Financial times use case

•

0 likes•53 views

Varnish Software

Varnish Summit 2016

How we strengthened
authentication using Varnish
Luke Blaney
Financial Times

May 2013: We got hacked

Step 1: Multi-factor Authentication

Step 2: Single Sign On
Utilise existing services  
(Google Accounts & Active Directory for us)
Easy to use API
Catchy name
Staff Single Sign On
s3
o

Step 3: Roll it out EVERYWHERE
We used a three-pronged approach:
1. API which can be used for bespoke use-cases
2. Software libraries for common programming languages
3. Varnish integration as a catch-all for any web service

Varnish
Why use Varnish?
Application
Baddies
Authentication
Backdoor
Vulnerability
Application
Authentication
Backdoor
Vulnerability
Baddies

How?
Cron script checks the s3o public key every 5 mins
When it changes it gets substituted into VCL and varnish
reloaded
Lots of inline C to verify auth token really came from s3o
All wrapped up in a puppet module so it’s easy to deploy & reuse

More Related Content

What's hot

Drive API Adoption: Reach Over 13 Million Developers

Drive API Adoption: Reach Over 13 Million Developers

Drive API Adoption: Reach Over 13 Million Developers

Can mule integrate with ring central

Can mule integrate with ring central

Can mule integrate with ring central

Anirban Sen Chowdhary

Postman Galaxy Tour - Keynote Presentation

Postman Galaxy Tour - Keynote Presentation

Postman Galaxy Tour - Keynote Presentation

In this webinar, Postman Developer Advocate Joyce Lin and Engineering Manager Trent McCann discuss automating your tests with Postman while walking you through some advanced testing workflows. Topics include: - Run tests locally using Postman’s Collection Runner - Automate testing as part of your continuous integration (CI) pipeline using Postman’s Newman (a command-line collection runner for Postman) - Run health and security checks using Postman monitors

Postman Webinar: “Continuous Testing with Postman”

Postman Webinar: “Continuous Testing with Postman”

Postman Webinar: “Continuous Testing with Postman”

Postman Enterprise Webinar

Postman Enterprise Webinar

Postman Enterprise Webinar

Presenters: Trent McCann, Engineering Manager, Quality, and Danny Dainton, Senior Quality Engineer Description: Testing APIs is difficult, it's hard to know where to start. Join us as we take you through some of the different techniques and strategies, using Postman. We will walk you through the basics of Testing using Postman and help answer the questions of "Why do you test?" And "How do you write a test?". We will also talk about making these tests work for you. Pulling it all together and making these tests effective and efficient using Automation practices. Lastly, we will walk you through how to track, trend and some of the hidden benefits of Reporting in Postman, to get the most out of your tests.

POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...

POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...

POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...

POST/CON Keynote 2019

POST/CON Keynote 2019

POST/CON Keynote 2019

Postman: An Introduction for API Ops Professionals

Postman: An Introduction for API Ops Professionals

Postman: An Introduction for API Ops Professionals

Note: This webinar is the second in Postman's three-part webinar series on implementing an API-first strategy in enterprise e-commerce. The series, hosted by Postman Chief Evangelist Kin Lane, will walk you through key topics and how-to content via a hypothetical e-commerce enterprise, Union Fashion (see it on GitHub). Continuing with our series, the second webinar will dive into actually deploying and monitoring an API using the Postman platform. We will take the API we developed as part of our previous API-first webinar, and actually bring it to life by focusing on the following areas: - Versions - Monitors - Mocks - Environment - Documentation - Feedback Loops The full video for this session can be found at: https://www.youtube.com/watch?v=jO2M_kqb-jo&t=1659s

Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...

Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...

Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...

What's hot (9)

Drive API Adoption: Reach Over 13 Million Developers

Drive API Adoption: Reach Over 13 Million Developers

Drive API Adoption: Reach Over 13 Million Developers

Can mule integrate with ring central

Can mule integrate with ring central

Can mule integrate with ring central

Postman Galaxy Tour - Keynote Presentation

Postman Galaxy Tour - Keynote Presentation

Postman Galaxy Tour - Keynote Presentation

Postman Webinar: “Continuous Testing with Postman”

Postman Webinar: “Continuous Testing with Postman”

Postman Webinar: “Continuous Testing with Postman”

Postman Enterprise Webinar

Postman Enterprise Webinar

Postman Enterprise Webinar

POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...

POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...

POST/CON 2019 Workshop: Testing, Automated Testing, and Reporting APIs with P...

POST/CON Keynote 2019

POST/CON Keynote 2019

POST/CON Keynote 2019

Postman: An Introduction for API Ops Professionals

Postman: An Introduction for API Ops Professionals

Postman: An Introduction for API Ops Professionals

Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...

Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...

Enterprise E-commerce Webinar Series, Episode 2: Deploying and Monitoring You...

Similar to Financial times use case

VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)

VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)

VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)

In loosely coupled architectures, we must put in place application level security, should it be for client traffic (North-South) or intra-microservices traffic (East-West). In this webinar, we show you how the 42Crunch API firewall can be used to put API threat protection in place automatically, as early as design time. We’ll use a mix of slides and demos to present: (1) The various elements of security to consider in order to cover the full API security scope (infrastructure vs application level security) (2) Which threat protections must be put in place in a microservices architecture, and where (3) How to leverage OpenAPI (aka Swagger) to configure threat protection from design time (4) How to automate threat protection deployment

Protecting Microservices APIs with 42Crunch API Firewall

Protecting Microservices APIs with 42Crunch API Firewall

Protecting Microservices APIs with 42Crunch API Firewall

Today’s cutting-edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share the processes that Amazon’s engineers use to practice DevOps and discuss how you can bring these processes to your company by using a new set of AWS tools (AWS CodePipeline and AWS CodeDeploy). These services were inspired by Amazon's own internal developer tools and DevOps culture.

DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools

DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools

DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools

Amazon Web Services

VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...

VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...

VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...

Introduction to Xamarin and Visual Studio Mobile Center

Introduction to Xamarin and Visual Studio Mobile Center

Introduction to Xamarin and Visual Studio Mobile Center

Arthur Kennedy Otieno

ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS

ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS

ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS

AWS User Group Kochi

OAuth for QuickBooks Online REST Services

OAuth for QuickBooks Online REST Services

OAuth for QuickBooks Online REST Services

Intuit Developer

AWS provides a range of services and tools to help you create industry leading, cloud-enabled mobile apps that can securely scale to millions of users globally. Join Amit Patel, GM of AWS Mobile, to hear our vision for mobile apps and the cloud, industry trends, recent product launches, and success stories directly from our customers. We'll walk through and demo the AWS Mobile offerings for building compelling cloud-enabled mobile apps and for engaging your app users. You’ll learn how to use these offerings (serverless – API Gateway/Lambda, Cognito, and new services) to make it easy to develop both your iOS and Android frontend, as well as your mobile backend.

AWS re:Invent 2016: AWS Mobile State of the Union - Serverless, New User Expe...

AWS re:Invent 2016: AWS Mobile State of the Union - Serverless, New User Expe...

AWS re:Invent 2016: AWS Mobile State of the Union - Serverless, New User Expe...

Amazon Web Services

Today’s cutting-edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying all code changes. This automation helps you catch bugs sooner and accelerates developer productivity. In this session, we’ll share the processes that Amazon’s engineers use to practice DevOps and discuss how you can bring these processes to your company by using a new set of AWS tools (AWS CodePipeline and AWS CodeDeploy). These services were inspired by Amazon's own internal developer tools and DevOps culture.

Dev ops on aws deep dive on continuous delivery - Toronto

Dev ops on aws deep dive on continuous delivery - Toronto

Dev ops on aws deep dive on continuous delivery - Toronto

Amazon Web Services

DevOps On AWS - Deep Dive on Continuous Delivery

DevOps On AWS - Deep Dive on Continuous Delivery

DevOps On AWS - Deep Dive on Continuous Delivery

Mikhail Prudnikov

Single sign-on Across Mobile Applications from RSAConference

Single sign-on Across Mobile Applications from RSAConference

Single sign-on Across Mobile Applications from RSAConference

CA API Management

Firebase

Webscarab demo @ OWASP Belgium

Webscarab demo @ OWASP Belgium

Webscarab demo @ OWASP Belgium

Philippe Bogaerts

Understanding how emerging standards like OAuth and OpenID Connect impact federation Federation is a critical technology for reconciling user identity across Web applications. Now that users consume the same data through cloud and mobile, federation infrastructure must adapt to enable these new channels while maintaining security and providing a consistent user experience. This webinar will examine the differences between identity federation across Web, cloud and mobile, look at API specific use cases and explore the impact of emerging federation standards. You Will Learn Best practices for federating identity across mobile and cloud How emerging identity federation standards will impact your infrastructure How to implement an identity-centric API security and management infrastructure Presenters Ehud Amiri Director, Product Management, CA Technologies Francois Lascelles Chief Architect, Layer 7

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity

CA API Management

Businesses around the world are running the infrastructure that supports their websites and mobile applications in the cloud to lower costs, improve time-to-market, and enable rapid scalability. Join this webinar to learn how the AWS Mobile Services and Javascript SDKs make it easy to leverage the power of AWS to provide consistent user state across devices and platforms, authenticate users via public and private login providers, and to grant controlled access to AWS services and features right from your mobile or web application. Using a simple media application we will demonstrate how you can upload, store, repurpose and deliver content with Amazon S3, Amazon CloudFront and Amazon Elastic Transcoder, make efficient use of Amazon DynamoDB, take advantage of Amazon SQS to decouple your application workflow and to send push notifications to mobile devices via Amazon SNS. Reasons to attend: Learn how you can deliver websites and applications that share state across platforms and devices, using Amazon Elastic Beanstalk and Amazon Cognito. Learn how to leverage the content repurposing, storage and delivery capabilities of Amazon Elastic Transcoder, Amazon S3 and Amazon CloudFront. Learn how to use the AWS Mobile and Javascript SDKs to create applications that manage media.

Delivering Mobile Apps Using AWS Mobile Services

Delivering Mobile Apps Using AWS Mobile Services

Delivering Mobile Apps Using AWS Mobile Services

Amazon Web Services

As software teams transition to cloud-based architectures and adopt more agile processes, the tools they need to support their development cycles will change. In this session, we'll take you through the transition that Amazon made to a service-oriented architecture over a decade ago. We will share the lessons we learned, the processes we adopted, and the tools we built to increase both our agility and reliability. We will also introduce you to AWS CodeCommit, AWS CodePipeline, and AWS CodeDeploy, three new services born out of Amazon's internal DevOps experience. Presented by: Mohammad Nofal, Technical Account Manager, Amazon Web Services Customer Guest: Micha Hernandez van Leuffen, Founder and CEO, Wercker

DevOps on AWS

Amazon Web Services

Today’s cutting-edge companies have software release cycles measured in days instead of months. This agility is enabled by the DevOps practice of continuous delivery, which automates building, testing, and deploying code changes. This automation helps you catch bugs sooner and increases developer productivity. In this webinar, we’ll share the processes that Amazon engineers use to practice DevOps and discuss how you can bring these processes to your company by using a new set of AWS tools (AWS CodePipeline and AWS CodeDeploy). These services were inspired by Amazon's own internal developer tools and DevOps culture. Learning Objectives: • Learn what is continuous delivery, its benefits, and how to implement it • Learn how to increase the frequency and reliability of your application updates • Learn to create an automated software release workflow on AWS • Understand the basics of AWS CodePipeline and AWS CodeDeploy

Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series

Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series

Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series

Amazon Web Services

Definition driven API development advocates for designing the API’s definition first before any other lifecycle operation has been implemented. This definition is then used to drive other aspects of the API lifecycle, including implementation, testing, and virtualization of your APIs. The OpenAPI Specification has emerged as THE definition framework for REST APIs, and provides a common contract of designers, developers, testers, and devops to build and maintain APIs. In this session, we will detail how you can take advantage of the OpenAPI Specification to accelerate your API development and testing strategy. We will cover how you can use SmartBear tools like SwaggerHub to design and manage your definition, and how this definition can be refactored into the ReadyAPI testing suite, and ServiceV, to virtualize your API dependencies and deliver quality, performant APIs faster.

Faster Development and Better Quality In The Era of API Definitions

Faster Development and Better Quality In The Era of API Definitions

Faster Development and Better Quality In The Era of API Definitions

Notice: This Workshop requires a laptop computer and an active AWS account with Administrator privileges. Are you curious about how to authenticate and authorize your applications on AWS? Have you thought about how to integrate AWS Identity and Access Management (IAM) with your app authentication? Have you tried to integrate third-party SAML providers with your app authentication? Look no further. This workshop walks you through step by step to configure and create Amazon Cognito user pools and identity pools. This workshop presents you with the framework to build an application using Java, .NET, and serverless. You choose the stack and build the app with local users. See the service being used not only with mobile applications, but with other stacks that normally don’t include Amazon Cognito.

User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...

User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...

User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...

Amazon Web Services

Building an SSO platform in php (Zendcon 2010)

Building an SSO platform in php (Zendcon 2010)

Building an SSO platform in php (Zendcon 2010)

Similar to Financial times use case (20)

VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)

VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)

VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at c0c0n XII)

Protecting Microservices APIs with 42Crunch API Firewall

Protecting Microservices APIs with 42Crunch API Firewall

Protecting Microservices APIs with 42Crunch API Firewall

DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools

DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools

DevOps on AWS: Deep Dive on Continuous Delivery and the AWS Developer Tools

VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...

VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...

VyAPI - A Modern Cloud Based Vulnerable Android App (Presented at BSides Delh...

Introduction to Xamarin and Visual Studio Mobile Center

Introduction to Xamarin and Visual Studio Mobile Center

Introduction to Xamarin and Visual Studio Mobile Center

ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS

ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS

ACDKOCHI19 - Enterprise grade security for web and mobile applications on AWS

OAuth for QuickBooks Online REST Services

OAuth for QuickBooks Online REST Services

OAuth for QuickBooks Online REST Services

AWS re:Invent 2016: AWS Mobile State of the Union - Serverless, New User Expe...

AWS re:Invent 2016: AWS Mobile State of the Union - Serverless, New User Expe...

AWS re:Invent 2016: AWS Mobile State of the Union - Serverless, New User Expe...

Dev ops on aws deep dive on continuous delivery - Toronto

Dev ops on aws deep dive on continuous delivery - Toronto

Dev ops on aws deep dive on continuous delivery - Toronto

DevOps On AWS - Deep Dive on Continuous Delivery

DevOps On AWS - Deep Dive on Continuous Delivery

DevOps On AWS - Deep Dive on Continuous Delivery

Single sign-on Across Mobile Applications from RSAConference

Single sign-on Across Mobile Applications from RSAConference

Single sign-on Across Mobile Applications from RSAConference

Firebase

Webscarab demo @ OWASP Belgium

Webscarab demo @ OWASP Belgium

Webscarab demo @ OWASP Belgium

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity

Federation Evolved: How Cloud, Mobile & APIs Change the Way We Broker Identity

Delivering Mobile Apps Using AWS Mobile Services

Delivering Mobile Apps Using AWS Mobile Services

Delivering Mobile Apps Using AWS Mobile Services

DevOps on AWS

Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series

Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series

Getting Started With Continuous Delivery on AWS - AWS April 2016 Webinar Series

Faster Development and Better Quality In The Era of API Definitions

Faster Development and Better Quality In The Era of API Definitions

Faster Development and Better Quality In The Era of API Definitions

User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...

User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...

User Management and App Authentication with Amazon Cognito - SID343 - re:Inve...

Building an SSO platform in php (Zendcon 2010)

Building an SSO platform in php (Zendcon 2010)

Building an SSO platform in php (Zendcon 2010)

More from Varnish Software

Ask Me Anything on authentication & authorisation in Varnish

Ask Me Anything on authentication & authorisation in Varnish

Ask Me Anything on authentication & authorisation in Varnish

Varnish Software

Boozt.com Use Case

Boozt.com Use Case

Boozt.com Use Case

Varnish Software

Akamai connector for varnish

Akamai connector for varnish

Akamai connector for varnish

Varnish Software

Varnish High Availability

Varnish High Availability

Varnish High Availability

Varnish Software

PostNord: Copy On Write

PostNord: Copy On Write

PostNord: Copy On Write

Varnish Software

Varnish extend

Varnish Software

Streaming with Varnish

Streaming with Varnish

Streaming with Varnish

Varnish Software

Edgestash

Varnish Software

What is new in varnish plus

What is new in varnish plus

What is new in varnish plus

Varnish Software

Varnish Extend demo

Varnish Extend demo

Varnish Extend demo

Varnish Software

Varnish extend introduction

Varnish extend introduction

Varnish extend introduction

Varnish Software

Cedexis introduction

Cedexis introduction

Cedexis introduction

Varnish Software

Secure content caching

Secure content caching

Secure content caching

Varnish Software

Microservices

Varnish Software

Varnishtest

Varnish Software

Lightning fast with Varnish

Lightning fast with Varnish

Lightning fast with Varnish

Varnish Software

E-commerce use case

E-commerce use case

E-commerce use case

Varnish Software

Access control

Varnish Software

Varnish TLS

Varnish Software

MSE

Varnish Software

More from Varnish Software (20)

Ask Me Anything on authentication & authorisation in Varnish

Ask Me Anything on authentication & authorisation in Varnish

Ask Me Anything on authentication & authorisation in Varnish

Boozt.com Use Case

Boozt.com Use Case

Boozt.com Use Case

Akamai connector for varnish

Akamai connector for varnish

Akamai connector for varnish

Varnish High Availability

Varnish High Availability

Varnish High Availability

PostNord: Copy On Write

PostNord: Copy On Write

PostNord: Copy On Write

Varnish extend

Streaming with Varnish

Streaming with Varnish

Streaming with Varnish

Edgestash

What is new in varnish plus

What is new in varnish plus

What is new in varnish plus

Varnish Extend demo

Varnish Extend demo

Varnish Extend demo

Varnish extend introduction

Varnish extend introduction

Varnish extend introduction

Cedexis introduction

Cedexis introduction

Cedexis introduction

Secure content caching

Secure content caching

Secure content caching

Microservices

Varnishtest

Lightning fast with Varnish

Lightning fast with Varnish

Lightning fast with Varnish

E-commerce use case

E-commerce use case

E-commerce use case

Access control

Varnish TLS

MSE

Recently uploaded

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

💥 You’re lucky! We’ve found two different (lead) developers that are willing to share their valuable lessons learned about using UiPath Document Understanding! Based on recent implementations in appealing use cases at Partou and SPIE. Don’t expect fancy videos or slide decks, but real and practical experiences that will help you with your own implementations. 📕 Topics that will be addressed: • Training the ML-model by humans: do or don't? • Rule-based versus AI extractors • Tips for finding use cases • How to start 👨‍🏫👨‍💻 Speakers: o Dion Morskieft, RPA Product Owner @Partou o Jack Klein-Schiphorst, Automation Developer @Tacstone Technology

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

UiPathCommunity

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

Intro to Passkeys and the State of Passwordless.pptx

Intro to Passkeys and the State of Passwordless.pptx

Intro to Passkeys and the State of Passwordless.pptx

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

JohnPollard-hybrid-app-RailsConf2024.pptx

JohnPollard-hybrid-app-RailsConf2024.pptx

JohnPollard-hybrid-app-RailsConf2024.pptx

Quantum Leap in Next-Generation Computing

Quantum Leap in Next-Generation Computing

Quantum Leap in Next-Generation Computing

Tracing the root cause of a performance issue requires a lot of patience, experience, and focus. It’s so hard that we sometimes attempt to guess by trying out tentative fixes, but that usually results in frustration, messy code, and a considerable waste of time and money. This talk explains how to correctly zoom in on a performance bottleneck using three levels of profiling: distributed tracing, metrics, and method profiling. After we learn to read the JVM profiler output as a flame graph, we explore a series of bottlenecks typical for backend systems, like connection/thread pool starvation, invisible aspects, blocking code, hot CPU methods, lock contention, and Virtual Thread pinning, and we learn to trace them even if they occur in library code you are not familiar with. Attend this talk and prepare for the performance issues that will eventually hit any successful system. About authorWith two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Rustici Software

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

Stronger Together: Developing an Organizational Strategy for Accessible Desig...

Stronger Together: Developing an Organizational Strategy for Accessible Desig...

Stronger Together: Developing an Organizational Strategy for Accessible Desig...

caitlingebhard1

Simplifying Mobile A11y Presentation.pptx

Simplifying Mobile A11y Presentation.pptx

Simplifying Mobile A11y Presentation.pptx

الأمن السيبراني - ما لا يسع للمستخدم جهله

الأمن السيبراني - ما لا يسع للمستخدم جهله

الأمن السيبراني - ما لا يسع للمستخدم جهله

Mohamed Sweelam

Discover the top CodeIgniter development companies that can elevate your project to new heights. Our blog explores the best firms known for their expertise in CodeIgniter framework development. From robust web applications to scalable solutions, these companies deliver excellence. Whether you're a startup or an enterprise, find the perfect match for your development needs on Top CSS Gallery's blog.

Top 10 CodeIgniter Development Companies

Top 10 CodeIgniter Development Companies

Top 10 CodeIgniter Development Companies

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

In today's digital world, trust is key to customer relationships, but keeping it is a huge challenge. Customers are well-informed and empowered, quick to change brands if their trust is broken, even if it costs them more. This puts a lot of pressure on organizations to handle trust and safety issues with great care and transparency. The challenge, however, is real. Fragmented solutions have left privacy, legal, and security teams in a perpetual cycle of catch-up, struggling to update privacy notices, manage customer data rights, and answer lengthy security questionnaires—all while trying to prove ROI to the business. It's a thankless job, filled with repetition, tedious tasks, and constant interdepartmental coordination. Combine this with fast regulatory changes and the quick evolution of AI, and it becomes overwhelming. Join this webinar to learn more about TrustArc's new innovative solution Trust Center, the only unified, no-code online hub for trust and safety information built for privacy, security, compliance, and legal teams. Trust Center streamlines your path to compliance, shortens the pre-sales cycle, and reduces both legal and regulatory risks, saving time, effort, and cost. This webinar will review: - Why companies are building unified Trust Centers for a robust privacy program. - How unified Trust Centers streamline sales cycles, ensure regulatory compliance, and reduce operational bottlenecks. - How compliance, legal, security, GRC, and privacy teams benefit from a unified Trust Center in terms of needs, pains, and outcomes. - How TrustArc Trust Center saves time and work while reducing legal, reputational, and compliance risk by effectively managing policies, notices, terms, and disclosures, and providing real-time updates on subprocessors.

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

Key topics covered: - Real-world examples of Choreo's comprehensive coverage from application design and deployment, security, scaling, and monitoring - Running different types of workloads, such as web applications, APIs, microservices, integrations, and tasks at scale, and wire them together to deliver seamless omnichannel digital experiences - How Choreo improves the developer experience by eliminating repetition, silos, and redundancy through enhanced discoverability and self-serviceability

Choreo: Empowering the Future of Enterprise Software Engineering

Choreo: Empowering the Future of Enterprise Software Engineering

Choreo: Empowering the Future of Enterprise Software Engineering

The microservices honeymoon is over. When starting a new project or revamping a legacy monolith, teams started looking for alternatives to microservices. The Modular Monolith, or 'Modulith', is an architecture that reaps the benefits of (vertical) functional decoupling without the high costs associated with separate deployments. This talk will delve into the advantages and challenges of this progressive architecture, beginning with exploring the concept of a 'module', its internal structure, public API, and inter-module communication patterns. Supported by spring-modulith, the talk provides practical guidance on addressing the main challenges of a Modultith Architecture: finding and guarding module boundaries, data decoupling, and integration module-testing. You should not miss this talk if you are a software architect or tech lead seeking practical, scalable solutions. About the author With two decades of experience, Victor is a Java Champion working as a trainer for top companies in Europe. Five thousands developers in 120 companies attended his workshops, so he gets to debate every week the challenges that various projects struggle with. In return, Victor summarizes key points from these workshops in conference talks and online meetups for the European Software Crafters, the world’s largest developer community around architecture, refactoring, and testing. Discover how Victor can help you on victorrentea.ro : company training catalog, consultancy and YouTube playlists.

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Design and Development of a Provenance Capture Platform for Data Science

Design and Development of a Provenance Capture Platform for Data Science

Design and Development of a Provenance Capture Platform for Data Science

Recently uploaded (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

DBX First Quarter 2024 Investor Presentation

Intro to Passkeys and the State of Passwordless.pptx

Intro to Passkeys and the State of Passwordless.pptx

Intro to Passkeys and the State of Passwordless.pptx

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

Tales from a Passkey Provider Progress from Awareness to Implementation.pptx

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

CNIC Information System with Pakdata Cf In Pakistan

JohnPollard-hybrid-app-RailsConf2024.pptx

JohnPollard-hybrid-app-RailsConf2024.pptx

JohnPollard-hybrid-app-RailsConf2024.pptx

Quantum Leap in Next-Generation Computing

Quantum Leap in Next-Generation Computing

Quantum Leap in Next-Generation Computing

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Finding Java's Hidden Performance Traps @ DevoxxUK 2024

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

Corporate and higher education May webinar.pptx

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

MINDCTI Revenue Release Quarter One 2024

Stronger Together: Developing an Organizational Strategy for Accessible Desig...

Stronger Together: Developing an Organizational Strategy for Accessible Desig...

Stronger Together: Developing an Organizational Strategy for Accessible Desig...

Simplifying Mobile A11y Presentation.pptx

Simplifying Mobile A11y Presentation.pptx

Simplifying Mobile A11y Presentation.pptx

الأمن السيبراني - ما لا يسع للمستخدم جهله

الأمن السيبراني - ما لا يسع للمستخدم جهله

الأمن السيبراني - ما لا يسع للمستخدم جهله

Top 10 CodeIgniter Development Companies

Top 10 CodeIgniter Development Companies

Top 10 CodeIgniter Development Companies

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

WSO2 Micro Integrator for Enterprise Integration in a Decentralized, Microser...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...

Choreo: Empowering the Future of Enterprise Software Engineering

Choreo: Empowering the Future of Enterprise Software Engineering

Choreo: Empowering the Future of Enterprise Software Engineering

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024

Design and Development of a Provenance Capture Platform for Data Science

Design and Development of a Provenance Capture Platform for Data Science

Design and Development of a Provenance Capture Platform for Data Science

Financial times use case

1. How we strengthened authentication using Varnish Luke Blaney Financial Times

2. May 2013: We got hacked

3. Step 1: Multi-factor Authentication

4. Step 2: Single Sign On Utilise existing services   (Google Accounts & Active Directory for us) Easy to use API Catchy name Staff Single Sign On s3 o

5. Step 3: Roll it out EVERYWHERE We used a three-pronged approach: 1. API which can be used for bespoke use-cases 2. Software libraries for common programming languages 3. Varnish integration as a catch-all for any web service

6. Varnish Why use Varnish? Application Baddies Authentication Backdoor Vulnerability Application Authentication Backdoor Vulnerability Baddies

7. How? Cron script checks the s3o public key every 5 mins When it changes it gets substituted into VCL and varnish reloaded Lots of inline C to verify auth token really came from s3o All wrapped up in a puppet module so it’s easy to deploy & reuse