My First Post      My Facebook Profile      My MeOnShow Profile      W3LC Facebook Page      Learners Consortium Group      Job Portal      Shopping @Yeyhi.com

Pages










Wednesday, September 8, 2021

IMPORTANT INFORMATION FOR PARTICIPANTS for NASA Space Apps Challenge 2021 - Ghazipur, UP, India

 

IMPORTANT INFORMATION FOR PARTICIPANTS

  • Connect with your Local Lead: Each location Event Info page contains contact information for the “Local Leads” -- the Space Apps volunteers from your location who will be organizing virtual gatherings for your location and providing support to participants both prior to and during the hackathon. (The Universal Event also has a Local Lead.) Please feel free to contact Chapter Lead - Anwar Jamal at Toughjamy@yahoo.com

  • Pick a Challenge: The challenges are now available! Browse the options and decide which one you want to solve! Recommended data for each challenge can be found by clicking the "Resources" tab. We encourage you to invite your friends along! Typical Space Apps teams have 2-6 participants (the limit is 6 members per team). Space Apps is all about collaboration and the most successful teams are often ones with a diverse set of skills and expertise -- coding, storytelling, creativity, data, science, engineering, technology, and more.

  • Judging and Awards: Space Apps is all about collaboration and problem solving. However, we do offer awards to the most promising projects. More information about Judging and awards can be found in the Space Apps 2020 Judging and Awards Guide. For Ghazipur Space Apps Challenge the judges will include primarily but not limited to Mohd Anwar Jamal Faiz, Industry professionals, IEEE Members, OWASP Leaders, faculty from AMU Aligarh, PhDs and practitioners of STEM in India.

Learn more! Do you want to know more about the challenges, chat rooms, project submission, and awards and other important information? Please consult the Participant FAQ and other guides on the Space Apps resources page and on your user dashboard.

Thank you! We’re looking forward to a fun-filled Space Apps weekend!

Registration, Sponsorships and Judging

Ghazipur, Uttar Pradesh is inviting teams to register for the contest.

We also welcome sponsorships to join in the event!

Local prize winners shall be judged on the basis of idea, completeness, novelty, presentation and use of NASA available APIs and resources.

For any issues, please contact NASA Space Apps Lead - Mohd Anwar Jamal Faiz (+91-8888327658) Toughjamy@yahoo.com

SCHEDULE (ALL TIMES ASIA/KOLKATA)

Sunday, September 26th
  1. Introduction to Space Apps Challenge 2021

NASA Space Apps Challenge - Ghazipur, UP India

 Space Apps 2021 will take place OCTOBER 2–3, 2021. In light of the COVID-19 pandemic and in the interest of our global community’s health and safety, this year’s hackathon will be an all-virtual event. In other words, all local events will be moved online. Our theme for this year’s event -- "Take Action" -- is a critical reminder that you can make a difference, even from the comfort and safety of home. We have brought NASA SpaceApps Challenge to Ghazipur, UP, India this year. There is lots of talent in the Tier 2 cities of India, and the Chapter Leader and Organiser Anwar Jamal aims to motivate the youth and students of this region and bring them to compete globally!

YOU

can participate in the largest

space & science hackathon 

in the solar system!

Since its inception in 2012, NASA’s International Space Apps Challenge has become the world’s largest global hackathon, engaging thousands of citizens across the globe to use NASA’s open data to build innovative solutions to challenges we face on Earth and in space.

Space Apps is managed by the Earth Science Division, Science Mission Directorate, at NASA Headquarters in Washington, DC. It is organized in collaboration with Booz Allen Hamilton, Mindgrub, SecondMuse, and the NASA Open Innovation Applied Sciences Program.

What is NASA Space Apps Challenge

 

HELLO, SPACE APPS COMMUNITY!

Space Apps 2021 will be coming to you on October 2-3, 2021. We’re excited to embark with you on this journey!

This page contains information relevant to ALL participants - no matter which location you’re registered for. To see the particular details for your local virtual event, please select the “Event Info” tab above. That page is important because your location may be hosting special events, offering local awards, or providing additional opportunities that are not reflected on this page or in our other materials. So, make sure you’re up-to-date!

IMPORTANT INFORMATION FOR ALL PARTICIPANTS

In the interest of our global community’s continued health and safety, this year’s hackathon will be an all-virtual event. Thus, all local events will be moved online. While we hope to have in-person events in the future, we hope that this virtual environment provides new opportunities to collaborate across time and space!

Check out Our Resources

  • To celebrate our tenth annual event, our theme for Space Apps 2021 is the “The Power of Ten.” Click here to read more about the history of Space Apps and how we are celebrating this important milestone.
  • As you begin your Space Apps journey, the best resource for you to read is the 2021 Participant FAQ (Frequently Asked Questions).
  • Before the hackathon begins, detailed guides (on chat, team formation, project submission, and judging and awards) will be posted on the Space Apps resources page and on your user dashboard under "Materials.”

Register for a Location

  • You will not be able to participate in the hackathon until you have registered for a location. Please click the "Register Now" button on this page to register for this location or to create a Space Apps account (if you do not already have one).
  • If there is a location for your city or for a city near you, please register for that location. (Locations will be added through early September, so please check back for your location.)
  • If you do not see a local event for your city, please join the Universal Event. It is for everyone who is not affiliated with a location. You will be able to meet other people joining the Universal Event and form teams! (If a location near you is added at a later date, you may change your location.)
  • You can change your location at any time in your user dashboard, once you have created an account. Select "Change Location."
  • Registration will be open through the end of the hackathon. However, we encourage you to create an account and register for a location far in advance to ensure that you get plugged into the local community and that you can take full advantage that will open before the hackathon begins, such as chat and team formation.

Contact your Local Lead

Each location page contains contact information for the “Local Leads” -- the Space Apps volunteers from your location who will be organizing virtual gatherings for your location and providing support to participants both prior to and during the hackathon. The Universal Event also has a Local Lead. Don’t hesitate to reach out to them if you have questions!

Save the Dates

The hackathon will begin Saturday, October 2 at 9:00 AM (local time) and end on Sunday, October 3 at 11:59 PM (local time). But there are other important milestones before then, such as the release of challenges and virtual bootcamp videos, as well as the opening of chat and team formation. See the Participant FAQ for all of the important dates.

Recruit Friends

We encourage you to invite your friends along! Typical Space Apps teams have 2-6 participants (the limit is 6 members per team). Space Apps is all about collaboration and the most successful teams are often ones with a diverse set of skills and expertise -- coding, storytelling, creativity, data, science, engineering, technology, and more.

Connect with the Community

Follow Space Apps on TwitterInstagramFacebook, and YouTube to receive the latest announcements.

Have additional questions?

If you are unable to find answers to your questions in our resources or from your Local Lead, please email us as info@spaceappschallenge.org. We will update this page as additional information and features are available.

WE LOOK FORWARD TO A FANTASTIC HACKATHON. THANK YOU FOR BEING A PART OF THE SPACE APPS GLOBAL COMMUNITY!

Sunday, September 5, 2021

Different Application Security Testing Tools: Major Classification

 Static Application Security Testing (SAST)

SAST tools can be thought of as white-hat or white-box testing, where the tester knows information about the system or software being tested, including an architecture diagram, access to source code, etc. SAST tools examine source code (at rest) to detect and report weaknesses that can lead to security vulnerabilities.

Source-code analyzers can run on non-compiled code to check for defects such as numerical errors, input validation, race conditions, path traversals, pointers and references, and more. Binary and byte-code analyzers do the same on built and compiled code. Some tools run on source code only, some on compiled code only, and some on both.


Dynamic Application Security Testing (DAST)

In contrast to SAST tools, DAST tools can be thought of as black-hat or black-box testing, where the tester has no prior knowledge of the system. They detect conditions that indicate a security vulnerability in an application in its running state. DAST tools run on operating code to detect issues with interfaces, requests, responses, scripting (i.e. JavaScript), data injection, sessions, authentication, and more.

DAST tools employ fuzzing too: throwing known invalid and unexpected test cases at an application, often in large volume.


Origin Analysis/Software Composition Analysis (SCA)

Software-governance processes that depend on manual inspection are prone to failure. SCA tools examine software to determine the origins of all components and libraries within the software. These tools are highly effective at identifying and finding vulnerabilities in common and popular components, particularly open-source components. They do not, however, detect vulnerabilities for in-house custom developed components.

SCA tools are most effective in finding common and popular libraries and components, particularly open-source pieces. They work by comparing known modules found in code to a list of known vulnerabilities. The SCA tools find components that have known and documented vulnerabilities and will often advise if components are out of date or have patches available.


Database Security Scanning

The SQL Slammer worm of 2003 exploited a known vulnerability in a database-management system that had a patch released more than one year before the attack. Although databases are not always considered part of an application, application developers often rely heavily on the database, and applications can often heavily affect databases. Database-security-scanning tools check for updated patches and versions, weak passwords, configuration errors, access control list (ACL) issues, and more. Some tools can mine logs looking for irregular patterns or actions, such as excessive administrative actions.


Interactive Application Security Testing (IAST) and Hybrid Tools

Hybrid approaches have been available for a long time, but more recently have been categorized and discussed using the term IAST. IAST tools use a combination of static and dynamic analysis techniques. They can test whether known vulnerabilities in code are actually exploitable in the running application.

IAST tools use knowledge of application flow and data flow to create advanced attack scenarios and use dynamic analysis results recursively: as a dynamic scan is being performed, the tool will learn things about the application based on how it responds to test cases. 


Mobile Application Security Testing (MAST)

MAST Tools are a blend of static, dynamic, and forensics analysis. They perform some of the same functions as traditional static and dynamic analyzers but enable mobile code to be run through many of those analyzers as well. MAST tools have specialized features that focus on issues specific to mobile applications, such as jail-breaking or rooting of the device, spoofed WI-FI connections, handling and validation of certificates, prevention of data leakage, and more.


Application Security Testing as a Service (ASTaaS)

As the name suggests, with ASTaaS, you pay someone to perform security testing on your application. The service will usually be a combination of static and dynamic analysis, penetration testing, testing of application programming interfaces (APIs), risk assessments, and more. ASTaaS can be used on traditional applications, especially mobile and web apps.

Momentum for the use of ASTaaS is coming from use of cloud applications, where resources for testing are easier to marshal.


Correlation Tools

Dealing with false positives is a big issue in application security testing. Correlation tools can help reduce some of the noise by providing a central repository for findings from others AST tools.

Different AST tools will have different findings, so correlation tools correlate and analyze results from different AST tools and help with validation and prioritization of findings, including remediation workflows. Whereas some correlation tools include code scanners, they are useful mainly for importing findings from other tools.


Test-Coverage Analyzers

Test-coverage analyzers measure how much of the total program code has been analyzed. The results can be presented in terms of statement coverage (percentage of lines of code tested) or branch coverage (percentage of available paths tested).

For large applications, acceptable levels of coverage can be determined in advance and then compared to the results produced by test-coverage analyzers to accelerate the testing-and-release process. These tools can also detect if particular lines of code or branches of logic are not actually able to be reached during program execution, which is inefficient and a potential security concern. Some SAST tools incorporate this functionality into their products, but standalone products also exist.


Application Security Testing Orchestration (ASTO)

While the term ASTO is newly coined by Gartner since this is an emerging field, there are tools that have been doing ASTO already, mainly those created by correlation-tool vendors. The idea of ASTO is to have central, coordinated management and reporting of all the different AST tools running in an ecosystem. It is still too early to know if the term and product lines will endure, but as automated testing becomes more ubiquitous, ASTO does fill a need.


Selecting Testing Tool Types

There are many factors to consider when selecting from among these different types of AST tools. If you are wondering how to begin, the biggest decision you will make is to get started by beginning using the tools. According to a 2013 Microsoft security study, 76 percent of U.S. developers use no secure application-program process and more than 40 percent of software developers globally said that security wasn't a top priority for them. Our strongest recommendation is that you exclude yourself from these percentages.

There are factors that will help you to decide which type of AST tools to use and to determine which products within an AST tool class to use. It is important to note, however, that no single tool will solve all problems. As stated above, security is not binary; the goal is to reduce risk and exposure.


Network Security Tools

Though they are not directly the part of Application Security domain, however without these fully implemented and running the application shall be prone to more and more risks. There is a separate post for list or types of network security tools.