Everything in the OWASP TOP 10 is covered in this session, including: Injections, Broken Authentication and Session Management, Cross-Site Scripting (XSS), Insecure Direct Object References, Security Misconfiguration, Sensitive Data Exposure, Missing Function Level Access Control, Cross-Site Request Forgery (CSRF), Using Components with Known Vulnerabilities, Unvalidated Redirects and Forwards.
Providing a scripting environment and language so that users can mod and extend a game is a traditional practice in the videogame industry, where C/C++ game engines like Unity allow you to use C# to create and script games. Providing a scripting environment allows users and designers to break out of the constraints of the game, modifying it and extending it beyond the intent of the original developers. What if non-gaming applications could also leverage a scripting environment to gain flexibility and power? With Mono's embedding API it's easy for any C/C++ application to add the power of C# and .NET to its arsenal.
In this talk we will go through the basics of how to embed Mono and run C# from a C/C++ bootstrapping application, its potential uses, as well as the problems and pitfalls that you will encounter along the way. There are many interesting things that you can do when you control the runtime, domain and assembly loader from native land, and we will look at some fun tricks that are possible, like dynamic UIs that you can script, extend and modify at runtime without ever restarting your app, or games where the users drive the content.
Трек «Тренды приложений». Лекция Дмитрия Карпова (куратора курса «Дизайн в интерактивной среде» и интенсивных курсов по новым медиа, БВШД) о дизайне пользовательского опыта и опыта взаимодействия с брендом.