SlideShare a Scribd company logo

Toronto mule meetup #5

Download as PPTX, PDF
A
Alexandra N. Martinez

The document summarizes the Toronto Mule Meetup #5 agenda which included presentations on common MuleSoft development mistakes and how to avoid them, cross-site scripting attacks and how to deal with them in MuleSoft, and API Gateway. It provides details on the speakers and their topics. There was also a quiz with MuleSoft-related questions and prizes for winners. The meetup concluded with a reminder to provide feedback and announcement of future meetups.

Technology
1 of 61
[12th Nov 2019]: [TORONTO MULE MEETUP #5] TORONTO
All contents © MuleSoft Inc. Agenda 2 • Introduction • Presentations – The biggest mistakes Mulesoft developers are making and how to avoid them – Jason Estevan – Cross-site scripting attack and how to deal with it in MuleSoft – Najma Banu – API Gateway - Kesavaraman Mariappan • Quiz • What’s next • Networking time
All contents © MuleSoft Inc. Introductions 3 • About the organizers: -Pravallika Nagaraja -Alexandra Martinez -Mahesh Pujari -Bruno Baloi • About the sponsor: -Deloitte
All contents © MuleSoft Inc. Speaker 4 Jason Estevan - Consultant and MuleSoft Ambassador The biggest mistakes MuleSoft developers are making and how to avoid them.
The Biggest Mistakes MuleSoft Developers Are Making *IMO Jason Estevan MuleSoft Architect & Developer at EsteSolutions, MuleSoft Ambassador, Salesforce Trailblazer jason@jasonestevan.com
All contents © MuleSoft Inc. Logic inside Java Code 6 • Impact is to future developers - Tough to read (pictures vs words) . Short circuits alot of helpful MuleSoft features; Munit, business events, logging, error handling. Leads to overall lesser quality applications.
All contents © MuleSoft Inc. Too Complex 7 • Impact is to customers, operation members and developers - Without a deep understanding of the component’s hidden workings there will be rare and complex issues that can come up. Little to no benefit.
All contents © MuleSoft Inc. Memory Management 8 • Impact is to business - Applications that handle large volumns of data incorrectly will need more computer resources to run. This is a added cost to the buiness, MuleSoft vCores are not cheap.
All contents © MuleSoft Inc. Secure Configuration Properties 9 • Impact is to the business and customers - Improper stewards of data will lose trust with your customers. Regulators can fine your company.
All contents © MuleSoft Inc. Minimum Viable Product 10 • Impact is to the business and yourself - Anything that will need the help of others should be identified early so it doesn’t affect the project’s deadlines. ● Access – Can I make successful connections to all the systems needed? ● Data – Do I have all the data needed to fullfil the objective? ● Escalations – What problems are apparent that will need answers from others?
All contents © MuleSoft Inc. Coding to User Story 11 • Impact is to the business, customers, your team and yourself - Delivering something that introduces breaks, creates legacy code, or is not what was needed is a step backwards and a costly mistake that would of been better not started. User Story #1 Inside the Create Order API on line #45 of order-http- request.xml add the following to the choice component expression: OR customer.orderdate >= "JUN-24-1980" User Story #2 Create an API that will validate whether a customer exists or not. The API should accept a customer id, if it exists return back true or if not found return back an empty json response. User Story #3 Create a job that syncs inventory date from our DB to SalesForce. R1: Data needs to be synced every 6 hours R2: Provide a flat file for the SalesForce team with the inventory.
All contents © MuleSoft Inc. Levels of Impact Summary 12 ● Logic inside Java Code – Your team of developers. ● Too Complex – Rare customer errors. Very painful to your team of developers and operation members to find and resolve them. ● Memory Management – Runs slightly slower. More costly in vcore licencing. • Secure Configuration Properties – Easy to fix. Low chance but impact is massive to the business and could end your career. ● Minimum Viable Product – Deliver faster, less delays. Less stress for yourself and everyone around you. Low impact on you, just rearranging work tasks. ● Coding to User Story – Impacts the business, customers, your team and yourself. Need to change mindset.
All contents © MuleSoft Inc. Focus of your Decision Making 13 As engineers we have a passion and skill for solving problems. When we are given a task we often want to dive in right away into code and see if we can figure it out. Often rushed as we usually are given a tight deadline. When implementing our solution our engineering mind tend to focus on optimization, performance and whether or code looks pretty. However if we take a step back and instead make decisions based on the size of their impact, we can make bigger and more meaniful contibutions to others. Customers get products and services that help them. Businesses can build those product and services quickly and make a profit. Developers can focus on solving new problems and feel enjoyment and pride knowing their work is helping others.
All contents © MuleSoft Inc. Find me online 14 Technical MuleSoft tutorials and a community of developers. www.youtube.com/c/JasonEstevan Share our content and achievements, encourage each other, messaging platform. https://www.linkedin.com/in/jasonestevan/
All contents © MuleSoft Inc. You have to earn me ! 15 • Give at least 3 difference between Mule 3 and 4. – Attributes – Error Handling – Variables – Dataweave 2.0 – Project Structure
All contents © MuleSoft Inc. Speaker 16 Najma Banu - Integration expert, TechM Cross-site scripting attack and how to deal with it in MuleSoft.
All contents © MuleSoft Inc. By Najma Banu
All contents © MuleSoft Inc. •What is XSS • Types of XSS • Impact of XSS • Prevention Topics
All contents © MuleSoft Inc. • What is XSS •Types of XSS • Impact of XSS • Prevention Topics
All contents © MuleSoft Inc. • What is XSS • Types of XSS •Impact of XSS • Prevention Topics
All contents © MuleSoft Inc. • What is XSS • Types of XSS • Impact of XSS •Prevention Topics
All contents © MuleSoft Inc. • What is XSS • Types of XSS • Impact of XSS • Prevention Topics
All contents © MuleSoft Inc. What is XSS?
All contents © MuleSoft Inc. • Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. • XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. What is XSS?
All contents © MuleSoft Inc. Types of XSS
All contents © MuleSoft Inc. Persistent XSS: • Malicious input is stored in a database and be made available to the victim Reflected XSS: • Malicious input is part of the HTTP request payload or url. The reflected error response contains the malicious input which was part of the request payload. DOM-based XSS: • Malicious JavaScript is executed at some point after the page has loaded, as a result of the page's legitimate JavaScript treating user input in an unsafe way. Types of XSS
All contents © MuleSoft Inc. 1. The attacker manages to insert a malicious script into the database by using one of the website’s forms. 2. Victim requests a page in the website. 3. The website sends the malicious script in its response. 4. The browser executes the script, sending the victim’s cookies to the attacker. Persistent XSS
All contents © MuleSoft Inc. Persistent XSS Source: https://excess-xss.com/
All contents © MuleSoft Inc. 1. Malicious script is part of the victim’s request to the Website. The attacker tricks the victim to make this request containing the malicious string. 2. The website then includes the malicious script in the response to the victim. 3. The victim’s browser executes the malicious script and send all the victim’s cookies to the attacker. Reflected XSS
All contents © MuleSoft Inc. Reflected XSS Source: https://excess-xss.com/
All contents © MuleSoft Inc. • Malicious script is part of the victim’s request to the Website. The attacker tricks the victim to make this request containing the malicious string. • The website does not include the malicious script in the response to the victim, instead sends a response with a legitimate script • The Victim’s browser executes the legitimate script • The legitimate script inserts the malicious script into the page • The malicious script gets executed and cookies are sent to the attacker DOM-based XSS
All contents © MuleSoft Inc. DOM-based XSS Source: https://excess-
All contents © MuleSoft Inc. Impact of XSS
All contents © MuleSoft Inc. • Hijack user accounts by stealing their session cookie • Steal credentials by injecting a form into the vulnerable page. (Phishing) • Capture all the key strokes of the user by injecting a keylogger into the vulnerable page • Significantly damages a website’s reputation by placing user’s data at risk Impact of XSS
All contents © MuleSoft Inc. Below are some samples of reflected XSS responses from Mule APIs • Method not allowed for endpoint: /<script>alert;</script> • No listener found for the endpoint: /<script>alert;</script> • Method not allowed for endpoint: %3C%61%20%48%72%45%66%3d%56%62%53%63%52%69%50 %74%3a%4d%73%67%42%6f%78%28%38%33%33%35%31%29 %3e (/< HrEf=VbScRiPt:MsgBox(83351)> • If there is any element in the request is reflected in the response, then that element is vulnerable to XSS attacks XSS attack in Mule APIs
All contents © MuleSoft Inc. Prevention
All contents © MuleSoft Inc. • Strong schema validation • Enable JSON threat protection or XML threat protection • Create custom policy if required • To deal with reflected xss attacks in url, create an API that will accept non-existing URIs and throw a “listener not found” error. This is applicable only if you are in Mule 3 as it has been handled in Mule 4. • Output sanitization. Any data received from client should be scanned before being returned in the response Prevention
All contents © MuleSoft Inc. • Anypoint Security(WAF ruleset) in Runtime Fabric  Scanner detection  Protocol enforcement  Protocol attack  Local file inclusion  Remote file inclusion  Remote code execution  PHP injection  Cross-site scripting  SQL injection  Session fixation Prevention
All contents © MuleSoft Inc. • https://excess-xss.com/ • https://pentest-tools.com/blog/xss-attacks-practical-scenarios/ • https://www.dionach.com/blog/the-real-impact-of-cross-site- scripting • https://docs.mulesoft.com/anypoint-security/ References
All contents © MuleSoft Inc. I am Back ! 40 • What are the three types of XSS? – Persistent XSS – Reflected XSS – DOM-based XSS
All contents © MuleSoft Inc. Speaker 41 Kesavaraman Mariappan - Technical Architect, TechM API Gateway.
All contents © MuleSoft Inc. • Unlock applications, data, and microservices with an API gateway • Apply prebuilt or custom security policies at runtime with no downtime • Proxy existing SOAP services or create new APIs from OAS and RAML definitions Govern the APIs
All contents © MuleSoft Inc. • Provision access across individual clients or entire teams with OAuth and SAML • Use a service mesh to secure and govern microservices — regardless of where they're hosted • Gain insight into the performance of APIs, track usage, and identify errors
All contents © MuleSoft Inc. Secure API gateway Unlock monoliths, microservices, or data sources using Anypoint Platform’s native API gateway. Proxy existing services, group APIs together to simplify consumption, and secure APIs with a few clicks.
All contents © MuleSoft Inc. Policies Govern access to APIs and control API traffic by automatically enforcing prebuilt or custom policies. Add or remove policies for API security, throttling, rate limiting, caching, and identity management at runtime with no downtime.
All contents © MuleSoft Inc. RAML, OAS, SOAP support Provide API management for existing SOAP web services. Import or design API specifications using the most popular formats for API models: RAML and OAS.
All contents © MuleSoft Inc. Integrated access management Connect to PingFederate, Okta, LDAP, OpenAM, or MuleSoft's hosted identity management to provide secure access for app developers, partners, and internal business groups. Leverage SAML integration to manage SSO and authorize API consumption through OAuth2 policies.
All contents © MuleSoft Inc. API Metrics Track every API transaction using customizable dashboards that provide in- depth visibility into usage metrics. Create customized alerts and drill down into event-related data to analyze the root cause of performance issues.
All contents © MuleSoft Inc. This time its me… 49 • List atleast 3 API policies. – Rate Limiting – Client Id enforcement – IP Blacklist – IP Whitelist – XML Threat Protection – JSON Threat protection.
All contents © MuleSoft Inc. Quiz 50 Chance to win these cool SWAGS!!!
All contents © MuleSoft Inc. 1 51 • The inbound and outbound properties in Mule 3 is replaced by what in Mule 4? – Attributes
All contents © MuleSoft Inc. 2 52 • Where is the headquarter of MuleSoft? – San Francisco, California
All contents © MuleSoft Inc. 3 53 • List any three scopes in mule 3 or 4 – Asynch – Cache – For Each – Transactional – Until Successful – try
All contents © MuleSoft Inc. 4 54 • List the Architect certifications exams that MuleSoft offers? – MuleSoft Certified Platform Architect – MuleSoft Certified Integration Architect
All contents © MuleSoft Inc. 5 55 • Which MuleSoft container service has built-in policy for XSS? – Runtime Fabric
All contents © MuleSoft Inc. 6 56 • MuleSoft has been Positioned as a Leader for the Fourth Consecutive Time in the Gartner Magic Quadrant for? – Full Life Cycle API Management
All contents © MuleSoft Inc. What’s next 57 • Share: – Tweet your pictures with the hashtag #MuleMeetup – Invite your network to join: https://meetups.mulesoft.com/toronto/ • Feedback: – Contact your organizers Pravallika, Alex, Mahesh, Bruno to suggest topics – Contact MuleSoft at meetup@mulesoft.com for ways to improve the program • Our next meetup: – Date: TBD – Location: Toronto – Topic: TBD
All contents © MuleSoft Inc. Closing Note 58 David Hunter - National iPaaS Technology Leader, Deloitte
Networking time Introduce yourself to your neighbors!
See you next time Please send topic suggestions to the organizer
Thank You

Recommended

How to use Salesforce composite request connector in Mule
How to use Salesforce composite request connector in MuleHow to use Salesforce composite request connector in Mule
How to use Salesforce composite request connector in MuleAlexandra N. Martinez
 
Toronto Virtual Meetup #4 - Anypoint Monitoring (Dashboards, Alerts) and Visu...
Toronto Virtual Meetup #4 - Anypoint Monitoring (Dashboards, Alerts) and Visu...Toronto Virtual Meetup #4 - Anypoint Monitoring (Dashboards, Alerts) and Visu...
Toronto Virtual Meetup #4 - Anypoint Monitoring (Dashboards, Alerts) and Visu...Alexandra N. Martinez
 
Bangalore mulesoft meetup#10
Bangalore mulesoft meetup#10Bangalore mulesoft meetup#10
Bangalore mulesoft meetup#10D.Rajesh Kumar
 
MuleSoft Slack Integration - meetup
MuleSoft Slack Integration - meetupMuleSoft Slack Integration - meetup
MuleSoft Slack Integration - meetupKarthik Venkata T
 
20210916 mule soft_meetup_nz_online_uploadedversion
20210916 mule soft_meetup_nz_online_uploadedversion20210916 mule soft_meetup_nz_online_uploadedversion
20210916 mule soft_meetup_nz_online_uploadedversionMizuhoHoshino
 
MuleSoft Event Driven Architecture (EDA Patterns in MuleSoft) - VirtualMuleys63
MuleSoft Event Driven Architecture (EDA Patterns in MuleSoft) - VirtualMuleys63MuleSoft Event Driven Architecture (EDA Patterns in MuleSoft) - VirtualMuleys63
MuleSoft Event Driven Architecture (EDA Patterns in MuleSoft) - VirtualMuleys63Angel Alberici
 
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...Ricardo Rodríguez
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?Mary Joy Sabal
 

Recommended

How to use Salesforce composite request connector in Mule
How to use Salesforce composite request connector in MuleHow to use Salesforce composite request connector in Mule
How to use Salesforce composite request connector in MuleAlexandra N. Martinez
 
Toronto Virtual Meetup #4 - Anypoint Monitoring (Dashboards, Alerts) and Visu...
Toronto Virtual Meetup #4 - Anypoint Monitoring (Dashboards, Alerts) and Visu...Toronto Virtual Meetup #4 - Anypoint Monitoring (Dashboards, Alerts) and Visu...
Toronto Virtual Meetup #4 - Anypoint Monitoring (Dashboards, Alerts) and Visu...Alexandra N. Martinez
 
Bangalore mulesoft meetup#10
Bangalore mulesoft meetup#10Bangalore mulesoft meetup#10
Bangalore mulesoft meetup#10D.Rajesh Kumar
 
MuleSoft Slack Integration - meetup
MuleSoft Slack Integration - meetupMuleSoft Slack Integration - meetup
MuleSoft Slack Integration - meetupKarthik Venkata T
 
20210916 mule soft_meetup_nz_online_uploadedversion
20210916 mule soft_meetup_nz_online_uploadedversion20210916 mule soft_meetup_nz_online_uploadedversion
20210916 mule soft_meetup_nz_online_uploadedversionMizuhoHoshino
 
MuleSoft Event Driven Architecture (EDA Patterns in MuleSoft) - VirtualMuleys63
MuleSoft Event Driven Architecture (EDA Patterns in MuleSoft) - VirtualMuleys63MuleSoft Event Driven Architecture (EDA Patterns in MuleSoft) - VirtualMuleys63
MuleSoft Event Driven Architecture (EDA Patterns in MuleSoft) - VirtualMuleys63Angel Alberici
 
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...
Mulesoft Meetups - Salesforce & Mulesoft Integrations, Anypoint Security Poli...Ricardo Rodríguez
 
How Secure is Your API?
How Secure is Your API?How Secure is Your API?
How Secure is Your API?Mary Joy Sabal
 
Hyderabad meet up-sep12
Hyderabad meet up-sep12Hyderabad meet up-sep12
Hyderabad meet up-sep12Sravan Lingam
 
Anypoint Monitoring - Built in Dashboards, Custom Dashboards, Alerts and Func...
Anypoint Monitoring - Built in Dashboards, Custom Dashboards, Alerts and Func...Anypoint Monitoring - Built in Dashboards, Custom Dashboards, Alerts and Func...
Anypoint Monitoring - Built in Dashboards, Custom Dashboards, Alerts and Func...Anoop Ramachandran
 
DelhiMeetup_AnypointMonitoring_v1.pptx
DelhiMeetup_AnypointMonitoring_v1.pptxDelhiMeetup_AnypointMonitoring_v1.pptx
DelhiMeetup_AnypointMonitoring_v1.pptxAnuragSharma900
 
Delhi MuleSoft Meetup - 19 march2022
Delhi MuleSoft Meetup - 19 march2022Delhi MuleSoft Meetup - 19 march2022
Delhi MuleSoft Meetup - 19 march2022AnuragSharma900
 
Raleigh MuleSoft Meetup - October
Raleigh MuleSoft Meetup - October Raleigh MuleSoft Meetup - October
Raleigh MuleSoft Meetup - October Savannah Cole
 
Meetup slide api_design_custom_poicies_in_mule4
Meetup slide api_design_custom_poicies_in_mule4Meetup slide api_design_custom_poicies_in_mule4
Meetup slide api_design_custom_poicies_in_mule4AnuragSharma900
 
MuleSoft Kochi Meetup #3– Integration with Web Sockets
MuleSoft Kochi Meetup #3– Integration with Web Sockets MuleSoft Kochi Meetup #3– Integration with Web Sockets
MuleSoft Kochi Meetup #3– Integration with Web Socketssumitahuja94
 
Manchester Meetup #3
Manchester Meetup #3Manchester Meetup #3
Manchester Meetup #3Francis Edwards
 
Building APIs with Mule and Spring Boot
Building APIs with Mule and Spring BootBuilding APIs with Mule and Spring Boot
Building APIs with Mule and Spring BootGuilherme Pereira Silva
 
MuleSoft Meetup Bangalore - 26 May 2018
MuleSoft Meetup Bangalore - 26 May 2018MuleSoft Meetup Bangalore - 26 May 2018
MuleSoft Meetup Bangalore - 26 May 2018Srilatha Kante
 
10th Manila MuleSoft Meetup Aug 2021
10th Manila MuleSoft Meetup Aug 202110th Manila MuleSoft Meetup Aug 2021
10th Manila MuleSoft Meetup Aug 2021Ryan Anthony Andal
 
Toronto Virtual Meetup #12 - Testing Strategies and MUnit Test Recorder
Toronto Virtual Meetup #12 - Testing Strategies and MUnit Test RecorderToronto Virtual Meetup #12 - Testing Strategies and MUnit Test Recorder
Toronto Virtual Meetup #12 - Testing Strategies and MUnit Test RecorderAlexandra N. Martinez
 
#1 Calicut MuleSoft Meetup - Introduction to Enterprise Integration and MuleSoft
#1 Calicut MuleSoft Meetup - Introduction to Enterprise Integration and MuleSoft#1 Calicut MuleSoft Meetup - Introduction to Enterprise Integration and MuleSoft
#1 Calicut MuleSoft Meetup - Introduction to Enterprise Integration and MuleSoftJohnMathewPhilip
 
MuleSoft Meetup Bangalore #12
MuleSoft Meetup Bangalore #12MuleSoft Meetup Bangalore #12
MuleSoft Meetup Bangalore #12Nagaraju K R
 
MuleSoft_meetup | Integralzone
MuleSoft_meetup | IntegralzoneMuleSoft_meetup | Integralzone
MuleSoft_meetup | IntegralzoneIntegralZone
 
Indianapolis mulesoft meetup_sep_11_2021
Indianapolis mulesoft meetup_sep_11_2021Indianapolis mulesoft meetup_sep_11_2021
Indianapolis mulesoft meetup_sep_11_2021ikram_ahamed
 
Operationalizing your C4E VirtualMuleys & Deployment Considerations: Cloudhub...
Operationalizing your C4E VirtualMuleys & Deployment Considerations: Cloudhub...Operationalizing your C4E VirtualMuleys & Deployment Considerations: Cloudhub...
Operationalizing your C4E VirtualMuleys & Deployment Considerations: Cloudhub...Angel Alberici
 
#2 connected apps_calicut_31_july
#2 connected apps_calicut_31_july#2 connected apps_calicut_31_july
#2 connected apps_calicut_31_julyJohnMathewPhilip
 
#3 calicut meetup - understanding slb, dlb and web sockets
#3 calicut meetup - understanding slb, dlb and web sockets#3 calicut meetup - understanding slb, dlb and web sockets
#3 calicut meetup - understanding slb, dlb and web socketsJohnMathewPhilip
 
Api functional monitoring -9th October 2021
Api functional monitoring -9th October 2021Api functional monitoring -9th October 2021
Api functional monitoring -9th October 2021AnuragSharma900
 
Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 

More Related Content

What's hot

Hyderabad meet up-sep12
Hyderabad meet up-sep12Hyderabad meet up-sep12
Hyderabad meet up-sep12Sravan Lingam
 
Anypoint Monitoring - Built in Dashboards, Custom Dashboards, Alerts and Func...
Anypoint Monitoring - Built in Dashboards, Custom Dashboards, Alerts and Func...Anypoint Monitoring - Built in Dashboards, Custom Dashboards, Alerts and Func...
Anypoint Monitoring - Built in Dashboards, Custom Dashboards, Alerts and Func...Anoop Ramachandran
 
DelhiMeetup_AnypointMonitoring_v1.pptx
DelhiMeetup_AnypointMonitoring_v1.pptxDelhiMeetup_AnypointMonitoring_v1.pptx
DelhiMeetup_AnypointMonitoring_v1.pptxAnuragSharma900
 
Delhi MuleSoft Meetup - 19 march2022
Delhi MuleSoft Meetup - 19 march2022Delhi MuleSoft Meetup - 19 march2022
Delhi MuleSoft Meetup - 19 march2022AnuragSharma900
 
Raleigh MuleSoft Meetup - October
Raleigh MuleSoft Meetup - October Raleigh MuleSoft Meetup - October
Raleigh MuleSoft Meetup - October Savannah Cole
 
Meetup slide api_design_custom_poicies_in_mule4
Meetup slide api_design_custom_poicies_in_mule4Meetup slide api_design_custom_poicies_in_mule4
Meetup slide api_design_custom_poicies_in_mule4AnuragSharma900
 
MuleSoft Kochi Meetup #3– Integration with Web Sockets
MuleSoft Kochi Meetup #3– Integration with Web Sockets MuleSoft Kochi Meetup #3– Integration with Web Sockets
MuleSoft Kochi Meetup #3– Integration with Web Socketssumitahuja94
 
MuleSoft Meetup Bangalore - 26 May 2018
MuleSoft Meetup Bangalore - 26 May 2018MuleSoft Meetup Bangalore - 26 May 2018
MuleSoft Meetup Bangalore - 26 May 2018Srilatha Kante
 
10th Manila MuleSoft Meetup Aug 2021
10th Manila MuleSoft Meetup Aug 202110th Manila MuleSoft Meetup Aug 2021
10th Manila MuleSoft Meetup Aug 2021Ryan Anthony Andal
 
Toronto Virtual Meetup #12 - Testing Strategies and MUnit Test Recorder
Toronto Virtual Meetup #12 - Testing Strategies and MUnit Test RecorderToronto Virtual Meetup #12 - Testing Strategies and MUnit Test Recorder
Toronto Virtual Meetup #12 - Testing Strategies and MUnit Test RecorderAlexandra N. Martinez
 
#1 Calicut MuleSoft Meetup - Introduction to Enterprise Integration and MuleSoft
#1 Calicut MuleSoft Meetup - Introduction to Enterprise Integration and MuleSoft#1 Calicut MuleSoft Meetup - Introduction to Enterprise Integration and MuleSoft
#1 Calicut MuleSoft Meetup - Introduction to Enterprise Integration and MuleSoftJohnMathewPhilip
 
MuleSoft Meetup Bangalore #12
MuleSoft Meetup Bangalore #12MuleSoft Meetup Bangalore #12
MuleSoft Meetup Bangalore #12Nagaraju K R
 
MuleSoft_meetup | Integralzone
MuleSoft_meetup | IntegralzoneMuleSoft_meetup | Integralzone
MuleSoft_meetup | IntegralzoneIntegralZone
 
Indianapolis mulesoft meetup_sep_11_2021
Indianapolis mulesoft meetup_sep_11_2021Indianapolis mulesoft meetup_sep_11_2021
Indianapolis mulesoft meetup_sep_11_2021ikram_ahamed
 
Operationalizing your C4E VirtualMuleys & Deployment Considerations: Cloudhub...
Operationalizing your C4E VirtualMuleys & Deployment Considerations: Cloudhub...Operationalizing your C4E VirtualMuleys & Deployment Considerations: Cloudhub...
Operationalizing your C4E VirtualMuleys & Deployment Considerations: Cloudhub...Angel Alberici
 
#2 connected apps_calicut_31_july
#2 connected apps_calicut_31_july#2 connected apps_calicut_31_july
#2 connected apps_calicut_31_julyJohnMathewPhilip
 
#3 calicut meetup - understanding slb, dlb and web sockets
#3 calicut meetup - understanding slb, dlb and web sockets#3 calicut meetup - understanding slb, dlb and web sockets
#3 calicut meetup - understanding slb, dlb and web socketsJohnMathewPhilip
 
Api functional monitoring -9th October 2021
Api functional monitoring -9th October 2021Api functional monitoring -9th October 2021
Api functional monitoring -9th October 2021AnuragSharma900
 

What's hot (20)

Hyderabad meet up-sep12
Hyderabad meet up-sep12Hyderabad meet up-sep12
Hyderabad meet up-sep12
 
Anypoint Monitoring - Built in Dashboards, Custom Dashboards, Alerts and Func...
Anypoint Monitoring - Built in Dashboards, Custom Dashboards, Alerts and Func...Anypoint Monitoring - Built in Dashboards, Custom Dashboards, Alerts and Func...
Anypoint Monitoring - Built in Dashboards, Custom Dashboards, Alerts and Func...
 
DelhiMeetup_AnypointMonitoring_v1.pptx
DelhiMeetup_AnypointMonitoring_v1.pptxDelhiMeetup_AnypointMonitoring_v1.pptx
DelhiMeetup_AnypointMonitoring_v1.pptx
 
Delhi MuleSoft Meetup - 19 march2022
Delhi MuleSoft Meetup - 19 march2022Delhi MuleSoft Meetup - 19 march2022
Delhi MuleSoft Meetup - 19 march2022
 
Raleigh MuleSoft Meetup - October
Raleigh MuleSoft Meetup - October Raleigh MuleSoft Meetup - October
Raleigh MuleSoft Meetup - October
 
Meetup slide api_design_custom_poicies_in_mule4
Meetup slide api_design_custom_poicies_in_mule4Meetup slide api_design_custom_poicies_in_mule4
Meetup slide api_design_custom_poicies_in_mule4
 
MuleSoft Kochi Meetup #3– Integration with Web Sockets
MuleSoft Kochi Meetup #3– Integration with Web Sockets MuleSoft Kochi Meetup #3– Integration with Web Sockets
MuleSoft Kochi Meetup #3– Integration with Web Sockets
 
Manchester Meetup #3
Manchester Meetup #3Manchester Meetup #3
Manchester Meetup #3
 
Building APIs with Mule and Spring Boot
Building APIs with Mule and Spring BootBuilding APIs with Mule and Spring Boot
Building APIs with Mule and Spring Boot
 
MuleSoft Meetup Bangalore - 26 May 2018
MuleSoft Meetup Bangalore - 26 May 2018MuleSoft Meetup Bangalore - 26 May 2018
MuleSoft Meetup Bangalore - 26 May 2018
 
10th Manila MuleSoft Meetup Aug 2021
10th Manila MuleSoft Meetup Aug 202110th Manila MuleSoft Meetup Aug 2021
10th Manila MuleSoft Meetup Aug 2021
 
Toronto Virtual Meetup #12 - Testing Strategies and MUnit Test Recorder
Toronto Virtual Meetup #12 - Testing Strategies and MUnit Test RecorderToronto Virtual Meetup #12 - Testing Strategies and MUnit Test Recorder
Toronto Virtual Meetup #12 - Testing Strategies and MUnit Test Recorder
 
#1 Calicut MuleSoft Meetup - Introduction to Enterprise Integration and MuleSoft
#1 Calicut MuleSoft Meetup - Introduction to Enterprise Integration and MuleSoft#1 Calicut MuleSoft Meetup - Introduction to Enterprise Integration and MuleSoft
#1 Calicut MuleSoft Meetup - Introduction to Enterprise Integration and MuleSoft
 
MuleSoft Meetup Bangalore #12
MuleSoft Meetup Bangalore #12MuleSoft Meetup Bangalore #12
MuleSoft Meetup Bangalore #12
 
MuleSoft_meetup | Integralzone
MuleSoft_meetup | IntegralzoneMuleSoft_meetup | Integralzone
MuleSoft_meetup | Integralzone
 
Indianapolis mulesoft meetup_sep_11_2021
Indianapolis mulesoft meetup_sep_11_2021Indianapolis mulesoft meetup_sep_11_2021
Indianapolis mulesoft meetup_sep_11_2021
 
Operationalizing your C4E VirtualMuleys & Deployment Considerations: Cloudhub...
Operationalizing your C4E VirtualMuleys & Deployment Considerations: Cloudhub...Operationalizing your C4E VirtualMuleys & Deployment Considerations: Cloudhub...
Operationalizing your C4E VirtualMuleys & Deployment Considerations: Cloudhub...
 
#2 connected apps_calicut_31_july
#2 connected apps_calicut_31_july#2 connected apps_calicut_31_july
#2 connected apps_calicut_31_july
 
#3 calicut meetup - understanding slb, dlb and web sockets
#3 calicut meetup - understanding slb, dlb and web sockets#3 calicut meetup - understanding slb, dlb and web sockets
#3 calicut meetup - understanding slb, dlb and web sockets
 
Api functional monitoring -9th October 2021
Api functional monitoring -9th October 2021Api functional monitoring -9th October 2021
Api functional monitoring -9th October 2021
 

Similar to Toronto mule meetup #5

Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Codemotion
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelinesZakaria SMAHI
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemRogue Wave Software
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecLalit Kale
 
Mule soft meetup_virtual_ 3_charlotte_07july_2021__final
Mule soft meetup_virtual_ 3_charlotte_07july_2021__finalMule soft meetup_virtual_ 3_charlotte_07july_2021__final
Mule soft meetup_virtual_ 3_charlotte_07july_2021__finalSubhash Patel
 
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial ModellingDevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial ModellingDevSecCon
 
Sql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSheri Elliott
 
Mule soft meetup_indonesia_june2020
Mule soft meetup_indonesia_june2020Mule soft meetup_indonesia_june2020
Mule soft meetup_indonesia_june2020WendyTey4
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...IBM Security
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application SecurityNicholas Davis
 
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)Daniel Tumser
 
2016 Guide to User Data Security
2016 Guide to User Data Security2016 Guide to User Data Security
2016 Guide to User Data SecuritySean Bryant
 
The Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxThe Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxQACraft
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherWendy Knox Everette
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare ☁
 
Sydney mule soft meetup 30 april 2020
Sydney mule soft meetup 30 april 2020Sydney mule soft meetup 30 april 2020
Sydney mule soft meetup 30 april 2020Royston Lobo
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsTechWell
 

Similar to Toronto mule meetup #5 (20)

Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...Secure Coding principles by example: Build Security In from the start - Carlo...
Secure Coding principles by example: Build Security In from the start - Carlo...
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 
Security testing
Security testingSecurity testing
Security testing
 
Cyber security - It starts with the embedded system
Cyber security - It starts with the embedded systemCyber security - It starts with the embedded system
Cyber security - It starts with the embedded system
 
For Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSecFor Business's Sake, Let's focus on AppSec
For Business's Sake, Let's focus on AppSec
 
Mule soft meetup_virtual_ 3_charlotte_07july_2021__final
Mule soft meetup_virtual_ 3_charlotte_07july_2021__finalMule soft meetup_virtual_ 3_charlotte_07july_2021__final
Mule soft meetup_virtual_ 3_charlotte_07july_2021__final
 
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial ModellingDevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
DevSecCon Asia 2017 Pishu Mahtani: Adversarial Modelling
 
Sql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application EnvironmentSql Injection Attacks And A Web Application Environment
Sql Injection Attacks And A Web Application Environment
 
Mule soft meetup_indonesia_june2020
Mule soft meetup_indonesia_june2020Mule soft meetup_indonesia_june2020
Mule soft meetup_indonesia_june2020
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
Survey Presentation About Application Security
Survey Presentation About Application SecuritySurvey Presentation About Application Security
Survey Presentation About Application Security
 
Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)Cross-Site Scripting (XSS)
Cross-Site Scripting (XSS)
 
2016 Guide to User Data Security
2016 Guide to User Data Security2016 Guide to User Data Security
2016 Guide to User Data Security
 
The Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docxThe Importance of Security Testing in Web Applications.docx
The Importance of Security Testing in Web Applications.docx
 
Security engineering 101 when good design & security work together
Security engineering 101 when good design & security work togetherSecurity engineering 101 when good design & security work together
Security engineering 101 when good design & security work together
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
Manoj Purandare - Application Security - Secure Code Assessment Program - Pre...
 
Sydney mule soft meetup 30 april 2020
Sydney mule soft meetup 30 april 2020Sydney mule soft meetup 30 april 2020
Sydney mule soft meetup 30 april 2020
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
 

More from Alexandra N. Martinez

Mejora tu productividad creando aplicaciones de Slack
Mejora tu productividad creando aplicaciones de SlackMejora tu productividad creando aplicaciones de Slack
Mejora tu productividad creando aplicaciones de SlackAlexandra N. Martinez
 
Women Who Mule - Workshop series #2: Ghost
Women Who Mule - Workshop series #2: GhostWomen Who Mule - Workshop series #2: Ghost
Women Who Mule - Workshop series #2: GhostAlexandra N. Martinez
 
Women Who Mule - Workshop series: Create your own blog from scratch without a...
Women Who Mule - Workshop series: Create your own blog from scratch without a...Women Who Mule - Workshop series: Create your own blog from scratch without a...
Women Who Mule - Workshop series: Create your own blog from scratch without a...Alexandra N. Martinez
 
Toronto Virtual Meetup #11 - Reviewing Complex DataWeave Transformation Use-case
Toronto Virtual Meetup #11 - Reviewing Complex DataWeave Transformation Use-caseToronto Virtual Meetup #11 - Reviewing Complex DataWeave Transformation Use-case
Toronto Virtual Meetup #11 - Reviewing Complex DataWeave Transformation Use-caseAlexandra N. Martinez
 
Cómo generar e implementar monitoreo para aplicaciones de Mule
Cómo generar e implementar monitoreo para aplicaciones de MuleCómo generar e implementar monitoreo para aplicaciones de Mule
Cómo generar e implementar monitoreo para aplicaciones de MuleAlexandra N. Martinez
 
reCONNECT 2021 May Meetup - Women Who Mule #4
reCONNECT 2021 May Meetup - Women Who Mule #4reCONNECT 2021 May Meetup - Women Who Mule #4
reCONNECT 2021 May Meetup - Women Who Mule #4Alexandra N. Martinez
 
Women Who Mule - April Meetup (Diane Kesler's Journey)
Women Who Mule - April Meetup (Diane Kesler's Journey)Women Who Mule - April Meetup (Diane Kesler's Journey)
Women Who Mule - April Meetup (Diane Kesler's Journey)Alexandra N. Martinez
 
Toronto Virtual Meetup #9 - KPIs and metrics accelerator
Toronto Virtual Meetup #9 - KPIs and metrics acceleratorToronto Virtual Meetup #9 - KPIs and metrics accelerator
Toronto Virtual Meetup #9 - KPIs and metrics acceleratorAlexandra N. Martinez
 
Reviewing a complex dataweave transformation use case v3
Reviewing a complex dataweave transformation use case v3Reviewing a complex dataweave transformation use case v3
Reviewing a complex dataweave transformation use case v3Alexandra N. Martinez
 
What is munit and how to create your first unit test
What is munit and how to create your first unit testWhat is munit and how to create your first unit test
What is munit and how to create your first unit testAlexandra N. Martinez
 
Toronto Virtual Meetup #8 - Tips for Reusability
Toronto Virtual Meetup #8 - Tips for ReusabilityToronto Virtual Meetup #8 - Tips for Reusability
Toronto Virtual Meetup #8 - Tips for ReusabilityAlexandra N. Martinez
 
Meetup en español #6 - MuleSoft para profesionales de Java (segunda edición)
Meetup en español #6 - MuleSoft para profesionales de Java (segunda edición)Meetup en español #6 - MuleSoft para profesionales de Java (segunda edición)
Meetup en español #6 - MuleSoft para profesionales de Java (segunda edición)Alexandra N. Martinez
 
Meetup en español #5 - Continuous Integration and Continuous Delivery (CI/CD)...
Meetup en español #5 - Continuous Integration and Continuous Delivery (CI/CD)...Meetup en español #5 - Continuous Integration and Continuous Delivery (CI/CD)...
Meetup en español #5 - Continuous Integration and Continuous Delivery (CI/CD)...Alexandra N. Martinez
 
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB Architecture
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB ArchitectureToronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB Architecture
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB ArchitectureAlexandra N. Martinez
 
Reviewing a Complex DataWeave Transformation Use-case v2
Reviewing a Complex DataWeave Transformation Use-case v2Reviewing a Complex DataWeave Transformation Use-case v2
Reviewing a Complex DataWeave Transformation Use-case v2Alexandra N. Martinez
 
Meetup en español #4 - MuleSoft para profesionales de Java
Meetup en español #4 - MuleSoft para profesionales de Java Meetup en español #4 - MuleSoft para profesionales de Java
Meetup en español #4 - MuleSoft para profesionales de JavaAlexandra N. Martinez
 
Toronto Virtual Meetup #5 - API Security and Threats
Toronto Virtual Meetup #5 - API Security and ThreatsToronto Virtual Meetup #5 - API Security and Threats
Toronto Virtual Meetup #5 - API Security and ThreatsAlexandra N. Martinez
 

More from Alexandra N. Martinez (20)

Mejora tu productividad creando aplicaciones de Slack
Mejora tu productividad creando aplicaciones de SlackMejora tu productividad creando aplicaciones de Slack
Mejora tu productividad creando aplicaciones de Slack
 
Women Who Mule - Workshop series #2: Ghost
Women Who Mule - Workshop series #2: GhostWomen Who Mule - Workshop series #2: Ghost
Women Who Mule - Workshop series #2: Ghost
 
Women Who Mule - Workshop series: Create your own blog from scratch without a...
Women Who Mule - Workshop series: Create your own blog from scratch without a...Women Who Mule - Workshop series: Create your own blog from scratch without a...
Women Who Mule - Workshop series: Create your own blog from scratch without a...
 
Women Who Mule - June Meetup (EMEA)
Women Who Mule - June Meetup (EMEA)Women Who Mule - June Meetup (EMEA)
Women Who Mule - June Meetup (EMEA)
 
Toronto Virtual Meetup #11 - Reviewing Complex DataWeave Transformation Use-case
Toronto Virtual Meetup #11 - Reviewing Complex DataWeave Transformation Use-caseToronto Virtual Meetup #11 - Reviewing Complex DataWeave Transformation Use-case
Toronto Virtual Meetup #11 - Reviewing Complex DataWeave Transformation Use-case
 
Cómo generar e implementar monitoreo para aplicaciones de Mule
Cómo generar e implementar monitoreo para aplicaciones de MuleCómo generar e implementar monitoreo para aplicaciones de Mule
Cómo generar e implementar monitoreo para aplicaciones de Mule
 
reCONNECT 2021 May Meetup - Women Who Mule #4
reCONNECT 2021 May Meetup - Women Who Mule #4reCONNECT 2021 May Meetup - Women Who Mule #4
reCONNECT 2021 May Meetup - Women Who Mule #4
 
Women Who Mule - April Meetup (Diane Kesler's Journey)
Women Who Mule - April Meetup (Diane Kesler's Journey)Women Who Mule - April Meetup (Diane Kesler's Journey)
Women Who Mule - April Meetup (Diane Kesler's Journey)
 
Toronto Virtual Meetup #9 - KPIs and metrics accelerator
Toronto Virtual Meetup #9 - KPIs and metrics acceleratorToronto Virtual Meetup #9 - KPIs and metrics accelerator
Toronto Virtual Meetup #9 - KPIs and metrics accelerator
 
Reviewing a complex dataweave transformation use case v3
Reviewing a complex dataweave transformation use case v3Reviewing a complex dataweave transformation use case v3
Reviewing a complex dataweave transformation use case v3
 
Introduction to MuleSoft
Introduction to MuleSoftIntroduction to MuleSoft
Introduction to MuleSoft
 
What is munit and how to create your first unit test
What is munit and how to create your first unit testWhat is munit and how to create your first unit test
What is munit and how to create your first unit test
 
Truly Human part 1
Truly Human part 1Truly Human part 1
Truly Human part 1
 
Toronto Virtual Meetup #8 - Tips for Reusability
Toronto Virtual Meetup #8 - Tips for ReusabilityToronto Virtual Meetup #8 - Tips for Reusability
Toronto Virtual Meetup #8 - Tips for Reusability
 
Meetup en español #6 - MuleSoft para profesionales de Java (segunda edición)
Meetup en español #6 - MuleSoft para profesionales de Java (segunda edición)Meetup en español #6 - MuleSoft para profesionales de Java (segunda edición)
Meetup en español #6 - MuleSoft para profesionales de Java (segunda edición)
 
Meetup en español #5 - Continuous Integration and Continuous Delivery (CI/CD)...
Meetup en español #5 - Continuous Integration and Continuous Delivery (CI/CD)...Meetup en español #5 - Continuous Integration and Continuous Delivery (CI/CD)...
Meetup en español #5 - Continuous Integration and Continuous Delivery (CI/CD)...
 
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB Architecture
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB ArchitectureToronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB Architecture
Toronto Virtual Meetup #7 - Anypoint VPC, VPN and DLB Architecture
 
Reviewing a Complex DataWeave Transformation Use-case v2
Reviewing a Complex DataWeave Transformation Use-case v2Reviewing a Complex DataWeave Transformation Use-case v2
Reviewing a Complex DataWeave Transformation Use-case v2
 
Meetup en español #4 - MuleSoft para profesionales de Java
Meetup en español #4 - MuleSoft para profesionales de Java Meetup en español #4 - MuleSoft para profesionales de Java
Meetup en español #4 - MuleSoft para profesionales de Java
 
Toronto Virtual Meetup #5 - API Security and Threats
Toronto Virtual Meetup #5 - API Security and ThreatsToronto Virtual Meetup #5 - API Security and Threats
Toronto Virtual Meetup #5 - API Security and Threats
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsSergiu Bodiu
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piececharlottematthew16
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clashcharlottematthew16
 

Recently uploaded (20)

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
DevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platformsDevEX - reference for building teams, processes, and platforms
DevEX - reference for building teams, processes, and platforms
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Story boards and shot lists for my a level piece
Story boards and shot lists for my a level pieceStory boards and shot lists for my a level piece
Story boards and shot lists for my a level piece
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Powerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time ClashPowerpoint exploring the locations used in television show Time Clash
Powerpoint exploring the locations used in television show Time Clash
 

Toronto mule meetup #5

  • 1. [12th Nov 2019]: [TORONTO MULE MEETUP #5] TORONTO
  • 2. All contents © MuleSoft Inc. Agenda 2 • Introduction • Presentations – The biggest mistakes Mulesoft developers are making and how to avoid them – Jason Estevan – Cross-site scripting attack and how to deal with it in MuleSoft – Najma Banu – API Gateway - Kesavaraman Mariappan • Quiz • What’s next • Networking time
  • 3. All contents © MuleSoft Inc. Introductions 3 • About the organizers: -Pravallika Nagaraja -Alexandra Martinez -Mahesh Pujari -Bruno Baloi • About the sponsor: -Deloitte
  • 4. All contents © MuleSoft Inc. Speaker 4 Jason Estevan - Consultant and MuleSoft Ambassador The biggest mistakes MuleSoft developers are making and how to avoid them.
  • 5. The Biggest Mistakes MuleSoft Developers Are Making *IMO Jason Estevan MuleSoft Architect & Developer at EsteSolutions, MuleSoft Ambassador, Salesforce Trailblazer jason@jasonestevan.com
  • 6. All contents © MuleSoft Inc. Logic inside Java Code 6 • Impact is to future developers - Tough to read (pictures vs words) . Short circuits alot of helpful MuleSoft features; Munit, business events, logging, error handling. Leads to overall lesser quality applications.
  • 7. All contents © MuleSoft Inc. Too Complex 7 • Impact is to customers, operation members and developers - Without a deep understanding of the component’s hidden workings there will be rare and complex issues that can come up. Little to no benefit.
  • 8. All contents © MuleSoft Inc. Memory Management 8 • Impact is to business - Applications that handle large volumns of data incorrectly will need more computer resources to run. This is a added cost to the buiness, MuleSoft vCores are not cheap.
  • 9. All contents © MuleSoft Inc. Secure Configuration Properties 9 • Impact is to the business and customers - Improper stewards of data will lose trust with your customers. Regulators can fine your company.
  • 10. All contents © MuleSoft Inc. Minimum Viable Product 10 • Impact is to the business and yourself - Anything that will need the help of others should be identified early so it doesn’t affect the project’s deadlines. ● Access – Can I make successful connections to all the systems needed? ● Data – Do I have all the data needed to fullfil the objective? ● Escalations – What problems are apparent that will need answers from others?
  • 11. All contents © MuleSoft Inc. Coding to User Story 11 • Impact is to the business, customers, your team and yourself - Delivering something that introduces breaks, creates legacy code, or is not what was needed is a step backwards and a costly mistake that would of been better not started. User Story #1 Inside the Create Order API on line #45 of order-http- request.xml add the following to the choice component expression: OR customer.orderdate >= "JUN-24-1980" User Story #2 Create an API that will validate whether a customer exists or not. The API should accept a customer id, if it exists return back true or if not found return back an empty json response. User Story #3 Create a job that syncs inventory date from our DB to SalesForce. R1: Data needs to be synced every 6 hours R2: Provide a flat file for the SalesForce team with the inventory.
  • 12. All contents © MuleSoft Inc. Levels of Impact Summary 12 ● Logic inside Java Code – Your team of developers. ● Too Complex – Rare customer errors. Very painful to your team of developers and operation members to find and resolve them. ● Memory Management – Runs slightly slower. More costly in vcore licencing. • Secure Configuration Properties – Easy to fix. Low chance but impact is massive to the business and could end your career. ● Minimum Viable Product – Deliver faster, less delays. Less stress for yourself and everyone around you. Low impact on you, just rearranging work tasks. ● Coding to User Story – Impacts the business, customers, your team and yourself. Need to change mindset.
  • 13. All contents © MuleSoft Inc. Focus of your Decision Making 13 As engineers we have a passion and skill for solving problems. When we are given a task we often want to dive in right away into code and see if we can figure it out. Often rushed as we usually are given a tight deadline. When implementing our solution our engineering mind tend to focus on optimization, performance and whether or code looks pretty. However if we take a step back and instead make decisions based on the size of their impact, we can make bigger and more meaniful contibutions to others. Customers get products and services that help them. Businesses can build those product and services quickly and make a profit. Developers can focus on solving new problems and feel enjoyment and pride knowing their work is helping others.
  • 14. All contents © MuleSoft Inc. Find me online 14 Technical MuleSoft tutorials and a community of developers. www.youtube.com/c/JasonEstevan Share our content and achievements, encourage each other, messaging platform. https://www.linkedin.com/in/jasonestevan/
  • 15. All contents © MuleSoft Inc. You have to earn me ! 15 • Give at least 3 difference between Mule 3 and 4. – Attributes – Error Handling – Variables – Dataweave 2.0 – Project Structure
  • 16. All contents © MuleSoft Inc. Speaker 16 Najma Banu - Integration expert, TechM Cross-site scripting attack and how to deal with it in MuleSoft.
  • 17. All contents © MuleSoft Inc. By Najma Banu
  • 18. All contents © MuleSoft Inc. •What is XSS • Types of XSS • Impact of XSS • Prevention Topics
  • 19. All contents © MuleSoft Inc. • What is XSS •Types of XSS • Impact of XSS • Prevention Topics
  • 20. All contents © MuleSoft Inc. • What is XSS • Types of XSS •Impact of XSS • Prevention Topics
  • 21. All contents © MuleSoft Inc. • What is XSS • Types of XSS • Impact of XSS •Prevention Topics
  • 22. All contents © MuleSoft Inc. • What is XSS • Types of XSS • Impact of XSS • Prevention Topics
  • 23. All contents © MuleSoft Inc. What is XSS?
  • 24. All contents © MuleSoft Inc. • Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. • XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. What is XSS?
  • 25. All contents © MuleSoft Inc. Types of XSS
  • 26. All contents © MuleSoft Inc. Persistent XSS: • Malicious input is stored in a database and be made available to the victim Reflected XSS: • Malicious input is part of the HTTP request payload or url. The reflected error response contains the malicious input which was part of the request payload. DOM-based XSS: • Malicious JavaScript is executed at some point after the page has loaded, as a result of the page's legitimate JavaScript treating user input in an unsafe way. Types of XSS
  • 27. All contents © MuleSoft Inc. 1. The attacker manages to insert a malicious script into the database by using one of the website’s forms. 2. Victim requests a page in the website. 3. The website sends the malicious script in its response. 4. The browser executes the script, sending the victim’s cookies to the attacker. Persistent XSS
  • 28. All contents © MuleSoft Inc. Persistent XSS Source: https://excess-xss.com/
  • 29. All contents © MuleSoft Inc. 1. Malicious script is part of the victim’s request to the Website. The attacker tricks the victim to make this request containing the malicious string. 2. The website then includes the malicious script in the response to the victim. 3. The victim’s browser executes the malicious script and send all the victim’s cookies to the attacker. Reflected XSS
  • 30. All contents © MuleSoft Inc. Reflected XSS Source: https://excess-xss.com/
  • 31. All contents © MuleSoft Inc. • Malicious script is part of the victim’s request to the Website. The attacker tricks the victim to make this request containing the malicious string. • The website does not include the malicious script in the response to the victim, instead sends a response with a legitimate script • The Victim’s browser executes the legitimate script • The legitimate script inserts the malicious script into the page • The malicious script gets executed and cookies are sent to the attacker DOM-based XSS
  • 32. All contents © MuleSoft Inc. DOM-based XSS Source: https://excess-
  • 33. All contents © MuleSoft Inc. Impact of XSS
  • 34. All contents © MuleSoft Inc. • Hijack user accounts by stealing their session cookie • Steal credentials by injecting a form into the vulnerable page. (Phishing) • Capture all the key strokes of the user by injecting a keylogger into the vulnerable page • Significantly damages a website’s reputation by placing user’s data at risk Impact of XSS
  • 35. All contents © MuleSoft Inc. Below are some samples of reflected XSS responses from Mule APIs • Method not allowed for endpoint: /<script>alert;</script> • No listener found for the endpoint: /<script>alert;</script> • Method not allowed for endpoint: %3C%61%20%48%72%45%66%3d%56%62%53%63%52%69%50 %74%3a%4d%73%67%42%6f%78%28%38%33%33%35%31%29 %3e (/< HrEf=VbScRiPt:MsgBox(83351)> • If there is any element in the request is reflected in the response, then that element is vulnerable to XSS attacks XSS attack in Mule APIs
  • 36. All contents © MuleSoft Inc. Prevention
  • 37. All contents © MuleSoft Inc. • Strong schema validation • Enable JSON threat protection or XML threat protection • Create custom policy if required • To deal with reflected xss attacks in url, create an API that will accept non-existing URIs and throw a “listener not found” error. This is applicable only if you are in Mule 3 as it has been handled in Mule 4. • Output sanitization. Any data received from client should be scanned before being returned in the response Prevention
  • 38. All contents © MuleSoft Inc. • Anypoint Security(WAF ruleset) in Runtime Fabric  Scanner detection  Protocol enforcement  Protocol attack  Local file inclusion  Remote file inclusion  Remote code execution  PHP injection  Cross-site scripting  SQL injection  Session fixation Prevention
  • 39. All contents © MuleSoft Inc. • https://excess-xss.com/ • https://pentest-tools.com/blog/xss-attacks-practical-scenarios/ • https://www.dionach.com/blog/the-real-impact-of-cross-site- scripting • https://docs.mulesoft.com/anypoint-security/ References
  • 40. All contents © MuleSoft Inc. I am Back ! 40 • What are the three types of XSS? – Persistent XSS – Reflected XSS – DOM-based XSS
  • 41. All contents © MuleSoft Inc. Speaker 41 Kesavaraman Mariappan - Technical Architect, TechM API Gateway.
  • 42. All contents © MuleSoft Inc. • Unlock applications, data, and microservices with an API gateway • Apply prebuilt or custom security policies at runtime with no downtime • Proxy existing SOAP services or create new APIs from OAS and RAML definitions Govern the APIs
  • 43. All contents © MuleSoft Inc. • Provision access across individual clients or entire teams with OAuth and SAML • Use a service mesh to secure and govern microservices — regardless of where they're hosted • Gain insight into the performance of APIs, track usage, and identify errors
  • 44. All contents © MuleSoft Inc. Secure API gateway Unlock monoliths, microservices, or data sources using Anypoint Platform’s native API gateway. Proxy existing services, group APIs together to simplify consumption, and secure APIs with a few clicks.
  • 45. All contents © MuleSoft Inc. Policies Govern access to APIs and control API traffic by automatically enforcing prebuilt or custom policies. Add or remove policies for API security, throttling, rate limiting, caching, and identity management at runtime with no downtime.
  • 46. All contents © MuleSoft Inc. RAML, OAS, SOAP support Provide API management for existing SOAP web services. Import or design API specifications using the most popular formats for API models: RAML and OAS.
  • 47. All contents © MuleSoft Inc. Integrated access management Connect to PingFederate, Okta, LDAP, OpenAM, or MuleSoft's hosted identity management to provide secure access for app developers, partners, and internal business groups. Leverage SAML integration to manage SSO and authorize API consumption through OAuth2 policies.
  • 48. All contents © MuleSoft Inc. API Metrics Track every API transaction using customizable dashboards that provide in- depth visibility into usage metrics. Create customized alerts and drill down into event-related data to analyze the root cause of performance issues.
  • 49. All contents © MuleSoft Inc. This time its me… 49 • List atleast 3 API policies. – Rate Limiting – Client Id enforcement – IP Blacklist – IP Whitelist – XML Threat Protection – JSON Threat protection.
  • 50. All contents © MuleSoft Inc. Quiz 50 Chance to win these cool SWAGS!!!
  • 51. All contents © MuleSoft Inc. 1 51 • The inbound and outbound properties in Mule 3 is replaced by what in Mule 4? – Attributes
  • 52. All contents © MuleSoft Inc. 2 52 • Where is the headquarter of MuleSoft? – San Francisco, California
  • 53. All contents © MuleSoft Inc. 3 53 • List any three scopes in mule 3 or 4 – Asynch – Cache – For Each – Transactional – Until Successful – try
  • 54. All contents © MuleSoft Inc. 4 54 • List the Architect certifications exams that MuleSoft offers? – MuleSoft Certified Platform Architect – MuleSoft Certified Integration Architect
  • 55. All contents © MuleSoft Inc. 5 55 • Which MuleSoft container service has built-in policy for XSS? – Runtime Fabric
  • 56. All contents © MuleSoft Inc. 6 56 • MuleSoft has been Positioned as a Leader for the Fourth Consecutive Time in the Gartner Magic Quadrant for? – Full Life Cycle API Management
  • 57. All contents © MuleSoft Inc. What’s next 57 • Share: – Tweet your pictures with the hashtag #MuleMeetup – Invite your network to join: https://meetups.mulesoft.com/toronto/ • Feedback: – Contact your organizers Pravallika, Alex, Mahesh, Bruno to suggest topics – Contact MuleSoft at meetup@mulesoft.com for ways to improve the program • Our next meetup: – Date: TBD – Location: Toronto – Topic: TBD
  • 58. All contents © MuleSoft Inc. Closing Note 58 David Hunter - National iPaaS Technology Leader, Deloitte
  • 60. See you next time Please send topic suggestions to the organizer