My First Post      My Facebook Profile      My MeOnShow Profile      W3LC Facebook Page      Learners Consortium Group      Job Portal      Shopping @Yeyhi.com

Pages










Wednesday, September 8, 2021

IMPORTANT INFORMATION FOR PARTICIPANTS for NASA Space Apps Challenge 2021 - Ghazipur, UP, India

 

IMPORTANT INFORMATION FOR PARTICIPANTS

  • Connect with your Local Lead: Each location Event Info page contains contact information for the “Local Leads” -- the Space Apps volunteers from your location who will be organizing virtual gatherings for your location and providing support to participants both prior to and during the hackathon. (The Universal Event also has a Local Lead.) Please feel free to contact Chapter Lead - Anwar Jamal at Toughjamy@yahoo.com

  • Pick a Challenge: The challenges are now available! Browse the options and decide which one you want to solve! Recommended data for each challenge can be found by clicking the "Resources" tab. We encourage you to invite your friends along! Typical Space Apps teams have 2-6 participants (the limit is 6 members per team). Space Apps is all about collaboration and the most successful teams are often ones with a diverse set of skills and expertise -- coding, storytelling, creativity, data, science, engineering, technology, and more.

  • Judging and Awards: Space Apps is all about collaboration and problem solving. However, we do offer awards to the most promising projects. More information about Judging and awards can be found in the Space Apps 2020 Judging and Awards Guide. For Ghazipur Space Apps Challenge the judges will include primarily but not limited to Mohd Anwar Jamal Faiz, Industry professionals, IEEE Members, OWASP Leaders, faculty from AMU Aligarh, PhDs and practitioners of STEM in India.

Learn more! Do you want to know more about the challenges, chat rooms, project submission, and awards and other important information? Please consult the Participant FAQ and other guides on the Space Apps resources page and on your user dashboard.

Thank you! We’re looking forward to a fun-filled Space Apps weekend!

Registration, Sponsorships and Judging

Ghazipur, Uttar Pradesh is inviting teams to register for the contest.

We also welcome sponsorships to join in the event!

Local prize winners shall be judged on the basis of idea, completeness, novelty, presentation and use of NASA available APIs and resources.

For any issues, please contact NASA Space Apps Lead - Mohd Anwar Jamal Faiz (+91-8888327658) Toughjamy@yahoo.com

SCHEDULE (ALL TIMES ASIA/KOLKATA)

Sunday, September 26th
  1. Introduction to Space Apps Challenge 2021

NASA Space Apps Challenge - Ghazipur, UP India

 Space Apps 2021 will take place OCTOBER 2–3, 2021. In light of the COVID-19 pandemic and in the interest of our global community’s health and safety, this year’s hackathon will be an all-virtual event. In other words, all local events will be moved online. Our theme for this year’s event -- "Take Action" -- is a critical reminder that you can make a difference, even from the comfort and safety of home. We have brought NASA SpaceApps Challenge to Ghazipur, UP, India this year. There is lots of talent in the Tier 2 cities of India, and the Chapter Leader and Organiser Anwar Jamal aims to motivate the youth and students of this region and bring them to compete globally!

YOU

can participate in the largest

space & science hackathon 

in the solar system!

Since its inception in 2012, NASA’s International Space Apps Challenge has become the world’s largest global hackathon, engaging thousands of citizens across the globe to use NASA’s open data to build innovative solutions to challenges we face on Earth and in space.

Space Apps is managed by the Earth Science Division, Science Mission Directorate, at NASA Headquarters in Washington, DC. It is organized in collaboration with Booz Allen Hamilton, Mindgrub, SecondMuse, and the NASA Open Innovation Applied Sciences Program.

What is NASA Space Apps Challenge

 

HELLO, SPACE APPS COMMUNITY!

Space Apps 2021 will be coming to you on October 2-3, 2021. We’re excited to embark with you on this journey!

This page contains information relevant to ALL participants - no matter which location you’re registered for. To see the particular details for your local virtual event, please select the “Event Info” tab above. That page is important because your location may be hosting special events, offering local awards, or providing additional opportunities that are not reflected on this page or in our other materials. So, make sure you’re up-to-date!

IMPORTANT INFORMATION FOR ALL PARTICIPANTS

In the interest of our global community’s continued health and safety, this year’s hackathon will be an all-virtual event. Thus, all local events will be moved online. While we hope to have in-person events in the future, we hope that this virtual environment provides new opportunities to collaborate across time and space!

Check out Our Resources

  • To celebrate our tenth annual event, our theme for Space Apps 2021 is the “The Power of Ten.” Click here to read more about the history of Space Apps and how we are celebrating this important milestone.
  • As you begin your Space Apps journey, the best resource for you to read is the 2021 Participant FAQ (Frequently Asked Questions).
  • Before the hackathon begins, detailed guides (on chat, team formation, project submission, and judging and awards) will be posted on the Space Apps resources page and on your user dashboard under "Materials.”

Register for a Location

  • You will not be able to participate in the hackathon until you have registered for a location. Please click the "Register Now" button on this page to register for this location or to create a Space Apps account (if you do not already have one).
  • If there is a location for your city or for a city near you, please register for that location. (Locations will be added through early September, so please check back for your location.)
  • If you do not see a local event for your city, please join the Universal Event. It is for everyone who is not affiliated with a location. You will be able to meet other people joining the Universal Event and form teams! (If a location near you is added at a later date, you may change your location.)
  • You can change your location at any time in your user dashboard, once you have created an account. Select "Change Location."
  • Registration will be open through the end of the hackathon. However, we encourage you to create an account and register for a location far in advance to ensure that you get plugged into the local community and that you can take full advantage that will open before the hackathon begins, such as chat and team formation.

Contact your Local Lead

Each location page contains contact information for the “Local Leads” -- the Space Apps volunteers from your location who will be organizing virtual gatherings for your location and providing support to participants both prior to and during the hackathon. The Universal Event also has a Local Lead. Don’t hesitate to reach out to them if you have questions!

Save the Dates

The hackathon will begin Saturday, October 2 at 9:00 AM (local time) and end on Sunday, October 3 at 11:59 PM (local time). But there are other important milestones before then, such as the release of challenges and virtual bootcamp videos, as well as the opening of chat and team formation. See the Participant FAQ for all of the important dates.

Recruit Friends

We encourage you to invite your friends along! Typical Space Apps teams have 2-6 participants (the limit is 6 members per team). Space Apps is all about collaboration and the most successful teams are often ones with a diverse set of skills and expertise -- coding, storytelling, creativity, data, science, engineering, technology, and more.

Connect with the Community

Follow Space Apps on TwitterInstagramFacebook, and YouTube to receive the latest announcements.

Have additional questions?

If you are unable to find answers to your questions in our resources or from your Local Lead, please email us as info@spaceappschallenge.org. We will update this page as additional information and features are available.

WE LOOK FORWARD TO A FANTASTIC HACKATHON. THANK YOU FOR BEING A PART OF THE SPACE APPS GLOBAL COMMUNITY!

Sunday, September 5, 2021

Different Application Security Testing Tools: Major Classification

 Static Application Security Testing (SAST)

SAST tools can be thought of as white-hat or white-box testing, where the tester knows information about the system or software being tested, including an architecture diagram, access to source code, etc. SAST tools examine source code (at rest) to detect and report weaknesses that can lead to security vulnerabilities.

Source-code analyzers can run on non-compiled code to check for defects such as numerical errors, input validation, race conditions, path traversals, pointers and references, and more. Binary and byte-code analyzers do the same on built and compiled code. Some tools run on source code only, some on compiled code only, and some on both.


Dynamic Application Security Testing (DAST)

In contrast to SAST tools, DAST tools can be thought of as black-hat or black-box testing, where the tester has no prior knowledge of the system. They detect conditions that indicate a security vulnerability in an application in its running state. DAST tools run on operating code to detect issues with interfaces, requests, responses, scripting (i.e. JavaScript), data injection, sessions, authentication, and more.

DAST tools employ fuzzing too: throwing known invalid and unexpected test cases at an application, often in large volume.


Origin Analysis/Software Composition Analysis (SCA)

Software-governance processes that depend on manual inspection are prone to failure. SCA tools examine software to determine the origins of all components and libraries within the software. These tools are highly effective at identifying and finding vulnerabilities in common and popular components, particularly open-source components. They do not, however, detect vulnerabilities for in-house custom developed components.

SCA tools are most effective in finding common and popular libraries and components, particularly open-source pieces. They work by comparing known modules found in code to a list of known vulnerabilities. The SCA tools find components that have known and documented vulnerabilities and will often advise if components are out of date or have patches available.


Database Security Scanning

The SQL Slammer worm of 2003 exploited a known vulnerability in a database-management system that had a patch released more than one year before the attack. Although databases are not always considered part of an application, application developers often rely heavily on the database, and applications can often heavily affect databases. Database-security-scanning tools check for updated patches and versions, weak passwords, configuration errors, access control list (ACL) issues, and more. Some tools can mine logs looking for irregular patterns or actions, such as excessive administrative actions.


Interactive Application Security Testing (IAST) and Hybrid Tools

Hybrid approaches have been available for a long time, but more recently have been categorized and discussed using the term IAST. IAST tools use a combination of static and dynamic analysis techniques. They can test whether known vulnerabilities in code are actually exploitable in the running application.

IAST tools use knowledge of application flow and data flow to create advanced attack scenarios and use dynamic analysis results recursively: as a dynamic scan is being performed, the tool will learn things about the application based on how it responds to test cases. 


Mobile Application Security Testing (MAST)

MAST Tools are a blend of static, dynamic, and forensics analysis. They perform some of the same functions as traditional static and dynamic analyzers but enable mobile code to be run through many of those analyzers as well. MAST tools have specialized features that focus on issues specific to mobile applications, such as jail-breaking or rooting of the device, spoofed WI-FI connections, handling and validation of certificates, prevention of data leakage, and more.


Application Security Testing as a Service (ASTaaS)

As the name suggests, with ASTaaS, you pay someone to perform security testing on your application. The service will usually be a combination of static and dynamic analysis, penetration testing, testing of application programming interfaces (APIs), risk assessments, and more. ASTaaS can be used on traditional applications, especially mobile and web apps.

Momentum for the use of ASTaaS is coming from use of cloud applications, where resources for testing are easier to marshal.


Correlation Tools

Dealing with false positives is a big issue in application security testing. Correlation tools can help reduce some of the noise by providing a central repository for findings from others AST tools.

Different AST tools will have different findings, so correlation tools correlate and analyze results from different AST tools and help with validation and prioritization of findings, including remediation workflows. Whereas some correlation tools include code scanners, they are useful mainly for importing findings from other tools.


Test-Coverage Analyzers

Test-coverage analyzers measure how much of the total program code has been analyzed. The results can be presented in terms of statement coverage (percentage of lines of code tested) or branch coverage (percentage of available paths tested).

For large applications, acceptable levels of coverage can be determined in advance and then compared to the results produced by test-coverage analyzers to accelerate the testing-and-release process. These tools can also detect if particular lines of code or branches of logic are not actually able to be reached during program execution, which is inefficient and a potential security concern. Some SAST tools incorporate this functionality into their products, but standalone products also exist.


Application Security Testing Orchestration (ASTO)

While the term ASTO is newly coined by Gartner since this is an emerging field, there are tools that have been doing ASTO already, mainly those created by correlation-tool vendors. The idea of ASTO is to have central, coordinated management and reporting of all the different AST tools running in an ecosystem. It is still too early to know if the term and product lines will endure, but as automated testing becomes more ubiquitous, ASTO does fill a need.


Selecting Testing Tool Types

There are many factors to consider when selecting from among these different types of AST tools. If you are wondering how to begin, the biggest decision you will make is to get started by beginning using the tools. According to a 2013 Microsoft security study, 76 percent of U.S. developers use no secure application-program process and more than 40 percent of software developers globally said that security wasn't a top priority for them. Our strongest recommendation is that you exclude yourself from these percentages.

There are factors that will help you to decide which type of AST tools to use and to determine which products within an AST tool class to use. It is important to note, however, that no single tool will solve all problems. As stated above, security is not binary; the goal is to reduce risk and exposure.


Network Security Tools

Though they are not directly the part of Application Security domain, however without these fully implemented and running the application shall be prone to more and more risks. There is a separate post for list or types of network security tools.



Monday, August 16, 2021

How to fix Mission Control Not working on MAC OS

Mission Control is a feature of the macOS operating system. Dashboard, Exposé, and Spaces were combined and renamed Mission Control in 2011 with the release of Mac OS X 10.7 Lion. Exposé was first previewed on June 23, 2003, at the Apple Worldwide Developers Conference as a feature of the then forthcoming Mac OS X 10.3 Panther.


Mission Control allows a user to do the following:

  • View all open application windows
  • View all open application windows of a specific application
  • Hide all application windows and show the desktop
  • Manage application windows across multiple monitors
  • Manage application windows across multiple virtual desktops

 



How to Open Mission Control:

  1. Swipe up with three or four fingers on your trackpad, or double-tap the surface of your Magic Mouse with two fingers.
  2. Open the Mission Control app, which is in your Applications folder.
  3. Press the Mission Control key  on your Apple keyboard or Touch Bar.


In case mission Control is not working despite all settings, use following command on terminal. This is some what magical solution Fix Mission control if it is not working on macOS Catalina, Big Surprise, Mojave. So try and thank me later ;)


Command:

  • defaults write com.apple.dock mcx-expose-disabled -bool FALSE
  • killall Dock


Note: Please execute both commands on terminal one after the other on same shell.

Tuesday, March 23, 2021

How to undo a Git Add Command befor any commit

 This is a very simple mistake by developers that they accidentally add a file locally using the Git add command.


Sometimes a git add * command also adds all the files. What to do in such situation is the aim of this post.


Let's take an example:

Suppose, I mistakenly added files to Git using the command:

git add anwar-jamal-faiz.txt

I have not yet run git commit. Is there a way to undo this, so these files won't be included in the commit?

You can undo git add before commit with


git reset <file>

eg: git reset anwar-jamal-faiz.txt

which will remove it from the current index (the "about to be committed" list) without changing anything else.


You can also use: git reset

without any file name to unstage all due changes. This can come in handy when there are too many files to be listed one by one in a reasonable amount of time.


Cheers ;)


Monday, February 15, 2021

Tim Berners Lee created the web. Now he’s out to remake the digital world.

Tim Berners Lee is lately busy thinking over following questions:
  • The Internet Hasn’t Lived Up to Expectations, What is the Way Forward?
  • The internet was supposed to be an infrastructure that gave everyone access to self-actualize and create value no matter how competitive it became, but we are failing at that.

Let's note that the beauty of the web is that it is not just a solution or digital product, but it was invented as an infrastructure for other internet related solutions to be built upon, and it hasn’t really failed in that regards as we have seen the rise of various software solutions, mobile apps, websites, artificial intelligence, and the likes. The web has become a hub for people to create various forms of value even as technology and the internet continue to penetrate into every aspect of human life.

As people began to create imaginative solutions and platforms, the battle to stand out and lead various business categories, trumped the initial purpose of the internet as the web has now been dominated by certain gatekeepers and the various value chain is now being manipulated to the benefits of a selected few. There are various factors that have contributed to the present toxic and unhealthy state of the internet but they all seem to revolve around these three factors: access to the value in the ecosystem, data control, and market monopoly.



But now, Berners-Lee, 65, believes the online world has gone astray. Too much power and too much personal data, he said, reside with tech giants like Google and Facebook — “silos” is the generic term he favors, instead of referring to the companies by name. Fueled by vast troves of data, he said, they have become surveillance platforms and gatekeepers of innovation.

Releasing his creation for free 30 years ago, the inventor of the world wide web, Tim Berners-Lee, famously declared: “this is for everyone”. Today, his invention is used by billions – but it also hosts the authoritarian crackdowns of antidemocratic governments, and supports the infrastructure of the most wealthy and powerful companies on Earth.

Now, in an effort to return the internet to the golden age that existed before its current incarnation as Web 2.0 – characterised by invasive data harvesting by governments and corporations – Berners-Lee has devised a plan to save his invention.

This involves his brand of “data sovereignty” – which means giving users power over their data – and it means wrestling back control of the personal information we surrendered to big tech many years ago.

Berners-Lee’s latest intervention comes as increasing numbers of people regard the online world as a landscape dominated by a few tech giants, thriving on a system of “surveillance capitalism” – which sees our personal data extracted and harvested by online giants before being used to target advertisements at us as we browse the web.

The idea behind solid is to create a platform where every user of the web can create their own Personal Online data stores(Pods) that would be used to store their personal and private data and be used to regulate the way any service provider can use these data; an individual can host this data on a solid server with their personalized access to the data that is used to decide if software applications can read or write on the data, therefore, the user has total control over his/her data and does not have to worry about leaving any data behind whenever they delete a mobile app as the app cannot store their data but can only read or write on it.

The company (Inrupt is responsible for Solid), is already receiving positive responses as it claims that there are already is already claiming that there are already 1200 new Solid community members, more than 30 open-source developers building apps on the platform, and 60,000 developer accounts.

Others say the Solid-Inrupt technology is only part of the answer. “There is lots of work outside Tim Berners-Lee’s project that will be vital to the vision,” said Kaliya Young, co-chair of the Internet Identity Workshop, whose members focus on digital identity.

Berners-Lee said that his team was not inventing its own identity system, and that anything that worked could plug into its technology.

Inrupt faces a series of technical challenges, but none that are “go-to-the-moon hard,” said Bruce Schneier, a well-known computer security and privacy expert, who has joined Inrupt as its chief of security architecture. And Schneier is an optimist. “This technology could unlock an enormous amount of innovation,” potentially becoming a new platform as the iPhone was for smartphone apps, he said.

“I think this stands a good chance of changing how the internet works,” he said. “Oddly, Tim has done it before."