Presentation is loading. Please wait.

Presentation is loading. Please wait.

Strategic Security, Inc. © Time To Learn How To Program.

Published byDominick Francis Modified over 9 years ago

Similar presentations

Presentation on theme: "Strategic Security, Inc. © Time To Learn How To Program."— Presentation transcript:

1 Strategic Security, Inc. © http://www.strategicsec.com/ Time To Learn How To Program

2 Strategic Security, Inc. © http://www.strategicsec.com/ No Geekenese A lot of computer scientists will be familiar with programming concepts such as: Turing’s Primitives Programming Logic Data Structures and Algorithms Object Oriented Programming If you are like me then none of this stuff makes any sense to you I don’t understand any of this stuff, and don’t plan on trying I’m regular working stiff – so that means that I like: Alcohol Sports Barbequing My weekends are no longer consumed with writing code or recompiling my kernel We will focus on the job. Application development and security for working InfoSec professionals

3 Strategic Security, Inc. © http://www.strategicsec.com/ THINK CODE

4 Strategic Security, Inc. © http://www.strategicsec.com/ Programming is simple Skip programming logic – let’s keep this simple Code can only do 3 things: Processing Decision Looping

5 Strategic Security, Inc. © http://www.strategicsec.com/ Keep it simple Processing Read Write Math Decisions If/Then Looping For While

6 Strategic Security, Inc. © http://www.strategicsec.com/ Programming Logic Write a log parser using what I just taught you Think it through… READ the log file, FOR every line in the log file, IF you see this IP address, WRITE found the IP Write a port scanner using what I just taught you Think it through… READ the list of ports to connect to, FOR every port in the, WRITE the connection to the port, IF the port is open, WRITE port is open, IF the port is closed, WRITE port is closed

7 Strategic Security, Inc. © http://www.strategicsec.com/ Code is like building blocks

8 Strategic Security, Inc. © http://www.strategicsec.com/ Be Lazy and start small Write some code that does something You probably don’t think you can write a tax program like QuickBooks or TurboTax But I bet you can figure out how to calculate sales tax So maybe sales tax is 7%, so how about we do x *.07 Salestax = x *.07

9 Strategic Security, Inc. © http://www.strategicsec.com/ Be Lazy and start small Ok we started with Salestax = x *.07 Once you have a few lines of code (usually less than 10 lines) Take the code that you wrote and you put it in a FUNCTION called “salestax” Now anytime you need to calculate sales tax you just call the salestax function. Then you do the same thing for: Incometax Propertytax Estatetax

10 Strategic Security, Inc. © http://www.strategicsec.com/ Be Lazy and start small Ok we started with a FUNCTION called “salestax” Then we created more functions: Incometax Propertytax Estatetax Now, you take all of those functions and you put them in a CLASS A class is just a container of objects and functions (for right now – more later) This is what developers mean when they talk about making code modular

11 Strategic Security, Inc. © http://www.strategicsec.com/ Class Example In Java

12 Strategic Security, Inc. © http://www.strategicsec.com/ Object Example In Java

13 Strategic Security, Inc. © http://www.strategicsec.com/ Object Example In Java

14 Strategic Security, Inc. © http://www.strategicsec.com/ You down with OOP? OOP allows classes to inherit commonly used state and behavior from other classes. Objects often have a certain amount of similarities Mountain bikes, road bikes, and tandem bikes, all share the characteristics of bicycles (current speed, current pedal cadence, current gear). But they also have their own special features: –tandem bicycles have two seats and two sets of handlebars –road bikes have drop handlebars –some mountain bikes have an additional chain ring, giving them a lower gear ratio

15 Strategic Security, Inc. © http://www.strategicsec.com/ You down with OOP? In this example, Bicycle now becomes the superclass of MountainBike, RoadBike, and TandemBike.

16 Strategic Security, Inc. © http://www.strategicsec.com/ Time To Do Something Define this stuff Simple Programming Array Function Class Library Header File Interpreted Languages Compiled Languages

17 Strategic Security, Inc. © http://www.strategicsec.com/ Break

18 Strategic Security, Inc. © http://www.strategicsec.com/ Break

19 Strategic Security, Inc. © http://www.strategicsec.com/ Software Alphabet Soup Client-Server, Multi-Tier, MVC, MVP, MVVM, SOA

20 Strategic Security, Inc. © http://www.strategicsec.com/ What is Software Architecture?

21 Strategic Security, Inc. © http://www.strategicsec.com/ Software Architecture Software architecture is a technical blueprint explaining how the system will be structured The system architecture describes: How the system will be decomposed into subsystems (modules) Responsibilities of each module Interaction between the modules Platforms and technologies Each module could also implement a certain architectural model / pattern

22 Strategic Security, Inc. © http://www.strategicsec.com/ A Simple App – Just Kidding

23 Strategic Security, Inc. © http://www.strategicsec.com/ Ouch – Let’s slow down

24 Strategic Security, Inc. © http://www.strategicsec.com/ Client-Server Architecture

25 Strategic Security, Inc. © http://www.strategicsec.com/ Example of Multi-Tier Software Architecture

26 Strategic Security, Inc. © http://www.strategicsec.com/ Client-Server Architecture The client-server model consists of: Server – a single machine / application that provides services to multiple clients Could be IIS based Web server Could be WCF based service Could be a services in the cloud Clients –software applications that provide UI (front-end) to access the services at the server Could be WPF, HTML5, Silverlight, ASP.NET, …

27 Strategic Security, Inc. © http://www.strategicsec.com/ The Client-Server Model Server Desktop Client Mobile Client Machine network connection

28 Strategic Security, Inc. © http://www.strategicsec.com/ Client-Server Model – Examples Web server (IIS) – Web browser (Firefox) FTP server (ftpd) – FTP client (FileZilla) EMail server (qmail) – email client (Outlook) SQL Server – SQL Server Management Studio BitTorrent Tracker – Torrent client (μTorrent) DNS server (bind) – DNS client (resolver) DHCP server (wireless router firmware) – DHCP client (mobile phone /Android DHCP client/) SMB server (Windows) – SMB client (Windows)

29 Strategic Security, Inc. © http://www.strategicsec.com/ 3-Tier / Multi-Tier Architectures Classical Layered Structure of Software Systems

30 Strategic Security, Inc. © http://www.strategicsec.com/ The 3-Tier Architecture The 3-tier architecture consists of the following tiers (layers): Front-end (client layer) Client software – provides the UI of the system Middle tier (business layer) Server software – provides the core system logic Implements the business processes / services Back-end (data layer) Manages the data of the system (database / cloud)

31 Strategic Security, Inc. © http://www.strategicsec.com/ The 3-Tier Architecture Business Logic Desktop Client Mobile Client Machine network Database Data Tier (Back-End) Middle Tier (Business Tier) Client Tier (Front-End)

32 Strategic Security, Inc. © http://www.strategicsec.com/ Typical Layers of the Middle Tier The middle tier usually has parts related to the front-end, business logic and back-end: Presentation Logic Implements the UI of the application (HTML5, Silverlight, WPF, …) Business Logic Implements the core processes / services of the application Data Access Logic Implements the data access functionality (usually ORM framework)

33 Strategic Security, Inc. © http://www.strategicsec.com/ Multi-Tier Architecture DB ORM WCF ASP.NET HTML

34 Strategic Security, Inc. © http://www.strategicsec.com/ Time To Do Something Define this stuff Presentation Layer HTML CSS Business Logic Layer Ruby on Rails, Django C#, ASP.NET J2EE, JPA, JSF NOTE: The programming languages in this layer produce the stuff in the presentation layer, and provides the guts of the app or business logic. (this confuses people) Database Layer Oracle MSSQL

35 Strategic Security, Inc. © http://www.strategicsec.com/ Break

36 Strategic Security, Inc. © http://www.strategicsec.com/ MVC (Model- View-Controller) What is MVC and How It Works?

37 Strategic Security, Inc. © http://www.strategicsec.com/ Model-View-Controller (MVC) Model-View-Controller (MVC) architecture Separates the business logic from application data and presentation Model Keeps the application state (data) View Displays the data to the user (shows UI) Controller Handles the interaction with the user

38 Strategic Security, Inc. © http://www.strategicsec.com/ MVC Architecture Blueprint

39 Strategic Security, Inc. © http://www.strategicsec.com/ MVC-Based Frameworks.NET ASP.NET MVC, MonoRail Java JavaServer Faces (JSF), Struts, Spring Web MVC, Tapestry, JBoss Seam, Swing PHP CakePHP, Symfony, Zend, Joomla, Yii, Mojavi Python Django, Zope Application Server, TurboGears Ruby on Rails

40 Strategic Security, Inc. © http://www.strategicsec.com/ MVC-Based Frameworks MVC does not replace the multi- tier architecture Both are usually used together Typical multi-tier architecture can use MVC To separate logic, data and presentation Model (Data) Data Access Logic Views (Presentation) Controllers (Business Logic)

41 Strategic Security, Inc. © http://www.strategicsec.com/ MVP (Model-View-Presenter) What is MVP Architecture and How it Works?

42 Strategic Security, Inc. © http://www.strategicsec.com/ Model-View-Presenter (MVP) Model-View-Presenter (MVP) is UI design pattern similar to MVC Model Keeps application data (state) View Presentation – displays the UI and handles UI events (keyboard, mouse, etc.) Presenter Presentation logic (prepares data taken from the model to be displayed in certain format) MVP is usually used for building user interfaces (can be in any MVC framework)

43 Strategic Security, Inc. © http://www.strategicsec.com/ Presentation-Abstraction-Control (PAC) What is PAC and How It Works?

44 Strategic Security, Inc. © http://www.strategicsec.com/ Presentation-Abstraction-Control (PAC) Presentation-Abstraction-Control (PAC) interaction-oriented architectural pattern Similar to MVC but is hierarchical (like HMVC) Presentation Prepares data for the UI (similar to View) Abstraction Retrieves and processes data (similar to Model) Control Flow-control and communication (similar to Controller)

45 Strategic Security, Inc. © http://www.strategicsec.com/ Presentation-Abstraction-Control (PAC) – Hierarchy

46 Strategic Security, Inc. © http://www.strategicsec.com/ MVVM (Model -View-ViewModel) What is MVVM and How It Works?

47 Strategic Security, Inc. © http://www.strategicsec.com/ Model-View-ViewModel (MVVM) Model-View-ViewModel (MVVM) is architectural pattern for modern UI development Invented by Microsoft for use in WPF and Silverlight Based on MVC, MVP and Martin Fowler's Presentation Model pattern Officially published in the Prism project (Composite Application Guidance for WPF and Silverlight) Separates the "view layer" (state and behavior) from the rest of the application

48 Strategic Security, Inc. © http://www.strategicsec.com/ MVVM Structure Model Keeps the application data / state representation E.g. data access layer or ORM framework View UI elements of the application Windows, forms, controls, fields, buttons, etc. ViewModel Data binder and converter that changes the Model information into View information Exposes commands for binding in the Views

49 Strategic Security, Inc. © http://www.strategicsec.com/ MVVM in WPF / Silverlight View – implemented by XAML code + code behind C# class Model – implemented by WCF services / ORM framework / data access classes ViewModel – implemented by C# class and keeps data (properties), commands (code), notifications

50 Strategic Security, Inc. © http://www.strategicsec.com/ MVVM in WPF / Silverlight MVVM is typically used in XAML applications (WPF, Silverlight, WP7) and supports unit testing

51 Strategic Security, Inc. © http://www.strategicsec.com/ MVP vs. MVVM Patterns MVVM is like MVP but leverages the platform's build-in bi-directional data binding mechanisms

52 Strategic Security, Inc. © http://www.strategicsec.com/ Break

53 Strategic Security, Inc. © http://www.strategicsec.com/ SOA (Service-Oriented Architecture) SOA and Cloud Computing

54 Strategic Security, Inc. © http://www.strategicsec.com/ What is SOA? Service-Oriented Architecture (SOA) is a concept for development of software systems Using reusable building blocks (components) called "services” Services in SOA are: Autonomous, stateless business functions Accept requests and return responses Use well-defined, standard interface

55 Strategic Security, Inc. © http://www.strategicsec.com/ What is SOA? Autonomous Each service operates autonomously Without any awareness that other services exist Stateless Have no memory, do not remember state Easy to scale Request-response model Client asks, server returns answer

56 Strategic Security, Inc. © http://www.strategicsec.com/ SOA Services (2) Communication through standard protocols XML, SOAP, JSON, RSS, ATOM,... HTTP, FTP, SMTP, RPC,... Not dependent on OS, platforms, programming languages Discoverable Service registries Could be hosted "in the cloud" (e.g. in Azure)

57 Strategic Security, Inc. © http://www.strategicsec.com/ What is Cloud Computing? Cloud computing is a modern approach in the IT infrastructure that provides: Software applications, services, hardware and system resources Hosts the applications and user data in remote servers called "the cloud” Cloud computing models: IaaS – infrastructure as a service (virtual servers) PaaS – platform as a service (full stack of technologies for UI, application logic, data storage) SaaS – software as a service (e.g. Google Docs)

58 Strategic Security, Inc. © http://www.strategicsec.com/ Loose Coupling Loose coupling is the main concept of SOA Loosely coupled components: Exhibits single function Independent of other functions Through a well-defined interface Loose coupling programming evolves: Structural programming Object-oriented programming Service-oriented architecture (SOA)

Download ppt "Strategic Security, Inc. © Time To Learn How To Program."

Similar presentations

12 October 2011 Andrew Brown IMu Technology EMu Global Users Group 12 October 2011 IMu Technology.

12 October 2011 Andrew Brown IMu Technology EMu Global Users Group 12 October 2011 IMu Technology.
Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group

Web Service Ahmed Gamal Ahmed Nile University Bioinformatics Group
Database Architectures and the Web

Database Architectures and the Web
Model-View Controller

Model-View Controller
Spring, Hibernate and Web Services 13 th September 2014.

Spring, Hibernate and Web Services 13 th September 2014.
OBJECT-ORIENTED PROGRAMMING CONCEPTS (Review). What is an Object? What is an Object? Objects have states and behaviors. Example: A dog has states - color,

OBJECT-ORIENTED PROGRAMMING CONCEPTS (Review). What is an Object? What is an Object? Objects have states and behaviors. Example: A dog has states - color,
M : Model v1 : ViewA c1 : ControllerA v2 : ViewB c2 : ControllerB access An abstract object model propagate.

M : Model v1 : ViewA c1 : ControllerA v2 : ViewB c2 : ControllerB access An abstract object model propagate.
CSLA Presenter Sergey Barskiy, senior consultant at Magenic Technologies www.magenic.com SergeyB@magenic.com Email your questions Send an email in order.

CSLA Presenter Sergey Barskiy, senior consultant at Magenic Technologies your questions Send an in order.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
Software Architecture Patterns (2). what is architecture? (recap) o an overall blueprint/model describing the structures and properties of a system

Software Architecture Patterns (2). what is architecture? (recap) o an overall blueprint/model describing the structures and properties of a "system"
Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.

Systems Architecture, Fourth Edition1 Internet and Distributed Application Services Chapter 13.
12-1 © Prentice Hall, 2004 Chapter 12: Design Elements Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph S. Valacich, Jeffrey.

12-1 © Prentice Hall, 2004 Chapter 12: Design Elements Object-Oriented Systems Analysis and Design Joey F. George, Dinesh Batra, Joseph S. Valacich, Jeffrey.
B. RAMAMURTHY Web services. Topics What is a web service? From OO to WS WS and the cloud WS code.

B. RAMAMURTHY Web services. Topics What is a web service? From OO to WS WS and the cloud WS code.
Course Instructor: Aisha Azeem

Course Instructor: Aisha Azeem
Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren 2014-2015 SPRING Computer Engineering Department.

Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department Asst.Prof.Dr.Ahmet Ünveren SPRING Computer Engineering Department.
Concepts Nikolay Kostov Telerik Corporation www.telerik.com.

Concepts Nikolay Kostov Telerik Corporation
Concepts Telerik Software Academy HTML5.

Concepts Telerik Software Academy HTML5.
CS 415 N-Tier Application Development By Umair Ashraf July 6,2013 National University of Computer and Emerging Sciences Lecture # 9 Introduction to Web.

CS 415 N-Tier Application Development By Umair Ashraf July 6,2013 National University of Computer and Emerging Sciences Lecture # 9 Introduction to Web.
Web Design 101 Nikolay Kostov Telerik Web Design Course html5course.telerik.com Technical Trainer

Web Design 101 Nikolay Kostov Telerik Web Design Course html5course.telerik.com Technical Trainer
Web Application Architecture: multi-tier (2-tier, 3-tier) & mvc

Web Application Architecture: multi-tier (2-tier, 3-tier) & mvc

Similar presentations

Ads by Google