This is a very basic visual introduction to the concept behind a blockchain. Anders Brownworth introduces the idea of an immutable ledger using an interactive web demo. If you are interested in playing with this on your own, it is available online at:
The code that runs this demo is also on GitHub:
https://github.com/anders94/blockchain-demo
What is the blockchain? If you don’t know, you should; if you do, chances are you still need some clarification on how it actually works. Don Tapscott is here to help, demystifying this world-changing, trust-building technology which, he says, represents nothing less than the second generation of the internet and holds the potential to transform money, business, government and society.
The World Economic Forum’s analysis has yielded six key findings regarding the implications of distributed ledger technology (DLT) on the future of financial services:
The analyzed business use case are: a) Payments; b) Insurance; 3) Deposits and Lending; 4) Capital Raising; 5) Investment Management; and 5) Market Provisioning.
These key findings are explored in depth in the The future of financial infrastructure report, based on the use case deep-dives conducted across financial services.
The most prominent methods in developing software are Agile and Waterfall methodologies.
Your project is worked following the Waterfall methodology when the eight project phases (conception, initiation, analysis, design, construction, testing, implementation, and maintenance) have to be completed before the commencement of the development phase.
Pros
1. You know what to expect at the end of the project, in terms of sizing, costs and timeline.
2. Minimal impact in the event of high turnover thanks to the detailed documentation.
Cos
1. No changes are allowed when a task is completed, even if the initial requirements were faulty.
2. The testing phase is only done at the end, hence bugs are only discovered too late and a new code needs to be written from scratch.
3. The plan would not take into account the evolving clients’ need.
Agile is a framework for developing and sustaining complex products that follows an incremental rather than a sequential design process approach.
Development work focus on launching a Minimum Valuable Product – from a end-user point of view – then by enhancing the MVP incrementally by working on flexible modules. The work on these modules is done in weekly or monthly iterations, and at the end of each iteration, project priorities are evaluated and tests are run. These iterations allow for bugs to be discovered, and customer feedback to be incorporated into the design before the next sprint is run.
Pros
1. It allows for changes to be made after the initial planning, but prior to the commencement of the spring/iteration period.
2. It allows the user’s feedback to be incorporated in the process by modifying the features in the backlog accordingly.
3. The testing is performed at the end of each iteration ensuring bugs are captured and fixed within the development cycle.
Cons
1. You don’t know what to expect at the end of the project, in terms of sizing, costs and timeline.
Scrum and Kanban in software development are specific form of an agile software methodology.
Scrum is a framework that leverages team commitment as change agent, whilst kanban is a less structured model for introducing change through incremental improvements.
| NATIVE | HTML5 | HYBRID | |
| APP FEATURES | |||
| Design | For specific devices | No device-optimized | Good for the device it is running in |
| Graphics | Native APIs | HTML, Canvas, SVG | HTML, Canvas, SVG |
| Performance | Fast, reliable, responsive design | Slow | Slow |
| Native Look and Fell | Native | Emulated | Emulated |
| Distribution | AppStore Distribution | Web | AppStore Distribution |
| Experience | Consistent with the platform look and fell | Browser based user experience | UI browser elements might not be aligned to native UI elements |
| DEVICE BUILD-IN COMPONENTS | |||
| Camera | Yes | No | Yes |
| Notifications | Yes – Push Notification | No | Yes |
| Contact, calendars | Yes | No | Yes |
| Offline storage | Secure file storage | Shared SQL | Secure file storage, Shared SQL |
| Geolocation | Yes | No | Yes |
| GESTURES | |||
| Swipe | Yes | Yes | Yes |
| Pinch, spread | Yes | No | Yes |
| Connectivity | Online and Offline | Mostly Online | Online and offline |
| Development Skills | C, Java, .Net | HTML 5, CSS, Java Scripts | HTML 5, CSS, Java Scripts |
| GO TO MARKET | |||
| Launch | Slow time to market | Fast to market | Mediun time to market |
| Update | Mediun time to market | Instant Update | Mediun time to market |
This post is created to provide a concise collection of resources on specific web application security topics.
OWASP Mobile Top 10 2016 Proposed List
| M1 – Improper Platform Usage | This category covers misuse of a platform feature or failure to use platform security controls. It might include Android intents, platform permissions, misuse of Touch-ID, the Key-chain, or some other security control that is part of the mobile operating system. |
| M2 – Insecure Data Storage | This new category is a combination of M2 + M4 from Mobile top 10 2014. This covers insecure data storage and unintended data leakage. |
| M3 – Insecure Communications | This covers poor handshaking, incorrect SSL versions, weak negotiation, clear-text communication of sensitive assets, etc… |
| M4 – Insecure Authentication | This category captures notions of authenticating the end user or bad session management. This can include: (1) Failing to identify the user at all when that should be required. (2) Failure to maintain the user’s identity when it is required. (3) Weakness in session management. |
| M5 – Insufficient Cryptography | The code applies cryptography to a sensitive information asset. However, the cryptography is insufficient in some way. |
| M6 – Insecure Authorization | This is a category to capture any failures in authorization (e.g. authorization decision in the client side, forces browsing, etc…). It is distinct from authentication issue (e.g. device enrollment, user identification, etc…). If the app does not authenticate the users at all in a situation where it should (e.g. granting anonymous access to some resources or services when authenticated and authored access is required) then that should be authenticated failure not authorization failure. |
| M7 – Client Code Quality | This was the “the security decision via the untrusted inputs”, one of OWASP lesser used category. This would be the catch-all for code-level implementation problems in the mobile clients. |
| M8 – Code Tampering | This category covers binary patching, local resource modification, method hooking, method swizzling, and dynamic memory modification. |
| M9 – Reverse Engineering | This category includes analysis of the final code binary to determine its source code, libraries, algorithms, and other assets. |
| M10 – Extraneous Functionality | Often, developers include hidden backdoor functionality or other internal development security controls that are not intended to be released into a production environment. |
ENISA – European Union Agency for Network and Information Security – IoT and smart infrastructures.
Scrum is a framework for developing complex products. It is an interactive, incremental approach to optimize predictability and control risk.
Scrum artifacts are tangible by-products produced during the product development. These artifacts consist of the requirements for the overall project, and each individual phase of the project itself.
The product backlog is an evolving, dynamic and ranked list of requirements that might be needed to made the product. The product owner is responsible for the product backlog, including its content, and ranking.
The product backlog lists all features, functions, requirements, enhancement and fixes that constitute the changes to be made to the product in future releases. In agile terminology, the product backlog item are called user stories.
The user stories are the smallest units of work, and its goal is to delivered customer’s value at the end of the iteration. A good user story should be:
| CHARACTERISTICS OF A GOOD QUALITY USER STORY: INVEST | ||
| Letter | Meaning | Description |
| I | Independent | The user story should be self-contained, so that there is not a dependency with another story |
| N | Negotiable | User stories, up until the start of the iteration, can be rewritten and re-ranked. |
| V | Valuable | A user story must deliver value to the end user |
| E | Estimable | The story is precise and concise so that the development team can estimate it. |
| S | Small | The user story development should conclude at the end of the iteration. |
| T | Testable | The user story and/or its related description must provide the necessary information to make test development possible. |
Epics are feature-level work that encompasses many user stories. Epics are:
The Epic is typically used to monitor and track the development work toward the close proximity of the product release/launch.
Themes are feature-level work that encompasses many epics. They are:
The Theme is typically used to discuss with the CEO and board members for tracking the overall strategy direction.
– Nielsen Norman Group
https://www.nngroup.com/articles/why-you-only-need-to-test-with-5-users/
The more people find the same problem, the more reliable the data set becomes.
Multiple round of testing on 5 different users covers more issues than a single round of testing with the same number of users.
| User 1 | User 6 | User 11 | User 1 | User 9 | ||||
| User 2 | User 7 | User 12 | User 2 | User 10 | ||||
| User 3 | User 8 | User 13 | > | User 3 | User 11 | |||
| User 4 | User 9 | User 14 | User 4 | User 12 | ||||
| User 5 | User 10 | User 15 | User 5 | User 13 | ||||
| User 6 | User 14 | |||||||
| User 7 | User 15 | |||||||
80% |
80% |
80% |
User 8 | User 16 | ||||
| of issues | of remaining issues | of remaining issues |
80% |
|||||
| of issues | ||||||||
You need to select the participants based on the following criteria:
and factors:
And Recruiting criteria:
Tasks |
vs. |
Scenarios |
| Quick simple functions | Provide the partecipant context and direction | |
| Easily completed without any background information given | Set the stage, tell the story | |
| Find the Search button | Increase overall understanding | |
| Where would one go to out information about specific terms | Help the user apply the situation to themselves | |
| Give them an action to perform |
a. Easy or under a minute to find/answer – – – —2 points
b. Difficult, takes 1-2 minutes to find/answer —-1 point
c. Fail, takes over 2 minutes to find/answer ——0 point
CREATIVE DIGITAL IDEAS 