon London 2010 Who am I? Michael Tamm 2 / 96 System Architect Selenium committer Conference Speaker author

More information

Access Manager 3.2 Service Pack 2 IR1 resolves several previous issues.

Access Manager 3.2 Service Pack 2 IR1 resolves several previous issues. Access Manager 3.2 Service Pack 2 IR1 Readme September 2013 Access Manager 3.2 Service Pack 2 IR1 resolves several previous issues. Many of these improvements were made in direct response to suggestions

More information

Troubleshooting Guide: SAP NetWeaver Gateway

Troubleshooting Guide: SAP NetWeaver Gateway Troubleshooting Guide: SAP NetWeaver Gateway Contents Error Occurred What to do?... 1 Error Log... 1 Error Context... 2 Replay the Error in Gateway Client... 3 Gateway Client... 6 HTTP Requests and Responses...

More information

A Browser Developer's Research Wish List. Robert O'Callahan Mozilla Corporation

A Browser Developer's Research Wish List. Robert O'Callahan Mozilla Corporation A Browser Developer's Research Wish List Robert O'Callahan Mozilla Corporation About Me Research career Mozilla career Contributor Developer Manager A very quick overview of Mozilla development Problems

More information

Guide to add as trusted site in Java 8 Update 51. Version of 24 OCBC Bank. All Rights Reserved

Guide to add as trusted site in Java 8 Update 51. Version of 24 OCBC Bank. All Rights Reserved Velocity@ocbc Guide to add https://bbmy.ocbc.com as trusted site in Java 8 Update 51 Version 1.1 220815 1 of 24 Contents Java 8 Update 60 (difficulty logging into Velocity@ocbc)... 3 Uninstall Java Prior

More information

Basics of Web. First published on 3 July 2012 This is the 7 h Revised edition

Basics of Web. First published on 3 July 2012 This is the 7 h Revised edition First published on 3 July 2012 This is the 7 h Revised edition Updated on: 03 August 2015 DISCLAIMER The data in the tutorials is supposed to be one for reference. We have made sure that maximum errors

More information

java -jar Xmx2048mb /Applications/burpsuite_pro_v1.5.jar

java -jar Xmx2048mb /Applications/burpsuite_pro_v1.5.jar Training: An Introduction to Burp Suite Part One By Mike Sheward Burp suite provides a solid platform for launching a web application security assessment. In this guide we re going to introduce the features

More information

IBM InfoSphere Information Server Version 8 Release 7. Reporting Guide SC

IBM InfoSphere Information Server Version 8 Release 7. Reporting Guide SC IBM InfoSphere Server Version 8 Release 7 Reporting Guide SC19-3472-00 IBM InfoSphere Server Version 8 Release 7 Reporting Guide SC19-3472-00 Note Before using this information and the product that it

More information

Checklist for Testing of Web Application

Checklist for Testing of Web Application Checklist for Testing of Web Application Web Testing in simple terms is checking your web application for potential bugs before its made live or before code is moved into the production environment. During

More information

Browser Guide for PeopleSoft

Browser Guide for PeopleSoft Browser Guide for PeopleSoft Business Process Guide For Academic Support Specialists (Advisors) TABLE OF CONTENTS PURPOSE...2 INTERNET EXPLORER 7...3 GENERAL TAB...4 SECURITY TAB...6 PRIVACY TAB...10 CONTENT

More information

Precise Condition Synthesis for Program Repair

Precise Condition Synthesis for Program Repair Precise Condition Synthesis for Program Repair Yingfei Xiong 1, Jie Wang 1, Runfa Yan 2, Jiachen Zhang 1, Shi Han 3, Gang Huang 1, Lu Zhang 1 1 Peking University 2 University of Electronic Science and

More information

SOASTA (mpulse )

SOASTA (mpulse ) SOASTA 55.1.2 (mpulse 7950.23.1022) August 7, 2015 Table of Contents SOASTA 55.1.2 (mpulse 7950.23.1022)... 1 SOASTA 55 (mpulse 7950.24.1)... 2 Features... 2 Bugs Fixed... 3 SOASTA 55.1.2 (mpulse 7950.23.1022)

More information

Alleviating Patch Overfitting with Automatic Test Generation: A Study of Feasibility and Effectiveness for the Nopol Repair System

Alleviating Patch Overfitting with Automatic Test Generation: A Study of Feasibility and Effectiveness for the Nopol Repair System Alleviating Patch Overfitting with Automatic Test Generation: A Study of Feasibility and Effectiveness for the Nopol Repair System Zhongxing Yu Matias Martinez Benjamin Danglot Thomas Durieux Martin Monperrus

More information

Vulnerability & Attack Injection for Web Applications

Vulnerability & Attack Injection for Web Applications Vulnerability & Attack Injection for Web Applications José Fonseca Marco Vieira Henrique Madeira DSN, Estoril, Portugal, 30/06/2009 University of Coimbra, Portugal Presentation Outline Research problem

More information

iems Interactive Experiment Management System Final Report

iems Interactive Experiment Management System Final Report iems Interactive Experiment Management System Final Report Pēteris Ņikiforovs Introduction Interactive Experiment Management System (Interactive EMS or iems) is an experiment management system with a graphical

More information

CISCO IOS WARM RELOAD & WARM UPGRADE

CISCO IOS WARM RELOAD & WARM UPGRADE CISCO IOS WARM RELOAD & WARM UPGRADE INTERNET TECHNOLOGIES DIVISION SEPTEMBER 2004 1 High Availability Business depends on anywhere, anytime access to the systems, data, and applications Customers cite

More information

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1

Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability

More information

Oracle Utilities Advanced Spatial and Operational Analytics

Oracle Utilities Advanced Spatial and Operational Analytics Oracle Utilities Advanced Spatial and Operational Analytics Release Notes Release 2.4.0.4 E36255-03 December 2012 Oracle Utilities Advanced Spatial and Operational Analytics Release Notes E36255-03 Copyright

More information

BenchLab An Open Testbed for Realistic Benchmarking of Web Applications

BenchLab An Open Testbed for Realistic Benchmarking of Web Applications BenchLab An Open Testbed for Realistic Benchmarking of Web Applications http://lass.cs.umass.edu/projects/benchlab/ Emmanuel Cecchet, Veena Udayabhanu, Timothy Wood, Prashant Shenoy University of Massachusetts

More information

Content Security Policy

Content Security Policy About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training

More information

Manipulating Web Application Interfaces a New Approach to Input Validation Testing. AppSec DC Nov 13, The OWASP Foundation

Manipulating Web Application Interfaces a New Approach to Input Validation Testing. AppSec DC Nov 13, The OWASP Foundation Manipulating Web Application Interfaces a New Approach to Input Validation Testing Felipe Moreno-Strauch AppSec DC Nov 13, 2009 felipe@wobot.org http://groundspeed.wobot.org The Foundation http://www.owasp.org

More information

[Frequently Asked Questions] Accommodation Booking Website

[Frequently Asked Questions] Accommodation Booking Website [Frequently Asked Questions] Accommodation Booking Website Q. 1 I cannot register or log in. Please check the following settings. If checking the settings does not resolve the problem, changing the browser

More information

Sandboxing JavaScript. Lieven Desmet iminds-distrinet, KU Leuven OWASP BeNeLux Days 2012 (29/11/2012, Leuven) DistriNet

Sandboxing JavaScript. Lieven Desmet iminds-distrinet, KU Leuven OWASP BeNeLux Days 2012 (29/11/2012, Leuven) DistriNet Sandboxing JavaScript Lieven Desmet iminds-distrinet, KU Leuven Lieven.Desmet@cs.kuleuven.be OWASP BeNeLux Days 2012 (29/11/2012, Leuven) DistriNet About myself Lieven Desmet @lieven_desmet Research manager

More information

Designing Reusable Web Components

Designing Reusable Web Components Designing Reusable Web Components Dr. Joonas Lehtinen Vaadin @joonaslehtinen Agenda What do we want to Q & A design? Technology HTML5 / Canvas Google Web Toolkit Vaadin Framework Designing Web Component

More information

What HTTP/2 means to Java Developers?

What HTTP/2 means to Java Developers? What HTTP/2 means to Java Developers? May 2016 David Delabassee @delabassee Oracle Copyright 2016, Oracle and/or its affiliates. All rights reserved. About me Copyright 2016, Oracle and/or its affiliates.

More information

Web Services Configuration Guide

Web Services Configuration Guide Web Services Configuration Guide Freezerworks 2017 PO Box 174 Mountlake Terrace, WA 98043 www.freezerworks.com support@freezerworks.com 425-673-1974 877-289-7960 U.S. Toll Free Freezerworks is a registered

More information

Firefox quality. Mozilla Paris FOSDEM Feb 3rd 2018

Firefox quality. Mozilla Paris FOSDEM Feb 3rd 2018 Firefox quality Mozilla Paris FOSDEM Feb 3rd 2018 Bonjour! Je suis Sylvestre Ledru Je parle de Firefox Quality Twitter @SylvestreLedru 2 Bonjour! 3 Bonjour! 4 Bonjour! 5 The Firefox scale About:Firefox

More information

Tolerating Malicious Drivers in Linux. Silas Boyd-Wickizer and Nickolai Zeldovich

Tolerating Malicious Drivers in Linux. Silas Boyd-Wickizer and Nickolai Zeldovich XXX Tolerating Malicious Drivers in Linux Silas Boyd-Wickizer and Nickolai Zeldovich How could a device driver be malicious? Today's device drivers are highly privileged Write kernel memory, allocate memory,...

More information

Magazine-style websites often have lots of small items on a page. First you re going to create a heading and background for your magazine.

Magazine-style websites often have lots of small items on a page. First you re going to create a heading and background for your magazine. Magazine Introduction In this project, you ll learn how to use HTML and CSS to create a multi-page magazine website with a two page layout. You ll also revisit lots of HTML and CSS techiques from other

More information

Sixth Edition. Building an E-commerce Web Site. Building an E-commerce Site: A Systematic Approach. Most important management challenges:

Sixth Edition. Building an E-commerce Web Site. Building an E-commerce Site: A Systematic Approach. Most important management challenges: E-commerce business. technology. society. Sixth Edition Chapter 4 Kenneth C. Laudon Carol Guercio Traver Building an E-commerce Web Site Copyright 2009 Pearson Education, Inc. Education, Inc. Slide 4-1

More information

Performance Tune your Ajax Applications. The Ajax Experience 2007 Bob Buffone

Performance Tune your Ajax Applications. The Ajax Experience 2007 Bob Buffone Performance Tune your Ajax Applications The Ajax Experience 2007 Bob Buffone Agenda Introduction Performance Tuning Startup Time Runtime Metrics jslex Introduction Name: Company: Position: Bob Buffone

More information

S. Rinzivillo DATA VISUALIZATION AND VISUAL ANALYTICS

S. Rinzivillo DATA VISUALIZATION AND VISUAL ANALYTICS S. Rinzivillo rinzivillo@is/.cnr.it DATA VISUALIZATION AND VISUAL ANALYTICS WEB APPLICATIONS ARCHITECTURE Outline Web Applica/on Architecture Crash courses on: HTML CSS Javascript Web Server Node.js and

More information

Vulnerability Management From B Movie to Blockbuster Rahim Jina

Vulnerability Management From B Movie to Blockbuster Rahim Jina Vulnerability Management From B Movie to Blockbuster Rahim Jina 5 December 2018 Rahim Jina COO & Co-Founder Edgescan & BCC Risk Advisory @rahimjina rahim@edgescan.com HACKED Its (not) the $$$$ Information

More information

Abusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side)

Abusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side) Abusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side) Narendra Bhati @NarendraBhatiB http://websecgeeks.com Abusing Windows Opener To Bypass CSRF Protection Narendra Bhati Page

More information

WEB APPLICATION SCANNERS. Evaluating Past the Base Case

WEB APPLICATION SCANNERS. Evaluating Past the Base Case WEB APPLICATION SCANNERS Evaluating Past the Base Case GREG OSE PATRICK TOOMEY Presenter Intros Overview An overview of web application scanners Why is it hard to evaluate scanner efficacy? Prior Work

More information

Perceptive Process Mining

Perceptive Process Mining Perceptive Process Mining What s New Version: 2.4.x Written by: Product Documentation, R&D Date: May 2013 2013 Lexmark International Technology SA. All rights reserved Perceptive Software is a trademark

More information

McAfee epolicy Orchestrator Release Notes

McAfee epolicy Orchestrator Release Notes McAfee epolicy Orchestrator 5.9.1 Release Notes Contents About this release What's new Resolved issues Known issues Installation information Getting product information by email Where to find product documentation

More information

Test Driven Development and Refactoring. CSC 440/540: Software Engineering Slide #1

Test Driven Development and Refactoring. CSC 440/540: Software Engineering Slide #1 Test Driven Development and Refactoring CSC 440/540: Software Engineering Slide #1 Topics 1. Bugs 2. Software Testing 3. Test Driven Development 4. Refactoring 5. Automating Acceptance Tests CSC 440/540:

More information

Xignite CloudStreaming overview

Xignite CloudStreaming overview Xignite CloudStreaming overview Objectives Terminology Zero footprint Easy to implement Open standards Sample code Simple javascript implementation Handling patch messages Including error handling Using

More information

Participant User Guide, Version 2.6

Participant User Guide, Version 2.6 Developers Integration Lab (DIL) Participant User Guide, Version 2.6 3/17/2013 REVISION HISTORY Author Date Description of Change 0.1 Laura Edens Mario Hyland 9/19/2011 Initial Release 1.0 Michael Brown

More information

CIS 700/002 : Special Topics : OWASP ZED (ZAP)

CIS 700/002 : Special Topics : OWASP ZED (ZAP) CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of

More information

Oracle Communications WebRTC Session Controller. WebRTC Session Controller Features

Oracle Communications WebRTC Session Controller. WebRTC Session Controller Features Oracle Communications WebRTC Session Controller Release Notes Release 7.0 E49238-01 November 2013 These release notes list the features and known issues for WebRTC Session Controller. WebRTC Session Controller

More information

Detects Potential Problems. Customizable Data Columns. Support for International Characters

Detects Potential Problems. Customizable Data Columns. Support for International Characters Home Buy Download Support Company Blog Features Home Features HttpWatch Home Overview Features Compare Editions New in Version 9.x Awards and Reviews Download Pricing Our Customers Who is using it? What

More information

Software Engineering

Software Engineering Software Engineering Lecture 15: Testing and Debugging Debugging Peter Thiemann University of Freiburg, Germany SS 2014 Motivation Debugging is unavoidable and a major economical factor Software bugs cost

More information

Testing Error Handling Code in Device Drivers Using Characteristic Fault Injection

Testing Error Handling Code in Device Drivers Using Characteristic Fault Injection 1 Testing Error Handling Code in Device Drivers Using Characteristic Fault Injection Jia-Ju Bai, Yu-Ping Wang, Jie Yin, Shi-Min Hu Department of Computer Science and Technology Tsinghua University Beijing,

More information

I, J, K. Lightweight directory access protocol (LDAP), 162

I, J, K. Lightweight directory access protocol (LDAP), 162 Index A Access Control, 183 Administration console, 17 home page, 17 managing instances, 19 managing requests, 18 managing workspaces, 19 monitoring activity, 19 Advanced security option (ASO), 58, 262

More information

OPERA V5 11G Workstation setup guide L A S T U P D A T E S E P T E M B E R

OPERA V5 11G Workstation setup guide L A S T U P D A T E S E P T E M B E R OPERA V5 11G Workstation setup guide L A S T U P D A T E S E P T E M B E R 2 0 1 7 Table of Contents Revision History 1 Workstation Operating System Requirement 2 On Each Workstations 2 Internet Explorer

More information

Perceptive Enterprise Search

Perceptive Enterprise Search Perceptive Enterprise Search Technical Specifications Version: 10.4 Written by: Product Knowledge, R&D Date: September 2016 2015 Lexmark International Technology, S.A. All rights reserved. Lexmark is a

More information

RailsConf Europe 2008 Juggernaut Realtime Rails. Alex MacCaw and Stuart Eccles

RailsConf Europe 2008 Juggernaut Realtime Rails. Alex MacCaw and Stuart Eccles RailsConf Europe 2008 Juggernaut Realtime Rails Alex MacCaw and Stuart Eccles RailsConf Europe 2008 Juggernaut Realtime Rails Alex MacCaw and Stuart Eccles http://www.madebymany.co.uk/ server push HTTP

More information

SELENIUM - REMOTE CONTROL

SELENIUM - REMOTE CONTROL http://www.tutorialspoint.com/selenium/selenium_rc.htm SELENIUM - REMOTE CONTROL Copyright tutorialspoint.com Selenium Remote Control RC was the main Selenium project that sustained for a long time before

More information

Intrusion Recovery for Database-backed Web Applications

Intrusion Recovery for Database-backed Web Applications Intrusion Recovery for Database-backed Web Applications Ramesh Chandra, Taesoo Kim, Meelap Shah, Neha Narula, Nickolai Zeldovich MIT CSAIL Web applications routinely compromised Web applications routinely

More information

RKN 2015 Application Layer Short Summary

RKN 2015 Application Layer Short Summary RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,

More information

18-642: Testing Overview

18-642: Testing Overview 18-642: Testing Overview 9/25/2017 "In September of 1962, a news item was released stating that an $18 million rocket had been destroyed in early flight because "a single hyphen was left out of an instruction

More information

Release Notes for Public Patch Release #893 ( )

Release Notes for Public Patch Release #893 ( ) Release Notes for Public Patch Release #893 (2011-12-15) 1. Origin Product/Version OX6 v6.20.0 Rev 32 (Public Patch Release) OXtender 2 for Microsoft Outlook 7.0.35 2. Packages shipped with this Patch

More information

Support for Oracle General Ledger Essbase applications in Calculation Manager

Support for Oracle General Ledger Essbase applications in Calculation Manager Oracle Hyperion Calculation Manager Release 11.1.2.0.000 Patch Set 1 (PS1): 11.1.2.1.000 Readme [Skip Navigation Links] Purpose... 1 New Features... 1 Release 11.1.2.1 New Features... 1 Release 11.1.2

More information

How to Setup & Use the Direct Traffic Features in CPV Lab

How to Setup & Use the Direct Traffic Features in CPV Lab How to Setup & Use the Direct Traffic Features in CPV Lab Tracking Direct Traffic (Organic, Links, etc.) Direct Traffic are visitors that arrive at your landing pages without going through the campaign

More information

Browser Exploits? Grab em by the Collar! Presented By: Debasish Mandal

Browser Exploits? Grab em by the Collar! Presented By: Debasish Mandal Browser Exploits? Grab em by the Collar! Presented By: Debasish Mandal (@debasishm89) About Me Security researcher, currently working in McAfee IPS Vulnerability Research Team. Working in information security

More information

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14 Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.

More information

IBM EXAM - C Information Analyzer v8.5. Buy Full Product.

IBM EXAM - C Information Analyzer v8.5. Buy Full Product. IBM EXAM - C2090-423 Information Analyzer v8.5 Buy Full Product http://www.examskey.com/c2090-423.html Examskey IBM C2090-423 exam demo product is here for you to test the quality of the product. This

More information

Perceptive DataTransfer

Perceptive DataTransfer Perceptive DataTransfer System Overview Guide Version: 6.5.x Written by: Product Knowledge, R&D Date: May 2017 2017 Lexmark. All rights reserved. Lexmark is a trademark of Lexmark International, Inc.,

More information

EPHP a tool for learning the basics of PHP development. Nick Whitelegg School of Media Arts and Technology Southampton Solent University

EPHP a tool for learning the basics of PHP development. Nick Whitelegg School of Media Arts and Technology Southampton Solent University EPHP a tool for learning the basics of PHP development Nick Whitelegg School of Media Arts and Technology Southampton Solent University My background Lecturer at Southampton Solent University since 2003

More information

Lecture Overview. IN5290 Ethical Hacking. Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing

Lecture Overview. IN5290 Ethical Hacking. Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing Lecture Overview IN5290 Ethical Hacking Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing Summary - how web sites work HTTP protocol Client side server side actions Accessing

More information

Simple AngularJS thanks to Best Practices

Simple AngularJS thanks to Best Practices Simple AngularJS thanks to Best Practices Learn AngularJS the easy way Level 100-300 What s this session about? 1. AngularJS can be easy when you understand basic concepts and best practices 2. But it

More information

Perceptive Enterprise Search

Perceptive Enterprise Search Perceptive Enterprise Search Technical Specifications Version: 10.6 Written by: Product Knowledge, R&D Date: September 2016 2016 Lexmark International Technology, S.A. All rights reserved. Lexmark is a

More information

Ideal Test Plan. Unit testing:

Ideal Test Plan. Unit testing: Ideal Test Plan Unit testing: Frontend: Our frontend unit tests will ensure that the logic behind the user interface functions as expected. We will use Mocha to run unit tests on the frontend (javascript)

More information

Security Measures in FLEXCUBE Private Banking

Security Measures in FLEXCUBE Private Banking Security Measures in FLEXCUBE Private Banking Document Version Control Document Name Organization Security measures - FLEXCUBE Private Banking Oracle Financial Services and Software Ltd. Version Number

More information

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server...

Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing Oracle HTTP Server... Oracle Access Manager Configuration Guide for On-Premises Version 17 October 2017 Contents Introduction... 5 Configuring Single Sign-On... 7 Prerequisites for Configuring Single Sign-On... 7 Installing

More information

OpenCache. A Platform for Efficient Video Delivery. Matthew Broadbent. 1 st Year PhD Student

OpenCache. A Platform for Efficient Video Delivery. Matthew Broadbent. 1 st Year PhD Student OpenCache A Platform for Efficient Video Delivery Matthew Broadbent 1 st Year PhD Student Motivation Consumption of video content on the Internet is constantly expanding Video-on-demand is an ever greater

More information

Oracle Banking Digital Experience

Oracle Banking Digital Experience Oracle Banking Digital Experience Origination Social Media Integration User Manual Release 17.2.0.0.0 Part No. E88573-01 July 2017 Origination Social Media Integration User Manual July 2017 Oracle Financial

More information

... IBM AIX performance and tuning tips for Oracle s JD Edwards EnterpriseOne web server

... IBM AIX performance and tuning tips for Oracle s JD Edwards EnterpriseOne web server IBM AIX performance and tuning tips for Oracle s JD Edwards EnterpriseOne web server Applies to JD Edwards EnterpriseOne 9.0 with tools release 8.98 or 9.1........ Diane Webster IBM Oracle International

More information

arxiv: v2 [cs.se] 9 Jul 2018

arxiv: v2 [cs.se] 9 Jul 2018 Ultra-Large Repair Search Space with Automatically Mined Templates: the Cardumen Mode of Astor Matias Martinez 1 and Martin Monperrus 2 arxiv:1712.03854v2 [cs.se] 9 Jul 2018 1 University of Valenciennes,

More information

HTML5 Web Security. Thomas Röthlisberger IT Security Analyst

HTML5 Web Security. Thomas Röthlisberger IT Security Analyst HTML5 Web Security Thomas Röthlisberger IT Security Analyst thomas.roethlisberger@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch

More information

Zenoss Service Impact Release Notes

Zenoss Service Impact Release Notes Zenoss Service Impact Release Notes Release 5.3.1 Zenoss, Inc. www.zenoss.com Zenoss Service Impact Release Notes Copyright 2018 Zenoss, Inc. All rights reserved. Zenoss, Own IT, and the Zenoss logo are

More information

Release Notes. Lavastorm Analytics Engine 6.1.3

Release Notes. Lavastorm Analytics Engine 6.1.3 Release Notes Lavastorm Analytics Engine 6.1.3 Lavastorm Analytics Engine 6.1.3: Release Notes Legal notice Copyright THE CONTENTS OF THIS DOCUMENT ARE THE COPYRIGHT OF LIMITED. ALL RIGHTS RESERVED. THIS

More information

Exploiting unknown browsers and objects. with the Hackability inspector

Exploiting unknown browsers and objects. with the Hackability inspector Exploiting unknown browsers and objects with the Hackability inspector!1 About me U+6158 I'm a researcher at PortSwigger I hacking JavaScript 1337inalert(1) @garethheyes!2 Hackability Created to test capabilities

More information

PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH

PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH THE WEB AS A DISTRIBUTED SYSTEM 2 WEB HACKING SESSION 3 3-TIER persistent

More information

JSN PageBuilder 2 User Manual

JSN PageBuilder 2 User Manual JSN PageBuilder 2 User Manual Introduction About JSN PageBuilder 2 JSN PageBuilder 2 is the latest innovation of Joomla PageBuilder with great improvements in terms of design, features, and user experience.

More information

BUG BOUNTY AUTOMATION. Sergey

BUG BOUNTY AUTOMATION. Sergey BUG BOUNTY AUTOMATION Sergey Bobrov @Black2Fan Why? Bug Bounty programs with sites in scope: HackerOne 150+ Bugcrowd 100+ Other 100+ In each from 1 to several thousand sites My database contains 36000+

More information

Mugshot: Recording and Replaying JavaScript Applica9ons. James Mickens

Mugshot: Recording and Replaying JavaScript Applica9ons. James Mickens Mugshot: Recording and Replaying JavaScript Applica9ons James Mickens Jeremy Elson Jon Howell I ALREADY LEARNED THIS TO YOU. XOXO, JAMES Modern web sites: eventdriven func9onality via JavaScript mapitem.onclick

More information

Magento Marketplace's New Extension Quality Program

Magento Marketplace's New Extension Quality Program Magento Marketplace's New Extension Quality Program Erika Talbott Product Manager - Marketplace J Ravi Menon Architect - Marketplace Tom Erskine Lead Engineer - MFTF Overview Erika Talbott Marketplace

More information

Roadmap. Mike Chtchelkonogov Founder & Chief Technology Officer Acumatica

Roadmap. Mike Chtchelkonogov Founder & Chief Technology Officer Acumatica Roadmap Mike Chtchelkonogov Founder & Chief Technology Officer Acumatica mik@acumatica.com Andrew Boulanov Head of Platform Development Acumatica aboulanov@acumatica.com Acumatica xrp Priorities Platform

More information

CrXPRT User manual. BenchmarkXPRT Development Community

CrXPRT User manual. BenchmarkXPRT Development Community CrXPRT 2015 User manual Contents Introduction... 2 About the benchmark... 2 About the performance test... 2 About the battery life test... 2 Test workloads... 3 Installing the benchmark... 5 Configuring

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback