The document provides information about IBM's Vulnerability Advisor tool for analyzing container images and instances for security vulnerabilities and policy violations. It discusses how the tool provides deep visibility into images and instances by collecting various data types and using annotators to analyze the data and provide operational insights. It also describes how the tool can help users identify vulnerable or non-compliant images, detect systems with weak passwords or password access configurations, and provide a vulnerability report with details on discovered issues and policy violations.
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated.
This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks.
See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at LASCON 2018, in Austin, TX.
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
DevOps and CI/CD make for faster code releases, but they also create new challenges for security practices. Think about TLS and code-signing certificates. Almost every component in CI/CD – binaries, builds, web servers and containers – needs certificates to authenticate and verify trust, but traditional PKI processes just can't scale in DevOps environments.
Join Keyfactor and Infinite Ranges to learn how PKI and certificate management fits within the CI/CD pipeline and why an integrated and automated approach is key to success. In this webinar, we'll discuss:
How applications in the DevOps toolchain use PKI (i.e. Jenkins, Kubernetes, Istio, etc.)
The risks of unmanaged or untracked certificates in DevOps environments
Best practices to support visibility, compliance and automation of certificates in CI/CD
In this updated slideshare, Principal Security Engineer, Eric Johnson shows engineers, developers and application security professionals how to start conversations on implementing security into the DevOps workflow.
You’ll learn about:
1) Cloud and DevSecOps Practices
2) Pre-Commit: The Paved Road
3) Commit: CI / CD Security Controls
4) Acceptance: Supply Chain Security
5) Operations: Continuous Security Compliance
For questions, please contact our team at sales [at] pumascan [dot] com.
Thanks for taking time to further your understanding of DevSecOps!
The Future of Security and Productivity in Our Newly Remote WorldDevOps.com
Andy has made mistakes. He's seen even more. And in this talk he details the best and the worst of the container and Kubernetes security problems he's experienced, exploited, and remediated.
This talk details low level exploitable issues with container and Kubernetes deployments. We focus on lessons learned, and show attendees how to ensure that they do not fall victim to avoidable attacks.
See how to bypass security controls and exploit insecure defaults in this technical appraisal of the container and cluster security landscape.
The DevSecOps Builder’s Guide to the CI/CD PipelineJames Wickett
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at LASCON 2018, in Austin, TX.
PKI in DevOps: How to Deploy Certificate Automation within CI/CDDevOps.com
DevOps and CI/CD make for faster code releases, but they also create new challenges for security practices. Think about TLS and code-signing certificates. Almost every component in CI/CD – binaries, builds, web servers and containers – needs certificates to authenticate and verify trust, but traditional PKI processes just can't scale in DevOps environments.
Join Keyfactor and Infinite Ranges to learn how PKI and certificate management fits within the CI/CD pipeline and why an integrated and automated approach is key to success. In this webinar, we'll discuss:
How applications in the DevOps toolchain use PKI (i.e. Jenkins, Kubernetes, Istio, etc.)
The risks of unmanaged or untracked certificates in DevOps environments
Best practices to support visibility, compliance and automation of certificates in CI/CD
In this updated slideshare, Principal Security Engineer, Eric Johnson shows engineers, developers and application security professionals how to start conversations on implementing security into the DevOps workflow.
You’ll learn about:
1) Cloud and DevSecOps Practices
2) Pre-Commit: The Paved Road
3) Commit: CI / CD Security Controls
4) Acceptance: Supply Chain Security
5) Operations: Continuous Security Compliance
For questions, please contact our team at sales [at] pumascan [dot] com.
Thanks for taking time to further your understanding of DevSecOps!
Better Security Testing: Using the Cloud and Continuous DeliveryGene Gotimer
Even though many organizations claim that security is a priority, that claim doesn’t always translate into supporting security initiatives in software development or test. Security code reviews often are overlooked or avoided, and when development schedules fall behind, security testing may be dropped to help the team “catch up.” Everyone wants more secure development; they just don’t want to spend time or money to get it. Gene Gotimer describes his experiences with implementing a continuous delivery process in the cloud and how he integrated security testing into that process. Gene discusses how to take advantage of the automated provisioning and automated deploys already being implemented to give more opportunities along the way for security testing without schedule disruption. Learn how you can incrementally mature a practice to build security into the process—without a large-scale, time-consuming, or costly effort.
Create Disposable Test Environments with Vagrant and PuppetGene Gotimer
As the pace of development increases, testing has more to do and less time in which to do it. Software testing must evolve to meet delivery goals while continuing to meet quality objectives. Gene Gotimer explores how tools like Vagrant and Puppet work together to provide on-demand, disposable test environments that are delivered quickly, in a known state, with pre-populated test data and automated test fixture provisioning. With a single command, Vagrant provisions one or more virtual machines on a local box, in a private or public cloud. Puppet then takes over to install and configure software, setup test data, and get the system or systems ready for testing. Since the process is automated, anyone on the team can use the same Vagrant and Puppet scripts to get his own virtual environment for testing. When you are finished with it, Vagrant tears it back down and restores it to the same original state.
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
Many free security testing tools are available, but finding ones that meet your needs and work in your environment can involve substantial time and effort. Especially when you are just starting out with security testing, finding reputable tools that do what you need is not easy. And installing them correctly just to evaluate them can be prohibitively time consuming. Kali Linux is a free Linux distribution with hundreds of security testing and auditing tools installed. Gene Gotimer gives an overview of Kali Linux, ways to effectively use it, and a survey of the tools available. Although Kali Linux is primarily intended for professional penetration testers, it provides great convenience and value to developers and software testers who may be getting started in security testing. Gene demonstrates some of the simplest tools to help jumpstart your web application security testing practices.
This presents the Grid Manager and Network Instrumentation service on top of KITE, which allow to test any communication system with total programmatically control over the network. Test the behaviour of your (or your competitor's) communication system or more specifically the bandwidth estimation, congestion control, adaptation, .......
Connect Ops and Security with Flexible Web App and API ProtectionDevOps.com
Organizations continue to adopt container orchestration to drive efficiencies in their CI/CD pipelines. Given the current business climate with more employees working from home and consumers transacting more online, how can development and operations teams release at increasing velocity with protection baked in?
Connecting operations and security teams have not always been a smooth process: developers and operations staff are charged with site reliability, availability, and uptime while security staff is held responsible for securing an organization’s always-moving perimeter and valuable web layer assets. But the lines have started to blur between DevOps teams and security: you can’t guarantee uptime without baking effective application security tooling into your processes and infrastructure configurations.
A true next-generation, holistic web application and API protection platform does just that: operations teams can integrate security into their workflows and ensure new infrastructure and app code released to production is both effective and secure. Join application security experts Aneel Dadani and Orlando Barerra II from Signal Sciences to learn how your team can deploy at scale safely while gaining layer 7 visibility in production environments. Attendees will learn:
How to inspect web traffic in containers, at the API gateway, or the ingress
How DevOps teams can scale their application footprint to meet demand while securing your codebase in production
How development teams can gain visibility into how their apps and APIs are being used in production and what vulnerabilities may exist that they overlooked
Demo these application security concepts with Ansible, a simple yet powerful IT automation engine that companies use to accelerate DevOps initiatives, including baking application security into their infrastructure.
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperGene Gotimer
The continuous delivery pipeline is the process of taking new or changed features from developers, and getting features deployed into production and delivered quickly to the customer. Gene Gotimer says testing within continuous delivery pipelines should be designed so the earliest tests are the quickest and easiest to run, giving developers the fastest feedback. Successive rounds of testing lead to increased confidence that the code is a viable candidate for production and that more expensive tests—time, effort, cost—are justified. Manual testing is performed toward the end of the pipeline, leaving computers to do as much work as possible before people get involved. Although it is tempting to arrange the delivery pipeline in phases (e.g., functional tests, then acceptance tests, then load and performance tests, then security tests), this can lead to serious problems progressing far down the pipeline before they are caught. Gene shows how to arrange your tests so each round provides just enough testing to give you confidence that the next set of tests is worth the investment. He explores how to get the right types of testing into your pipeline at the right points.
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...Sauce Labs
Test automation is all about running the most tests in the least amount of time. This is great for mature apps, but in the early stages of developing your web or mobile app, developers need to run a number of tests to ensure the app runs at all. Further complicating the issue is that often, your app is architect-ed differently for web and mobile which makes writing automated tests tricky.
Test Automation Specialist Max Saperstone from Coveros will cover some simple testing examples and demonstrate how to expand these for testing over multiple web architectures. He will briefly cover the difference in the design of these sites with a focus on how tests can be designed to overcome their limitations, minimizing duplicate code, and following best practices.
Python Web Conference 2022 - Why should devs care about container security.pdfEric Smalling
https://2022.pythonwebconf.com/presentations/why-should-developers-care-about-container-security
Container scanning tools, industry publications, and application security experts are constantly telling us about best practices for how to build our images and run our containers. Often these non-functional requirements seem abstract and are not described well enough for those of us that don't have an appsec background to fully understand why they are important.
In this session, we will:
go over several of the most common practices to best containerize Python applications
show examples of how your application can be exploited in a container
and most importantly, how to easily spot issues and fix your Dockerfiles and deployment manifests before you commit your code
System Event Monitoring for Active AuthenticationCoveros, Inc.
The authors use system event monitoring to distinguish between the behavioral characteristics of normal and anomalous computer system users. Identifying anomalous behavior at the system event level diminishes privacy concerns and supports the identification of cross-application behavioral patterns.
Containers have been crucial in helping organizations orchestrate their infrastructure requirements. The scalability and reproducibility aspects of containerized environments have enabled applications and web components to be deployed seamlessly in the cloud. While containers have multiple benefits, they also come with distinct security issues, resulting in attackers gaining access to the container, the host, and eventually the data. The first step towards implementing Container Runtime Security is to understand the current threat scenarios and adversary trends affecting the cloud containers. To aptly evaluate the container threat landscape in any environment, an attack matrix should be formulated to ensure that relevant techniques and tactic are identified for every attack stage.
The ATT&CK framework from MITRE has been a go-to framework to formulate a threat matrix, identify an adversary’s tactics and methods/techniques used to attain their end game of privilege escalation or data exfiltration. This presentation is targeted towards:
Today’s container runtime security landscape
Apply ATT&CK methodology on the container runtime environment
Provide a practical approach towards attack surface, scenarios, and attack trends
Validations and Security Best Practices
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavAbhay Bhargav
s its biggest bottleneck and security is becoming the most pervasive bottleneck in most DevOps practices. Teams are unable to come up with security practices that integrate into the DevOps lifecycle and ensure continuous and smooth delivery of applications to customers. In fact, security failures in DevOps amplify security flaws in production as they are delivered at scale. If DevOps should not be at odds with security, then we must find ways to achieve the following on priority:
- Integrate effective threat modeling into Agile development practices
- Introduce Security Automation into Continuous Integration
- Integrate Security Automation into Continuous Deployment
While there are other elements like SAST and Monitoring that are important to SecDevOps, my talk will essentially focus on these three elements with a higher level of focus on Security Automation. In my talk, I will explore the following, with reference to the topic:
- The talk will be replete with anecdotes from personal consulting and penetration testing experiences.
- I will briefly discuss Threat Modeling and its impact on DevOps. I will use examples to demonstrate practical ways that one can use threat modeling effectively to break down obstacles and create security automation that reduces the security bottleneck in the later stages of the DevOps cycle.
- I firmly believe that Automated Web Vulnerability Assessment (using scanners) no matter how tuned, can only produce 30-40% of the actual results as opposed to a manual application penetration test. I find that scanning tools fail to identify most vulnerabilities with modern Web Services (REST. I will discuss examples and demonstrate how one can leverage automated vulnerability scanners (like ZAP, through its Python API) and simulate manual testing using a custom security automation suite. In Application Penetration Testing, its impossible to have a one size-fits all, but there’s no reason why we can’t deliver custom security automation to simulate most of the manual penetration testing to combine them into a custom security automation suite that integrates with CI tools like Jenkins and Travis. I intend to demonstrate the use a custom security test suite (written in Python that integrates with Jenkins), against an intentionally vulnerable e-commerce app.
- My talk will also detail automation to identify vulnerabilities in software libraries and components, integrated with CI tools.
- Finally, I will (with the use of examples and demos) explain how one can use “Infrastructure as Code” practice to perform pre and post deployment security checks, using tools like Chef, Puppet and Ansible.
Null singapore - Mobile Security EssentialsSven Schleier
Even though modern mobile operating systems like iOS and Android offer great APIs for secure data storage and communication, those APIs have to be used correctly in order to be effective. Data storage, inter-app communication, proper usage of cryptographic APIs and secure network communication are only some of the aspects that require careful consideration.
The OWASP Mobile Application Verification Standard (MASVS) is an attempt to standardize mobile app security requirements using different verification levels. Complementary to the MASVS, we have developed the OWASP Mobile Security Testing Guide (MSTG) that provides detailed test cases for each requirement.
In this talk we will introduce both, the MASVS and MSTG which were both released this year and discuss the many challenges we faced during development, from dealing with the diversity and fragmentation of the Android ecosystem to clarifying the role of software protections in mobile security. Some mobile reverse engineering techniques described in the MSTG will be demonstrated including using objection to perform penetration testing on a non-jailbroken iOS device and using Frida to bypass client-side controls.
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...Agile Testing Alliance
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Quality Engineering in Remote IoT System" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
Better Security Testing: Using the Cloud and Continuous DeliveryGene Gotimer
Even though many organizations claim that security is a priority, that claim doesn’t always translate into supporting security initiatives in software development or test. Security code reviews often are overlooked or avoided, and when development schedules fall behind, security testing may be dropped to help the team “catch up.” Everyone wants more secure development; they just don’t want to spend time or money to get it. Gene Gotimer describes his experiences with implementing a continuous delivery process in the cloud and how he integrated security testing into that process. Gene discusses how to take advantage of the automated provisioning and automated deploys already being implemented to give more opportunities along the way for security testing without schedule disruption. Learn how you can incrementally mature a practice to build security into the process—without a large-scale, time-consuming, or costly effort.
Create Disposable Test Environments with Vagrant and PuppetGene Gotimer
As the pace of development increases, testing has more to do and less time in which to do it. Software testing must evolve to meet delivery goals while continuing to meet quality objectives. Gene Gotimer explores how tools like Vagrant and Puppet work together to provide on-demand, disposable test environments that are delivered quickly, in a known state, with pre-populated test data and automated test fixture provisioning. With a single command, Vagrant provisions one or more virtual machines on a local box, in a private or public cloud. Puppet then takes over to install and configure software, setup test data, and get the system or systems ready for testing. Since the process is automated, anyone on the team can use the same Vagrant and Puppet scripts to get his own virtual environment for testing. When you are finished with it, Vagrant tears it back down and restores it to the same original state.
Web Application Security Testing: Kali Linux Is the Way to GoGene Gotimer
Many free security testing tools are available, but finding ones that meet your needs and work in your environment can involve substantial time and effort. Especially when you are just starting out with security testing, finding reputable tools that do what you need is not easy. And installing them correctly just to evaluate them can be prohibitively time consuming. Kali Linux is a free Linux distribution with hundreds of security testing and auditing tools installed. Gene Gotimer gives an overview of Kali Linux, ways to effectively use it, and a survey of the tools available. Although Kali Linux is primarily intended for professional penetration testers, it provides great convenience and value to developers and software testers who may be getting started in security testing. Gene demonstrates some of the simplest tools to help jumpstart your web application security testing practices.
This presents the Grid Manager and Network Instrumentation service on top of KITE, which allow to test any communication system with total programmatically control over the network. Test the behaviour of your (or your competitor's) communication system or more specifically the bandwidth estimation, congestion control, adaptation, .......
Connect Ops and Security with Flexible Web App and API ProtectionDevOps.com
Organizations continue to adopt container orchestration to drive efficiencies in their CI/CD pipelines. Given the current business climate with more employees working from home and consumers transacting more online, how can development and operations teams release at increasing velocity with protection baked in?
Connecting operations and security teams have not always been a smooth process: developers and operations staff are charged with site reliability, availability, and uptime while security staff is held responsible for securing an organization’s always-moving perimeter and valuable web layer assets. But the lines have started to blur between DevOps teams and security: you can’t guarantee uptime without baking effective application security tooling into your processes and infrastructure configurations.
A true next-generation, holistic web application and API protection platform does just that: operations teams can integrate security into their workflows and ensure new infrastructure and app code released to production is both effective and secure. Join application security experts Aneel Dadani and Orlando Barerra II from Signal Sciences to learn how your team can deploy at scale safely while gaining layer 7 visibility in production environments. Attendees will learn:
How to inspect web traffic in containers, at the API gateway, or the ingress
How DevOps teams can scale their application footprint to meet demand while securing your codebase in production
How development teams can gain visibility into how their apps and APIs are being used in production and what vulnerabilities may exist that they overlooked
Demo these application security concepts with Ansible, a simple yet powerful IT automation engine that companies use to accelerate DevOps initiatives, including baking application security into their infrastructure.
Testing in a Continuous Delivery Pipeline - Better, Faster, CheaperGene Gotimer
The continuous delivery pipeline is the process of taking new or changed features from developers, and getting features deployed into production and delivered quickly to the customer. Gene Gotimer says testing within continuous delivery pipelines should be designed so the earliest tests are the quickest and easiest to run, giving developers the fastest feedback. Successive rounds of testing lead to increased confidence that the code is a viable candidate for production and that more expensive tests—time, effort, cost—are justified. Manual testing is performed toward the end of the pipeline, leaving computers to do as much work as possible before people get involved. Although it is tempting to arrange the delivery pipeline in phases (e.g., functional tests, then acceptance tests, then load and performance tests, then security tests), this can lead to serious problems progressing far down the pipeline before they are caught. Gene shows how to arrange your tests so each round provides just enough testing to give you confidence that the next set of tests is worth the investment. He explores how to get the right types of testing into your pipeline at the right points.
Compatibility Testing of Your Web Apps - Tips and Tricks for Debugging Locall...Sauce Labs
Test automation is all about running the most tests in the least amount of time. This is great for mature apps, but in the early stages of developing your web or mobile app, developers need to run a number of tests to ensure the app runs at all. Further complicating the issue is that often, your app is architect-ed differently for web and mobile which makes writing automated tests tricky.
Test Automation Specialist Max Saperstone from Coveros will cover some simple testing examples and demonstrate how to expand these for testing over multiple web architectures. He will briefly cover the difference in the design of these sites with a focus on how tests can be designed to overcome their limitations, minimizing duplicate code, and following best practices.
Python Web Conference 2022 - Why should devs care about container security.pdfEric Smalling
https://2022.pythonwebconf.com/presentations/why-should-developers-care-about-container-security
Container scanning tools, industry publications, and application security experts are constantly telling us about best practices for how to build our images and run our containers. Often these non-functional requirements seem abstract and are not described well enough for those of us that don't have an appsec background to fully understand why they are important.
In this session, we will:
go over several of the most common practices to best containerize Python applications
show examples of how your application can be exploited in a container
and most importantly, how to easily spot issues and fix your Dockerfiles and deployment manifests before you commit your code
System Event Monitoring for Active AuthenticationCoveros, Inc.
The authors use system event monitoring to distinguish between the behavioral characteristics of normal and anomalous computer system users. Identifying anomalous behavior at the system event level diminishes privacy concerns and supports the identification of cross-application behavioral patterns.
Containers have been crucial in helping organizations orchestrate their infrastructure requirements. The scalability and reproducibility aspects of containerized environments have enabled applications and web components to be deployed seamlessly in the cloud. While containers have multiple benefits, they also come with distinct security issues, resulting in attackers gaining access to the container, the host, and eventually the data. The first step towards implementing Container Runtime Security is to understand the current threat scenarios and adversary trends affecting the cloud containers. To aptly evaluate the container threat landscape in any environment, an attack matrix should be formulated to ensure that relevant techniques and tactic are identified for every attack stage.
The ATT&CK framework from MITRE has been a go-to framework to formulate a threat matrix, identify an adversary’s tactics and methods/techniques used to attain their end game of privilege escalation or data exfiltration. This presentation is targeted towards:
Today’s container runtime security landscape
Apply ATT&CK methodology on the container runtime environment
Provide a practical approach towards attack surface, scenarios, and attack trends
Validations and Security Best Practices
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavAbhay Bhargav
s its biggest bottleneck and security is becoming the most pervasive bottleneck in most DevOps practices. Teams are unable to come up with security practices that integrate into the DevOps lifecycle and ensure continuous and smooth delivery of applications to customers. In fact, security failures in DevOps amplify security flaws in production as they are delivered at scale. If DevOps should not be at odds with security, then we must find ways to achieve the following on priority:
- Integrate effective threat modeling into Agile development practices
- Introduce Security Automation into Continuous Integration
- Integrate Security Automation into Continuous Deployment
While there are other elements like SAST and Monitoring that are important to SecDevOps, my talk will essentially focus on these three elements with a higher level of focus on Security Automation. In my talk, I will explore the following, with reference to the topic:
- The talk will be replete with anecdotes from personal consulting and penetration testing experiences.
- I will briefly discuss Threat Modeling and its impact on DevOps. I will use examples to demonstrate practical ways that one can use threat modeling effectively to break down obstacles and create security automation that reduces the security bottleneck in the later stages of the DevOps cycle.
- I firmly believe that Automated Web Vulnerability Assessment (using scanners) no matter how tuned, can only produce 30-40% of the actual results as opposed to a manual application penetration test. I find that scanning tools fail to identify most vulnerabilities with modern Web Services (REST. I will discuss examples and demonstrate how one can leverage automated vulnerability scanners (like ZAP, through its Python API) and simulate manual testing using a custom security automation suite. In Application Penetration Testing, its impossible to have a one size-fits all, but there’s no reason why we can’t deliver custom security automation to simulate most of the manual penetration testing to combine them into a custom security automation suite that integrates with CI tools like Jenkins and Travis. I intend to demonstrate the use a custom security test suite (written in Python that integrates with Jenkins), against an intentionally vulnerable e-commerce app.
- My talk will also detail automation to identify vulnerabilities in software libraries and components, integrated with CI tools.
- Finally, I will (with the use of examples and demos) explain how one can use “Infrastructure as Code” practice to perform pre and post deployment security checks, using tools like Chef, Puppet and Ansible.
Null singapore - Mobile Security EssentialsSven Schleier
Even though modern mobile operating systems like iOS and Android offer great APIs for secure data storage and communication, those APIs have to be used correctly in order to be effective. Data storage, inter-app communication, proper usage of cryptographic APIs and secure network communication are only some of the aspects that require careful consideration.
The OWASP Mobile Application Verification Standard (MASVS) is an attempt to standardize mobile app security requirements using different verification levels. Complementary to the MASVS, we have developed the OWASP Mobile Security Testing Guide (MSTG) that provides detailed test cases for each requirement.
In this talk we will introduce both, the MASVS and MSTG which were both released this year and discuss the many challenges we faced during development, from dealing with the diversity and fragmentation of the Android ecosystem to clarifying the role of software protections in mobile security. Some mobile reverse engineering techniques described in the MSTG will be demonstrated including using objection to perform penetration testing on a non-jailbroken iOS device and using Frida to bypass client-side controls.
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...Agile Testing Alliance
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Quality Engineering in Remote IoT System" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
WebSphere Technical University: Introduction to the Java Diagnostic ToolsChris Bailey
IBM provides a number of free tools to assist in monitoring and diagnosing issues when running
any Java application - from Hello World to IBM or third-party, middleware-based applications. This
session introduces attendees to those tools, highlights how they have been extended with IBM
middleware product knowledge, how they have been integrated into IBM’s development tools,
and how to use them to investigate and resolve real-world problem scenarios
Presented at the WebSphere Technical University 2014, Dusseldorf
Optimizing Spark Deployments for Containers: Isolation, Safety, and Performan...Spark Summit
Developers love Linux containers, which neatly package up an application and its dependencies and are easy to create and share. However, this unbeatable developer experience hides some deployment challenges for real applications: how do you wire together pieces of a multi-container application? Where do you store your persistent data if your containers are ephemeral? Do containers really contain and isolate your application, or are they merely hiding potential security vulnerabilities? Are your containers scheduled across your compute resources efficiently, or are they trampling on one another?
Container application platforms like Kubernetes provide the answers to some of these questions. We’ll draw on expertise in Linux security, distributed scheduling, and the Java Virtual Machine to dig deep on the performance and security implications of running in containers. This talk will provide a deep dive into tuning and orchestrating containerized Spark applications. You’ll leave this talk with an understanding of the relevant issues, best practices for containerizing data-processing workloads, and tips for taking advantage of the latest features and fixes in Linux Containers, the JDK, and Kubernetes. You’ll leave inspired and enabled to deploy high-performance Spark applications without giving up the security you need or the developer-friendly workflow you want.
Open source security tools for Kubernetes.Michael Ducy
Cloud Native platforms such as Kubernetes help developers to easily get started deploying and running their applications at scale. But as this access to compute starts to become ubiquitous, how you secure and maintain compliance standards in these environments becomes extremely important.
In this talk, we'll cover the basics of securing Cloud Native platforms such as Kubernetes. We will also cover open source tools - such as Clair, Anchore, and Sysdig Falco - that can be used to maintain a secure computing environment. Attendees will walk away with a good understanding of the challenges of securing a Cloud Native platform and practical advice on using open source tools as part of their security strategy.
Impact2014: Introduction to the IBM Java ToolsChris Bailey
IBM provides a number of free tools to assist in monitoring and diagnosing issues when running any Java application - from Hello World to IBM or third-party, middleware-based applications. This session introduces attendees to those tools, highlights how they have been extended with IBM middleware product knowledge, how they have been integrated into IBMs development tools, and how to use them to investigate and resolve real-world problem scenarios.
IBM Bluemix OpenWhisk: Serverless Conference 2016, London, UK: The Future of ...OpenWhisk
Learn more about the IBM Bluemix OpenWhisk, a serverless event-driven compute platform, which quickly executes application logic in response to events or direct invocations from web/mobile apps or other endpoints.
Session 3962: Docking DevOps was originally presented at IBM InterConnect 2015 Feb. 22 - 26, 2016.
The presentation explores the values of Docker and containers and provides insight into areas that IBM has embraced the use of Docker within it's cloud strategy.
WebSphere Technical University: Top WebSphere Problem Determination FeaturesChris Bailey
Problem determination is an important focus area in the IBM WebSphere Application Server. Serviceability improvements have been added that have greatly improved the ability to find root causes of problems in both the full IBM WebSphere Application Server profile, and the newer Liberty profile. The session focuses on how to effectively use serviceability improvements added to the application server since V8.0. This includes high performance extensibe logging, cross-component trace, IBM Support Assistant data collector, timed operations, memory leak detection/prevention, and IBM Support Assistant 5.
Presented at the WebSphere Technical University 2014, Dusseldorf
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Key Trends Shaping the Future of Infrastructure.pdf
20160221 va interconnect_pub
1. Vulnerability Advisor
for Your Images (& Instances)
Canturk Isci
IBM Research, NY
@canturkisci
SAD-7286
Sun Feb 21, 11:00 AM
Wed Feb 24, 4:00 PM
2. Please Note:
2
• IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole
discretion.
• Information regarding potential future products is intended to outline our general product direction and it should not be relied on in
making a purchasing decision.
• The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any
material, code or functionality. Information about potential future products may not be incorporated into any contract.
• The development, release, and timing of any future features or functionality described for our products remains at our sole
discretion.
• Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual
throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the
amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed.
Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
3. - Provide unmatched deep, seamless visibility for our users
- Drive operational insights to solve real-world pain points (Security & Compliance)
- Provide unmatched deep, seamless visibility for our users
- Drive operational insights to solve real-world pain points (Security & Compliance)
Built-in Monitoring & Analytics Designed for Cloud
4. Seamless: Built-in Monitoring & Logging for Containers
”Users do not have to do anything to get this visibility. It is already there by default”
Container Cloud
Docker Hosts
App
Cont
.App
Cont
.App
Cont
.App
Cont
.
Docker Hosts
App
Cont
.App
Cont
.App
Cont
.App
Cont
.
Docker Hosts
App
Cont
.App
Cont
.App
Cont
.App
Cont
.
Metrics & Logs
Bus
Multitenant
Index
Logmet
Svc
Provisioning
Tenancy Info
State
Events
Built-in in every compute node, all geos
Enabled by default for all users in all prod
O(10K) metrics/s & logs/s
Current State
6. Key Advantages
Key Advantages
Container Cloud
App
Cont
.App
Cont
.App
Cont
.App
Cont
.
Why Built-in Monitoring
magicmagic
Monitoring built into the platform
not in end-user systems
No complexity to end user
(They do nothing, all they see is the service)
No agents/credentials/access
(nothing built into userworld)
Works out of the box
Makes data consumable
(lower barrier to data collection and analytics)
Better Security for end user
(No attack surface, in userworld)
Better Availability of monitoring
(From birth to death, inspect even defunct guest)
Guest Agnostic
(Build for platform, not each user distro)
Decoupled from user context
(No overhead/side-effect concerns)
Monitoring done right for the
processes of the Cloud OS
7. Deep Visibility: What We Actually Collect (and Annotate)
- OS Info
- Processes
- Disk Info
- Metrics
- Network Info
- Packages
- Files
- Config Info
From Container/VM
- Docker metadata
(docker inspect)
- CPU metrics
(/cgroup/cpuacct/)
- Memory metrics
(/cgroup/memory)
- Docker history
Docker Runtime
Config
Annotator
Vulnerability
Annotator
Compliance
Annotator
Password
Annotator
SW
Annotator
Licence
Annotator
- Audit Subsystem
- Syscall Tracing
- System Integrity
Platform
8. Deep Visibility Operational Insights/Analytics Solve Real Problems
- OS Info
- Processes
- Disk Info
- Metrics
- Network Info
- Packages
- Files
- Config Info
From Container/VM
- Docker metadata
(docker inspect)
- CPU metrics
(/cgroup/cpuacct/)
- Memory metrics
(/cgroup/memory)
- Docker history
Docker Runtime
Config
Annotator
Vulnerability
Annotator
Compliance
Annotator
Password
Annotator
SW
Annotator
Licence
Annotator
- Audit Subsystem
- Syscall Tracing
- System Integrity
Platform
Index (Data)
Vuln. &
Compl.
Analysis
Secure
Config
Analysis
Forensic
Security &
Compl.
Pipeline
Service
Remediation
Service
9. Deep Visibility Operational Insights/Analytics Solve Real Problems
- OS Info
- Processes
- Disk Info
- Metrics
- Network Info
- Packages
- Files
- Config Info
From Container/VM
- Docker metadata
(docker inspect)
- CPU metrics
(/cgroup/cpuacct/)
- Memory metrics
(/cgroup/memory)
- Docker history
Docker Runtime
Config
Annotator
Vulnerability
Annotator
Compliance
Annotator
Password
Annotator
SW
Annotator
Licence
Annotator
- Audit Subsystem
- Syscall Tracing
- System Integrity
Platform
Index (Data)
Vuln. &
Compl.
Analysis
Secure
Config
Analysis
Forensic
Security &
Compl.
Pipeline
Service
Remediation
Service
This Session:
Vulnerability
Advisor
Also Now:
Remediation
Service
10. Vulnerability Advisor: User Stories
How can I identify my vulnerable/non-compliant images
before they go live?
How can I detect and block systems with password access
configurations and weak passwords?
- OS Info
- Processes
- Disk Info
- Metrics
- Network Info
- Packages
- Files
- Config Info
From Container/VM
- Docker metadata
(docker inspect)
- CPU metrics
(/cgroup/cpuacct/)
- Memory metrics
(/cgroup/memory)
- Docker history
Docker Runtime
Config
Annotator
Vulnerability
Annotator
Compliance
Annotator
Password
Annotator
SW
Annotator
Licence
Annotator
- Audit Subsystem
- Syscall Tracing
- System Integrity
Platform
11. Vulnerability Advisor for Your Images
Annotators
(Vuln, Compl, Passwd,
Config, SW, Notif,…)
Data Pipeline Index (Data)
ImgCrawlers
OpAnalytics Data Pipeline
Docker Hosts
App
Cont.
App
Cont.
App
Cont.
App
Cont.
Docker Hosts
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
Docker Hosts
App
VM
App
VM
App
VM
App
VM
Docker Hosts
App
VM
App
VM
App
VM
App
VM
App
VM
App
VM
App
VM
App
VM
Compute
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
Logging,
Monitoring,
Alerting
Metrics + state
Logs + events
Static state Vulnerability
Advisor
Container
Image
Registry
Currently in Bluemix
12. Vulnerability Advisor for Your Images and Instances
Annotators
(Vuln, Compl, Passwd,
Config, SW, Notif,…)
Data Pipeline Index (Data)
ImgCrawlers
OpAnalytics Data Pipeline
Docker Hosts
App
Cont.
App
Cont.
App
Cont.
App
Cont.
Docker Hosts
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
Docker Hosts
App
VM
App
VM
App
VM
App
VM
Docker Hosts
App
VM
App
VM
App
VM
App
VM
App
VM
App
VM
App
VM
App
VM
Compute
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
App
Cont.
Logging,
Monitoring,
Alerting
Metrics + state
Logs + events
Static state Vulnerability
Advisor
Container
Image
Registry
Live state
Additional
Image
Repos
Future Research
13. DEMO TIME
This Session
This Session
Vulnerability Advisor, Policy Mgr
Go to Bluemix Catalog
See VA Image Status
(Safe, Caution, Blocked)
Go to Create View
Explore Status Details
(Vulnerabilities, Policy Violations)
Browse Policy Manager
(Policy Settings, Deployment Impact)
Change Org Policies
Override Policies
(Don’t do it)
See Weak Password Discovery
Update Image in Local Dev
Fix Policy Violation
Tomorrow
Tomorrow
Built-in Monitoring & Logging
DeveloperWorks SmartBar Session
Agentless System Crawler
4:00pm
14. Getting Started: Let’s Go to London
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
15. Deployment Status
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy
16. Deployment Status
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution
17. Deployment Status
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
18. Create View
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
Click on Image to go to Create View
See Verdict Details and Explore Options
Click on Image to go to Create View
See Verdict Details and Explore Options
19. Vulnerability Advisor Report
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
Click on Image to go to Create View
See Verdict Details and Explore Options
Click on Image to go to Create View
See Verdict Details and Explore Options
View Vulnerability Advisor Report:
Discovered Vulnerabilities | Policy Violations
View Vulnerability Advisor Report:
Discovered Vulnerabilities | Policy Violations
20. Vulnerability Advisor Report
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
Click on Image to go to Create View
See Verdict Details and Explore Options
Click on Image to go to Create View
See Verdict Details and Explore Options
View Vulnerability Advisor Report:
Discovered Vulnerabilities | Policy Violations
View Vulnerability Advisor Report:
Discovered Vulnerabilities | Policy Violations
21. Policy Manager and Deployment Impact
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
Click on Image to go to Create View
See Verdict Details and Explore Options
Click on Image to go to Create View
See Verdict Details and Explore Options
View Vulnerability Advisor Report:
Discovered Vulnerabilities | Policy Violations
View Vulnerability Advisor Report:
Discovered Vulnerabilities | Policy Violations
Policy Manager and Deployment ImpactPolicy Manager and Deployment Impact
22. Policy Manager and Deployment Impact
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
Click on Image to go to Create View
See Verdict Details and Explore Options
Click on Image to go to Create View
See Verdict Details and Explore Options
View Vulnerability Advisor Report:
Discovered Vulnerabilities | Policy Violations
View Vulnerability Advisor Report:
Discovered Vulnerabilities | Policy Violations
Policy Manager and Deployment Impact
Change Org Policy and Observe Impact
Policy Manager and Deployment Impact
Change Org Policy and Observe Impact
23. Policy Override
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Login to Bluemix London
(https://console.eu-gb.bluemix.net/)
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
Go to Catalog and Look for Containers
Hover over containers to see VA verdict:
Safe to Deploy | Deploy with Caution | Blocked
Click on Image to go to Create View
See Verdict Details and Explore Options
Click on Image to go to Create View
See Verdict Details and Explore Options
View Vulnerability Advisor Report:
Discovered Vulnerabilities | Policy Violations
View Vulnerability Advisor Report:
Discovered Vulnerabilities | Policy Violations
Policy Manager and Deployment Impact
Change Org Policy and Observe Impact
Policy Manager and Deployment Impact
Change Org Policy and Observe Impact
Create View > Click One-time Override
Name your risky container and deploy
Create View > Click One-time Override
Name your risky container and deploy
27. Notices and Disclaimers Con’t.
27
Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not
tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products.
Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the
ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT
NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The provision of the information contained h erein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other
intellectual property right.
IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®,
FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG,
Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®,
PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®,
StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business
Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM
trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.
28. Thank You
Your Feedback is Important!
Access the InterConnect 2016 Conference Attendee Portal to complete your
session surveys from your smartphone, laptop or conference kiosk.
SAD-7286 :
IBM Research Day Demo:
Vulnerability Advisor for Your Images
(and Instances)
@canturkisci
Editor's Notes
Seamless -> opword | Implicit monitor me | Colors status