Web Application Security 101 - 05 Enumeration

Jul 24, 20142 likes515 views

This document discusses techniques for enumerating information from a target website or application, including: 1. Using search engines like Google to find publicly available information and hidden features. 2. Bruteforcing files, directories, and parameters to locate hidden areas. Tools like DirBuster can automate this process. 3. Analyzing error messages and response codes to infer application details and find vulnerabilities. 4. Fingerprinting server configuration details like virtual hosts, load balancers, alternative ports and access points. 5. The document provides examples of commands and techniques to practice these enumeration methods.

Enumeration
90% of research 10% exploitation.

Poke Around
Check page source code.
Find application features.
Understand the app purpose.

File And Directory Bruteforcing
Find hidden gems: /admin, /consoleand more.
Find things that may be hidden: ., ~, etc.

Bash File And Dir Bruteforcer
This can be easily achieved with a bit of shell scripting.
cat dict.txt | while read WORD
do
OUTPUT=`curl -I -s "http://target/$WORD"`
echo -n "$WORD - `echo $OUTPUT | head -1`"
done
The only problem is that this could be very slow for larger dictionaries.

Bruteforcing Tools
DirBuster is a very good tool for this.
Some tools like Burp can also be used for bruteforcing.

Error Message Analysis
Requesting non-existent resources.
Supplying weird values to input fields.
Sending completely broken HTTP requests.
Use known tricks such as ?var[]=123for PHP apps.

Alternative Ports
Common HTTP ports: 80, 443, 8080, 8443, etc.
Run a port scanner like nmap.

Alternative Access
Web services (WSDL): .wsdl, .asmx.
Other login interfaces.
Desktop and Mobile clients.
Java, Flash, AJAX and other RIAs.

Public Enumeration Tricks
Using Google we can find publicly-known information.
ext:wsdl domain:target
ext:exe domain:target

Supported Methods
Send OPTIONSmethod to various locations.
OPTIONS / HTTP/1.0
Keep in mind that REST applications can support arbitrary method names.

Virtual Hosts
Bind/MSN Search: ip:<ip>directive.
Google: site:<domain>directive.
DNS bruteforcing.
VirtualHost databases.
Netcraft.

Load Balancers
BIG IP cookies.
Changes in the Date:headers.
Changes in DNS responses.
Changes in packet ids.
hping2 ip -S -p 80 -i u1000 -c 30
HPING ip (eth0 x.x.x.x): S set, 40 headers + 0 data bytes
len=46 ip=hidden ttl=51 DF id=58489 sport=80 flags=SA seq=0 win=24656 rtt=2
len=46 ip=hidden ttl=51 DF id=16912 sport=80 flags=SA seq=2 win=24656 rtt=2
len=46 ip=hidden ttl=51 DF id=58490 sport=80 flags=SA seq=3 win=24656 rtt=1
len=46 ip=hidden ttl=51 DF id=16913 sport=80 flags=SA seq=4 win=24656 rtt=1
len=46 ip=hidden ttl=51 DF id=58491 sport=80 flags=SA seq=5 win=24656 rtt=2
len=46 ip=hidden ttl=51 DF id=16914 sport=80 flags=SA seq=7 win=24656 rtt=1

Google Hacking
Useful directives: inurl:, site:, intext:, ext:and more.
Google Hacking Database

Lab
We will apply all that we have learned.

Challenges
1. Enumerate the files and directories of a demo app.
1. Use shell scripting.
2. Use ready-made tool.
2. Find a PHP app and locate some errors.
3. Enumerate alternative access interfaces of a demo app.
4. Enumerate supported methods of a demo apps.
5. Fingerprint the vhosts of a random target.
6. Find web cameras using a Google Dork.

This document provides instructions for installing Hadoop on a single node system including: 1) Installing Java, downloading and extracting Hadoop, and configuring environment variables. 2) Formatting the namenode, starting HDFS, and creating directories for name and data nodes. 3) Configuring YARN and starting YARN and map-reduce services. 4) Running a sample wordcount application by compiling the Java code, creating a JAR file, and submitting the job to Hadoop.

Git Sensitive DataOmbu Labs, The Lean Software Boutique

MongoDB & SparkMongoDB

Spark is a powerful framework for distributed processing of massive datasets. With an interactive shell, machine learning libraries, and in-memory data structures, Spark provides a tool set for high performance advanced analytics. Connecting Spark with MongoDB enables you to achieve sophisticated back-end analytics in combination with the performance of MongoDB. We'll take a look at how these two systems integrate with one another through sample code and demonstrations. Presentation from Bryan Reneiro, Developer Advocate at MongoDB.

Chap 5 php files part-2monikadeshmane

This document discusses various file and directory functions in PHP including: 1. Functions for random file access such as ftell(), rewind(), and fseek() which get and set the file pointer position. 2. The stat() function which returns a file's metadata like size, ownership, and timestamps. 3. Functions for getting directory contents like opendir(), readdir(), and closedir(). 4. Functions for manipulating directories including mkdir(), rmdir(), and chdir().

HPCC Systems - ECL for Programmers - Big Data - Data ScientistFujio Turner

Abusing Erlang compilation pipeline for Fun and ProfitWojciech Gawroński

This document summarizes a talk on abusing the Erlang compilation pipeline for fun and profit. It discusses how understanding the different stages of compilation, from source code to BEAM files, allows for optimizations, syntax sugar, language implementations, and more. Key stages discussed include preprocessing, Core Erlang, kernel Erlang, BEAM assembly, and the final BEAM file. Understanding the pipeline provides opportunities for hot code reloading, DSLs, configuration files, and code analysis tools.

Meetup - Exabyte Big Data - HPCC Systems - SQL to ECLFujio Turner

TablespacesVinay Thota

The document provides instructions for managing tablespaces, datafiles, and undo tablespaces in an Oracle database. It includes commands for creating, altering, dropping, and viewing tablespaces and their associated datafiles. Specific actions covered include adding a datafile, dropping a tablespace, renaming a datafile, creating a bigfile tablespace, managing temporary tablespaces including creating, resizing, and making one the default, and changing the default undo tablespace.

Kraska.eco.plpierre110

Oop bullets graphicalswathi4crazy

Hadoop installation on windows habeebulla g

NOSQL: il rinascimento dei database?Paolo Bernardi

On secure application of PHP wrappersPositive Hack Days

The document discusses various PHP wrappers that can be used to read and write data in non-standard ways and bypass security restrictions. It describes how wrappers like php://filter, zip://, and data:// can be used to read and write local files, modify file contents, bypass authentication, and perform XXE attacks. It also notes that filters in the php://filter wrapper can be used to selectively remove parts of file contents during I/O operations.

My First Cluster with MongoDB AtlasJay Gordon

This document provides instructions for setting up a MongoDB cluster using MongoDB Atlas. It includes steps for downloading and installing MongoDB locally, creating a free M0 cluster on Atlas, importing sample zip code data into the cluster, and performing basic queries on the data. The document also lists some next steps for learning more about MongoDB features like Compass, advanced queries, and paid capabilities like backups and peering.

DUG'20: 12 - DAOS in Lenovo’s HPC Innovation CenterAndrey Kudryavtsev

TDDBC お題Takuto Wada

Ch3(working with file)Chhom Karath

The document discusses various methods for working with files in PHP, including including files with include() and require_once(), testing for file existence with file_exists(), opening files with fopen(), reading files with functions like fgets(), fread(), fgetc(), moving within files using fseek(), writing to files with fwrite() and fputs(), appending with file_put_contents(), and locking files during writes with flock().

MCE^3 - Lasse Koskela - Full-Text Search on iOS and AndroidPROIDEA

"Search" is one of those things that our users take for granted but is surprisingly difficult to get right. In this talk we'll dig into the essential concepts in implementing a proper full-text search, highlighting the challenges such as sorting by relevancy, term and column boosting, stemming and lemmatisation, and the brutality of compound words. We'll look at implementing full-text search with an embedded search engine as well as with the true workhorse of both iOS and Android developers alike – SQLite and its FTS tables.

Ricostruzione forense di NTFS con metadati parzialmente danneggiatiAndrea Lazzarotto

NTFS è uno dei file system più diffusi, essendo usato di default dai sistemi Windows e anche negli hard disk esterni ad alta capacità. Quando accade un danno hardware o software, può verificarsi la corruzione di una o più partizioni le quali diventano illeggibili. Nel talk sono state discusse alcune tecniche di ricostruzione efficaci anche in presenza di metadati danneggiati. L'attenzione verte in particolare su NTFS e su RecuperaBit, un software creato dal relatore per implementare la ricostruzione forense di NTFS. Le slide sono relative al talk omonimo presentato a ESC 2016 il 01/09/2016 a Forte Bazzera (VE). Il video è disponibile qui:

Beyond PHP - It's not (just) about the codeWim Godden

Breaking first-normal form with HiveEdward Capriolo

MySQL to Neo4j: A DBA Perspective - David Stern @ GraphConnect NY 2013Neo4j

Drill 1.0MapR Technologies

Apache Drill 1.0 has been released after nearly three years of development involving 45 code contributors and countless other contributors. Drill provides a SQL interface for analyzing both structured and unstructured data across numerous data sources. It aims to execute queries fast by leveraging columnar encodings and scaling out queries rather than scaling up. Drill also aims to support iterative exploration and querying of data without requiring data preparation. Future plans for Drill include continued monthly releases, integration with other technologies like JDBC and Cassandra, and tools to deploy Drill on EMR and EC2.

10 context switchingJihoonKim157

RecuperaBit: Forensic File System Reconstruction Given Partially Corrupted Me...Andrea Lazzarotto

dns.workshop.hsgrebalaskas

This document provides an overview of the Domain Name System (DNS) including key concepts like root name servers, top level domains, name server records, DNS records like A, MX, CNAME, TXT, SRV and PTR records. It discusses DNS configuration files, caching servers, DNS lookups, zone transfers between name servers and round robin DNS. Examples are given for various DNS record types. Useful DNS tools and links are also listed.

Drupal 101: Tips and Tricks for Troubleshooting DrupalAcquia

The site is published, your design is pristine, and it is ready for action... so, now what? While you may think you’re in the clear, site issues are likely to arise at some point. To protect your business from a site-crash nightmare, there are necessary precautions you should take. Customer support engineers Lanette and Ally are here to prepare you for the worst; using their 3.5 years of Drupal experience to explain common issues they’ve encountered, how to identify them, and how to remedy problems quickly. In this webinar, you will learn: - Early steps to take to maintain site health - Preparing your team for common site complications - Tips and tricks for troubleshooting if problems arise - Third-party tools to help you resolve issues

파이썬 개발환경 구성하기의 끝판왕 - Docker Composeraccoony

The document discusses using Docker and Docker Compose to run Python and Django applications. It shows commands for pulling Docker images, running containers, linking databases, mounting volumes, building images, and using Docker Compose to define and run multi-container applications. Key aspects covered include using Dockerfiles to build images, linking containers, mounting host directories as volumes, setting environment variables, and running commands on container startup.

Solving the Riddle of Search: Using Sphinx with Railsfreelancing_god

More Related Content

What's hot (20)

TablespacesVinay Thota

Kraska.eco.plpierre110

Oop bullets graphicalswathi4crazy

Hadoop installation on windows habeebulla g

NOSQL: il rinascimento dei database?Paolo Bernardi

On secure application of PHP wrappersPositive Hack Days

My First Cluster with MongoDB AtlasJay Gordon

DUG'20: 12 - DAOS in Lenovo’s HPC Innovation CenterAndrey Kudryavtsev

TDDBC お題Takuto Wada

Ch3(working with file)Chhom Karath

MCE^3 - Lasse Koskela - Full-Text Search on iOS and AndroidPROIDEA

Ricostruzione forense di NTFS con metadati parzialmente danneggiatiAndrea Lazzarotto

Beyond PHP - It's not (just) about the codeWim Godden

Breaking first-normal form with HiveEdward Capriolo

MySQL to Neo4j: A DBA Perspective - David Stern @ GraphConnect NY 2013Neo4j

Drill 1.0MapR Technologies

10 context switchingJihoonKim157

RecuperaBit: Forensic File System Reconstruction Given Partially Corrupted Me...Andrea Lazzarotto

dns.workshop.hsgrebalaskas

Drupal 101: Tips and Tricks for Troubleshooting DrupalAcquia

TablespacesVinay Thota

Kraska.eco.plpierre110

Oop bullets graphicalswathi4crazy

Hadoop installation on windows habeebulla g

NOSQL: il rinascimento dei database?Paolo Bernardi

On secure application of PHP wrappersPositive Hack Days

My First Cluster with MongoDB AtlasJay Gordon

DUG'20: 12 - DAOS in Lenovo’s HPC Innovation CenterAndrey Kudryavtsev

TDDBC お題Takuto Wada

Ch3(working with file)Chhom Karath

MCE^3 - Lasse Koskela - Full-Text Search on iOS and AndroidPROIDEA

Ricostruzione forense di NTFS con metadati parzialmente danneggiatiAndrea Lazzarotto

Beyond PHP - It's not (just) about the codeWim Godden

Breaking first-normal form with HiveEdward Capriolo

MySQL to Neo4j: A DBA Perspective - David Stern @ GraphConnect NY 2013Neo4j

Drill 1.0MapR Technologies

10 context switchingJihoonKim157

RecuperaBit: Forensic File System Reconstruction Given Partially Corrupted Me...Andrea Lazzarotto

dns.workshop.hsgrebalaskas

Drupal 101: Tips and Tricks for Troubleshooting DrupalAcquia

Similar to Web Application Security 101 - 05 Enumeration (20)

파이썬 개발환경 구성하기의 끝판왕 - Docker Composeraccoony

Solving the Riddle of Search: Using Sphinx with Railsfreelancing_god

Querying 1.8 billion reddit comments with pythonDaniel Rodriguez

The document is about querying over 1.6 billion Reddit comments using Python. It discusses: 1) Moving the Reddit comment data from S3 to HDFS and converting it to the Parquet format for efficiency. 2) Using the Blaze and Ibis Python libraries to query the data through Impala, allowing SQL-like queries with a Pandas-like API. 3) Examples of queries, like counting total comments or comments in specific subreddits, and plotting the daily frequency of comments in the /r/IAmA subreddit.

Simplest-Ownage-Human-Observed… - RoutersLogicaltrust pl

Filip palian mateuszkocielski. simplest ownage human observed… routersYury Chemerkin

This document discusses identifying and exploiting vulnerabilities in consumer routers. It provides examples of analyzing firmware from various router models, including the (--E)-LINK DIR-120 and DIR-300, to gain unauthorized access. Methods discussed include reverse engineering firmware, exploiting services like telnet that are exposed without authentication, and modifying the read-only filesystem. The document also talks about using these compromised routers as bots for botnets performing activities like DDoS attacks, cryptocurrency mining, and spam/phishing campaigns. It provides examples of real botnets like Psyb0t that have exploited routers.

Advertising Fraud Detection at Scale at T-MobileDatabricks

The development of big data products and solutions – at scale – brings many challenges to the teams of platform architects, data scientists, and data engineers. While it is easy to find ourselves working in silos, successful organizations intensively collaborate across disciplines such that problems can be understood, a proposed model and solution can be scaled and optimized on multi-terabytes of data.

Why and How Powershell will rule the Command Line - Barcamp LA 4Ilya Haykinson

PowerShell is a command shell for Windows that treats commands as objects that interact through pipes and objects. It provides a fully-fledged programming language where commands manipulate objects and share a common naming convention. PowerShell holds that commands should do one thing well and interact through a consistent environment, addressing issues with text parsing between traditional command line programs.

Malcon2017Andriy Brukhovetskyy

This document provides an overview of Cuckoo sandbox and tips for using and customizing it. It discusses supported platforms and hypervisors, how to retrieve analysis results using signatures, different ways to write hooks, and examples of analyzing malware like Andromeda and Locky. The document also shares some "goodies" like redirecting SMTP traffic and injecting emulator headers to trigger behaviors.

Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON...RootedCON

Radare was originally created as a forensics tool but now also supports bindiffing binaries. It can perform multiple search methods on files including regular expressions, strings, and hexpairs. Signatures and magic templates allow parsing unknown file formats. Scripting is supported through Vala bindings. Filesystems can be mounted and partitions analyzed. Bindiffing helps analyze differences between binaries through function and basic block matching and fingerprints. A work-in-progress graphical interface called ragui is also being built.

Apache Spark Workshop, Apr. 2016, Euangelos LinardosEuangelos Linardos

Streams, sockets and filters oh my!Elizabeth Smith

Heavy Web Optimization: BackendVõ Duy Tuấn

Accessing File-Speciﬁc Attributes on Steroids - EuroPython 2008Dinu Gherman

This document describes fileinfo, a Python tool for investigating and summarizing file attributes from the command line. It provides concise tabular output of attributes for multiple files. Fileinfo allows users to get a quick overview of file metadata, compare attributes between files, and identify groups of files. It supports plugins to extract attributes from different file types like PDFs, images, and Python source files. The document discusses Spotlight, Mac OS X's file search technology, as potential inspiration and compares fileinfo to tools like Spotlight and iTunes.

TopicMapReduceComet log analysis by using splunkakashkale0756

Symfony PerformancePaul Thrasher

The Next Linux Superpower: eBPF PrimerSasha Goldshtein

Imagine you're tackling one of these evasive performance issues in the field, and your go-to monitoring checklist doesn't seem to cut it. There are plenty of suspects, but they are moving around rapidly and you need more logs, more data, more in-depth information to make a diagnosis. Maybe you've heard about DTrace, or even used it, and are yearning for a similar toolkit, which can plug dynamic tracing into a system that wasn't prepared or instrumented in any way. Hopefully, you won't have to yearn for a lot longer. eBPF (extended Berkeley Packet Filters) is a kernel technology that enables a plethora of diagnostic scenarios by introducing dynamic, safe, low-overhead, efficient programs that run in the context of your live kernel. Sure, BPF programs can attach to sockets; but more interestingly, they can attach to kprobes and uprobes, static kernel tracepoints, and even user-mode static probes. And modern BPF programs have access to a wide set of instructions and data structures, which means you can collect valuable information and analyze it on-the-fly, without spilling it to huge files and reading them from user space. In this talk, we will introduce BCC, the BPF Compiler Collection, which is an open set of tools and libraries for dynamic tracing on Linux. Some tools are easy and ready to use, such as execsnoop, fileslower, and memleak. Other tools such as trace and argdist require more sophistication and can be used as a Swiss Army knife for a variety of scenarios. We will spend most of the time demonstrating the power of modern dynamic tracing -- from memory leaks to static probes in Ruby, Node, and Java programs, from slow file I/O to monitoring network traffic. Finally, we will discuss building our own tools using the Python and Lua bindings to BCC, and its LLVM backend.

Adios hadoop, Hola Spark! T3chfest 2015dhiguero

Introduction to source{d} Engine and source{d} Lookout source{d}

Keeping Spark on Track: Productionizing Spark for ETLDatabricks

ETL is the first phase when building a big data processing platform. Data is available from various sources and formats, and transforming the data into a compact binary format (Parquet, ORC, etc.) allows Apache Spark to process it in the most efficient manner. This talk will discuss common issues and best practices for speeding up your ETL workflows, handling dirty data, and debugging tips for identifying errors. Speakers: Kyle Pistor & Miklos Christine This talk was originally presented at Spark Summit East 2017.

Profiling your Applications using the Linux Perf ToolsemBO_Conference

This document provides an overview of using the Linux perf tools to profile applications. It discusses setting up perf, benchmarking applications, profiling both CPU usage and sleep times, and analyzing profiling data. The document covers perf commands like perf record to collect profiling data, perf report to analyze the data, and perf script to convert it to other formats. It also discusses profiling options like call graphs and collecting kernel vs. user mode events.

파이썬 개발환경 구성하기의 끝판왕 - Docker Composeraccoony

Solving the Riddle of Search: Using Sphinx with Railsfreelancing_god

Querying 1.8 billion reddit comments with pythonDaniel Rodriguez

Simplest-Ownage-Human-Observed… - RoutersLogicaltrust pl

Filip palian mateuszkocielski. simplest ownage human observed… routersYury Chemerkin

Advertising Fraud Detection at Scale at T-MobileDatabricks

Why and How Powershell will rule the Command Line - Barcamp LA 4Ilya Haykinson

Malcon2017Andriy Brukhovetskyy

Sergi Álvarez + Roi Martín - radare2: From forensics to bindiffing [RootedCON...RootedCON

Apache Spark Workshop, Apr. 2016, Euangelos LinardosEuangelos Linardos

Streams, sockets and filters oh my!Elizabeth Smith

Heavy Web Optimization: BackendVõ Duy Tuấn

Accessing File-Speciﬁc Attributes on Steroids - EuroPython 2008Dinu Gherman

TopicMapReduceComet log analysis by using splunkakashkale0756

Symfony PerformancePaul Thrasher

The Next Linux Superpower: eBPF PrimerSasha Goldshtein

Adios hadoop, Hola Spark! T3chfest 2015dhiguero

Introduction to source{d} Engine and source{d} Lookout source{d}

Keeping Spark on Track: Productionizing Spark for ETLDatabricks

Profiling your Applications using the Linux Perf ToolsemBO_Conference

More from Websecurify (12)

Security Challenges in Node.jsWebsecurify

Secure Coding - Web Application Security Vulnerabilities and Best PracticesWebsecurify

The document discusses secure coding principles and vulnerabilities in different programming languages. It provides examples of vulnerabilities in PHP, JavaScript, Ruby, Struts, and C. Key secure coding principles discussed include minimizing the attack surface, establishing secure defaults, least privilege, defense in depth, and failing securely. Specific vulnerabilities addressed include PHP hash collisions, PHP remote code execution, JavaScript type issues, Ruby system commands, and Struts dynamic method invocation.

Unicode - Hacking The International Character SystemWebsecurify

Next Generation of Web Application Security ToolsWebsecurify

Web Application Security 101 - 14 Data ValidationWebsecurify

Web Application Security 101 - 12 LoggingWebsecurify

Web Application Security 101 - 10 Server TierWebsecurify

The document discusses security concerns for the server tier, including ensuring servers and frameworks are fully patched, removing default features with broad access, restricting or removing extra applications, and deleting old code and backup files that could pose security risks if exposed. It provides examples of default features, applications, and files to watch out for, and suggests reviewing servers for potential problems.

Web Application Security 101 - 07 Session ManagementWebsecurify

Web Application Security 101 - 06 AuthenticationWebsecurify

Web Application Security 101 - 04 Testing MethodologyWebsecurify

Web Application Security 101 - 03 Web Security ToolkitWebsecurify

Web Application Security 101 - 02 The BasicsWebsecurify

Security Challenges in Node.jsWebsecurify

Secure Coding - Web Application Security Vulnerabilities and Best PracticesWebsecurify

Unicode - Hacking The International Character SystemWebsecurify

Next Generation of Web Application Security ToolsWebsecurify

Web Application Security 101 - 14 Data ValidationWebsecurify

Web Application Security 101 - 12 LoggingWebsecurify

Web Application Security 101 - 10 Server TierWebsecurify

Web Application Security 101 - 07 Session ManagementWebsecurify

Web Application Security 101 - 06 AuthenticationWebsecurify

Web Application Security 101 - 04 Testing MethodologyWebsecurify

Web Application Security 101 - 03 Web Security ToolkitWebsecurify

Web Application Security 101 - 02 The BasicsWebsecurify

Recently uploaded (20)

Revolutionizing Residential Wi-Fi PPT.pptxnidhisingh691197

Top 10 Client Portal Software Solutions for 2025.docxPortli

PDF Reader Pro Crack Latest Version FREE Download 2025mu394968

🌍📱👉COPY LINK & PASTE ON GOOGLE https://dr-kain-geera.info/👈🌍 PDF Reader Pro is a software application, often referred to as an AI-powered PDF editor and converter, designed for viewing, editing, annotating, and managing PDF files. It supports various PDF functionalities like merging, splitting, converting, and protecting PDFs. Additionally, it can handle tasks such as creating fillable forms, adding digital signatures, and performing optical character recognition (OCR).

Secure Test Infrastructure: The Backbone of Trustworthy Software DevelopmentShubham Joshi

Microsoft Excel Core Points Training.pptxMekonnen

Not So Common Memory Leaks in Java WebinarTier1 app

This SlideShare presentation is from our May webinar, “Not So Common Memory Leaks & How to Fix Them?”, where we explored lesser-known memory leak patterns in Java applications. Unlike typical leaks, subtle issues such as thread local misuse, inner class references, uncached collections, and misbehaving frameworks often go undetected and gradually degrade performance. This deck provides in-depth insights into identifying these hidden leaks using advanced heap analysis and profiling techniques, along with real-world case studies and practical solutions. Ideal for developers and performance engineers aiming to deepen their understanding of Java memory management and improve application stability.

Automation Techniques in RPA - UiPath CertificateVICTOR MAESTRE RAMIREZ

Top 10 Data Cleansing Tools for 2025.pdfAffinityCore

F-Secure Freedome VPN 2025 Crack Plus Activation New Versionsaimabibi60507

Landscape of Requirements Engineering for/by AI through Literature ReviewHironori Washizaki

Societal challenges of AI: biases, multilinguism and sustainabilityJordi Cabot

Tools of the Trade: Linux and SQL - Google CertificateVICTOR MAESTRE RAMIREZ

Innovative Approaches to Software Dev no good at allayeshakanwal75

Scaling GraphRAG: Efficient Knowledge Retrieval for Enterprise AIdanshalev

If we were building a GenAI stack today, we'd start with one question: Can your retrieval system handle multi-hop logic? Trick question, b/c most can’t. They treat retrieval as nearest-neighbor search. Today, we discussed scaling #GraphRAG at AWS DevOps Day, and the takeaway is clear: VectorRAG is naive, lacks domain awareness, and can’t handle full dataset retrieval. GraphRAG builds a knowledge graph from source documents, allowing for a deeper understanding of the data + higher accuracy.

Implementing promises with typescripts, step by stepRan Wahle

The Significance of Hardware in Information Systems.pdfdrewplanas10

What Do Contribution Guidelines Say About Software Testing? (MSR 2025)Andre Hora

Software testing plays a crucial role in the contribution process of open-source projects. For example, contributions introducing new features are expected to include tests, and contributions with tests are more likely to be accepted. Although most real-world projects require contributors to write tests, the specific testing practices communicated to contributors remain unclear. In this paper, we present an empirical study to understand better how software testing is approached in contribution guidelines. We analyze the guidelines of 200 Python and JavaScript open-source software projects. We find that 78% of the projects include some form of test documentation for contributors. Test documentation is located in multiple sources, including CONTRIBUTING files (58%), external documentation (24%), and README files (8%). Furthermore, test documentation commonly explains how to run tests (83.5%), but less often provides guidance on how to write tests (37%). It frequently covers unit tests (71%), but rarely addresses integration (20.5%) and end-to-end tests (15.5%). Other key testing aspects are also less frequently discussed: test coverage (25.5%) and mocking (9.5%). We conclude by discussing implications and future research.

TestMigrationsInPy: A Dataset of Test Migrations from Unittest to Pytest (MSR...Andre Hora

Unittest and pytest are the most popular testing frameworks in Python. Overall, pytest provides some advantages, including simpler assertion, reuse of fixtures, and interoperability. Due to such benefits, multiple projects in the Python ecosystem have migrated from unittest to pytest. To facilitate the migration, pytest can also run unittest tests, thus, the migration can happen gradually over time. However, the migration can be timeconsuming and take a long time to conclude. In this context, projects would benefit from automated solutions to support the migration process. In this paper, we propose TestMigrationsInPy, a dataset of test migrations from unittest to pytest. TestMigrationsInPy contains 923 real-world migrations performed by developers. Future research proposing novel solutions to migrate frameworks in Python can rely on TestMigrationsInPy as a ground truth. Moreover, as TestMigrationsInPy includes information about the migration type (e.g., changes in assertions or fixtures), our dataset enables novel solutions to be verified effectively, for instance, from simpler assertion migrations to more complex fixture migrations. TestMigrationsInPy is publicly available at: https://github.com/altinoalvesjunior/TestMigrationsInPy.

Microsoft AI Nonprofit Use Cases and Live Demo_2025.04.30.pdfTechSoup

In this webinar we will dive into the essentials of generative AI, address key AI concerns, and demonstrate how nonprofits can benefit from using Microsoft’s AI assistant, Copilot, to achieve their goals. This event series to help nonprofits obtain Copilot skills is made possible by generous support from Microsoft. What You’ll Learn in Part 2: Explore real-world nonprofit use cases and success stories. Participate in live demonstrations and a hands-on activity to see how you can use Microsoft 365 Copilot in your own work!

Who Watches the Watchmen (SciFiDevCon 2025)Allon Mureinik

Tests, especially unit tests, are the developers’ superheroes. They allow us to mess around with our code and keep us safe. We often trust them with the safety of our codebase, but how do we know that we should? How do we know that this trust is well-deserved? Enter mutation testing – by intentionally injecting harmful mutations into our code and seeing if they are caught by the tests, we can evaluate the quality of the safety net they provide. By watching the watchmen, we can make sure our tests really protect us, and we aren’t just green-washing our IDEs to a false sense of security. Talk from SciFiDevCon 2025 https://www.scifidevcon.com/courses/2025-scifidevcon/contents/680efa43ae4f5