Everything and anything is hackable and vulnerable in some ways. Even with all the security governance and check points, businesses are still being cyberattacked & hacked regularly.
Did you know, a public IP is attacked by a hacker after the first five minutes of life on the internet.
This presentation directly explores the 7 dangerous ways to Cyberattack Azure and provides countermeasures.
More importantly, provides some guidance to start protecting your business in the Cloud!
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
Cloud has many advantages over the traditional on-premise infrastructure; however, this does bring many new concerns around issues of system security, communication security, data security, privacy, latency and availability. When designing and developing Cloud SaaS application, these security issues need to be addressed in order to ensure regulatory compliance, security and trusted environment in AWS and Azure.
The presentation provides real-world cloud security scenarios (problem statements) and proposed solutions for each security design pattern. Also covers the different security aspects of system including, data security to privacy and GDPR related problems.
Cloud security comparisons between aws and azureAbdul Khan
The document compares security patterns and solutions between Amazon Web Services (AWS) and Microsoft Azure for cloud computing. It discusses six key areas of comparison: 1) compliance and regulatory, 2) identity authentication and authorization, 3) secure development, operation and administration, 4) privacy and confidentiality, 5) secure architecture, and 6) provides examples of specific security solutions offered by each cloud provider for different security patterns within each area.
Cloud Security Engineering - Tools and TechniquesGokul Alex
Cloud Security Engineering Education Materials prepared by Gokul Alex. It covers the essential tools and techniques to protect cloud enterprise architectures and cloud information systems.
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
Safeguarding the cloud with IBM Security solutions - Maintain visibility and control with proven security solutions for public, private and hybrid clouds.
Cloud Security - Emerging Facets and FrontiersGokul Alex
My session on Cloud Computing Security prepared for ISC2 Bangalore Chapter MeetUp. It is a walkthrough on the fundamental axioms of cloud security with reference to architecture standards, industry best practices and a coverage of some of the most pertinent attack vectors in the recent times. This presentation delves deeper into Cloud Security Reference Architectures, Cloud Security Operating Models, Cloud Firewalls, Cloud Identity Access Management Models, Cloud Malware Concepts etc.
Data Security Essentials for Cloud Computing - JavaOne 2013javagroup2006
This document discusses data security considerations and best practices for cloud computing. It covers cryptographic concepts like hashing, symmetric and asymmetric encryption, and digital signatures. It also discusses recent trends like using hardware security modules and encryption gateways to securely store keys and encrypt data before it reaches the cloud. The goal is to provide comprehensive data security while data is in transit to and stored in the cloud.
Cloud Security & Cloud Encryption Explained by Porticor the industry leader in Cloud Data Security. Learn from Porticor the issues for cloud security and how to protect your data in the cloud. Learn more about cloud security at http://www.porticor.com
Cloud computing is a model that provides convenient access to configurable computing resources over a network. It allows users to access shared pools of configurable systems like storage, networks, servers and applications. Some key aspects of cloud security include data breaches, insecure interfaces, account hijacking, insider threats and data loss. Physical security of data centers is also important with access control, environmental controls and backup power. Network security focuses on denial of service attacks, port scanning, man-in-the-middle attacks and IP spoofing. Middleware and EC2 security use techniques like security groups, firewalls, access keys and digital certificates. Privacy can be improved through policies that give users more control over personal data collection and use.
Guide to security patterns for cloud systems and data security in aws and azureAbdul Khan
Cloud has many advantages over the traditional on-premise infrastructure; however, this does bring many new concerns around issues of system security, communication security, data security, privacy, latency and availability. When designing and developing Cloud SaaS application, these security issues need to be addressed in order to ensure regulatory compliance, security and trusted environment in AWS and Azure.
The presentation provides real-world cloud security scenarios (problem statements) and proposed solutions for each security design pattern. Also covers the different security aspects of system including, data security to privacy and GDPR related problems.
Cloud security comparisons between aws and azureAbdul Khan
The document compares security patterns and solutions between Amazon Web Services (AWS) and Microsoft Azure for cloud computing. It discusses six key areas of comparison: 1) compliance and regulatory, 2) identity authentication and authorization, 3) secure development, operation and administration, 4) privacy and confidentiality, 5) secure architecture, and 6) provides examples of specific security solutions offered by each cloud provider for different security patterns within each area.
Cloud Security Engineering - Tools and TechniquesGokul Alex
Cloud Security Engineering Education Materials prepared by Gokul Alex. It covers the essential tools and techniques to protect cloud enterprise architectures and cloud information systems.
Cloud Security: What you need to know about IBM SmartCloud SecurityIBM Security
Safeguarding the cloud with IBM Security solutions - Maintain visibility and control with proven security solutions for public, private and hybrid clouds.
Cloud Security - Emerging Facets and FrontiersGokul Alex
My session on Cloud Computing Security prepared for ISC2 Bangalore Chapter MeetUp. It is a walkthrough on the fundamental axioms of cloud security with reference to architecture standards, industry best practices and a coverage of some of the most pertinent attack vectors in the recent times. This presentation delves deeper into Cloud Security Reference Architectures, Cloud Security Operating Models, Cloud Firewalls, Cloud Identity Access Management Models, Cloud Malware Concepts etc.
Data Security Essentials for Cloud Computing - JavaOne 2013javagroup2006
This document discusses data security considerations and best practices for cloud computing. It covers cryptographic concepts like hashing, symmetric and asymmetric encryption, and digital signatures. It also discusses recent trends like using hardware security modules and encryption gateways to securely store keys and encrypt data before it reaches the cloud. The goal is to provide comprehensive data security while data is in transit to and stored in the cloud.
Cloud Security & Cloud Encryption Explained by Porticor the industry leader in Cloud Data Security. Learn from Porticor the issues for cloud security and how to protect your data in the cloud. Learn more about cloud security at http://www.porticor.com
Cloud computing is a model that provides convenient access to configurable computing resources over a network. It allows users to access shared pools of configurable systems like storage, networks, servers and applications. Some key aspects of cloud security include data breaches, insecure interfaces, account hijacking, insider threats and data loss. Physical security of data centers is also important with access control, environmental controls and backup power. Network security focuses on denial of service attacks, port scanning, man-in-the-middle attacks and IP spoofing. Middleware and EC2 security use techniques like security groups, firewalls, access keys and digital certificates. Privacy can be improved through policies that give users more control over personal data collection and use.
This presentation includes cloud security overview, Could Security Access Broker, CASB's four pillars, proxy and API deployment mode and advantage and limitation of deployment modes
As organizations shift control of their infrastructure and data to the cloud, it is critical that they rethink their application security efforts. This can be accomplished by ensuring applications are designed to take advantage of built-in cloud security controls and configured properly in deployment.
Attend this webcast to gain insight into the security nuances of the cloud platform and risk mitigation techniques. Topics include:
• Common cloud threats and vulnerabilities
• Exposing data with insufficient Authorization and Authentication
• The danger of relying on untrusted components
• Distributed Denial of Service (DDoS) and other application attacks
• Securing APIs and other defensive measures
Cloud computing delivers computing resources over a network and includes three service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Security threats to cloud computing include hackers abusing cloud resources to conduct denial of service attacks and brute force attacks at low cost. Data breaches are also a risk as sensitive data stored in the cloud has been targeted by online theft. Malware injection attacks and wrapping attacks that change the execution of web applications are additional security risks. Countermeasures include access management, data protection techniques, and implementing security policies and technologies.
This document discusses cloud computing security and outlines key considerations for both cloud service providers and users. It describes the major cloud service models (SaaS, PaaS, IaaS) and deployment models (public, private, community, hybrid). The document then covers security pitfalls and responsibilities of providers versus users. Specific areas of focus include governance, compliance, data management, security, encryption, and access control. It emphasizes the importance of effective security controls and trust between providers and users for widespread adoption of cloud computing.
Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use
Security As A Service In Cloud(SECaaS)أحلام انصارى
This document discusses security as a service (SECaaS) in cloud computing. It begins by explaining other common cloud service models like SaaS, PaaS, IaaS, and STaaS. It then defines SECaaS as a business model where large service providers integrate security services like authentication, antivirus, intrusion detection, and security event management into a corporate infrastructure on a subscription basis. The document lists the top 10 cloud service providers and reasons why cloud-based security is required. It outlines common areas covered by SECaaS like identity and access management, data loss prevention, and network security. Finally, it provides examples of specific SECaaS products and services offered by vendors.
This document discusses cloud security governance and related challenges. It begins by outlining key cloud security concerns like lack of visibility, loss of control, and multi-tenancy issues. Major risks are then examined, such as data leakage, account hijacking, and insecure cloud software. The document also explores the shared responsibility model between cloud service providers and consumers. It notes that many breaches are due to customer misconfiguration rather than provider vulnerabilities. Finally, challenges in implementing cloud security governance are mentioned, such as cloud discovery, gaps in contracts, and rapidly changing cloud services and architectures.
This document discusses cloud security and provides an overview of McAfee's cloud security program. It begins with definitions of cloud computing and cloud security. It then analyzes the growth of the global cloud security market from 2012-2014. Next, it discusses McAfee's cloud security offerings, strengths, weaknesses, opportunities, threats and competitors in the cloud security space. It also provides details on some of McAfee's major customers. Finally, it discusses Netflix's move to the cloud and its cloud security strategy.
This presentation is on the basics of cyber security and cloud computing, where it also addresses the aspects ethical hacking in detail.
The url of the live presentation: http://syscolabs.lk/blog/cyber-security-and-cloud-computing/
This document summarizes best practices for web development based on a study by Larry Wilson. It discusses using responsive design, flexible frameworks, HTML5 semantics and forms, CSS3 rules and properties, web fonts, JavaScript optimization, and usability testing. The goal is to implement these standards to create accessible, optimized websites that work across devices. Key aspects covered include mobile-first design, progressive enhancement, minimizing file sizes and requests, and testing with users.
These slides will cover the “Certified Cloud Security Professional” course by (ISC)2.
They are supposed to give you an idea about the course contents, and make it easier for you when reviewing the subjects.
This document discusses cloud computing, including its definition, components, characteristics, service and deployment models, and security considerations. It provides a case study on a social engineering attack where a hacker was able to gain access to a victim's Amazon and Apple accounts by exploiting identity verification systems and tricking customer service representatives. The hacker used information found on the victim's personal website to remotely delete data from all his cloud-based devices. The case study illustrates that cloud systems require new security measures beyond password-based authentication to prevent social engineering attacks in the age of cloud computing.
The document discusses McAfee Email Protection for Microsoft Office 365. It highlights that Office 365 adoption is growing rapidly, but email threats still exist in the cloud. McAfee's solution layers additional security on top of Office 365 to protect against phishing and malware. Key features include targeted attack protection, faster protection through McAfee's threat intelligence, and email continuity to ensure uptime. The document also addresses common customer objections and provides resources for sales enablement.
The document discusses data security in cloud environments. It covers cloud computing models including infrastructure as a service, platform as a service and software as a service. It also discusses common attacks on clouds like denial of service and phishing attacks. The document outlines cloud security controls that are deterrent, preventive, detective and corrective. It discusses security models for data integrity, privacy and confidentiality in clouds.
Cloud computing allows users to access data and software over the internet rather than locally. While convenient, this presents security risks as users lose some control over their data. Common threats include hacking, malware, and insider privileges being misused. However, the document outlines security measures for cloud computing like encryption, access control, backups, and continuous monitoring that can help protect users if implemented properly. The key is treating security as an ongoing process rather than a one-time event.
In shared infrastructures such as clouds, sensitive or regulated data—including run-time and archived data—must be properly segregated from unauthorized users. Database and system administrators may have access to multiple clients’ data, and the location of stored data in a cloud may change rapidly. Compliance requirements such as Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) and others may need to be met. This webinar will discuss how to help protect cloud-based customer information and intellectual property from both external and internal threats.
View the On-demand webinar: https://www2.gotomeeting.com/register/187735186
This webinar covers cloud security fundamentals across AWS, Azure, and GCP. It begins with introductions and an overview of the course, which includes cloud security 101, best practices for each cloud provider, and a discussion of current threats. The presentation covers topics such as the shared responsibility model, cloud security risks and governance models, identity and access management, data security, and techniques for mitigating risks in the cloud. It emphasizes the importance of a data-centric approach to security and controlling access according to the principles of least privilege and separation of duties.
This document summarizes a presentation on threat modeling for web application deployment. The presentation introduces threat modeling and provides a real-world example of threat modeling an e-commerce site. Key steps in the threat modeling methodology include information gathering, analysis of users, assets, and threats, and defining mitigation strategies. The example analyzes threats to an online store's users, entry points, and remaining assets, and defines mitigation strategies like restricting access, reducing the attack surface, and securing the application and database.
Core strategies to develop defense in depth in AWSShane Peden
Information security guidance and strategies for securing cloud infrastructure in Amazon Web Services, presented by risk3sixty LLC and Afonza. Atlanta based cyber risk management.
This presentation includes cloud security overview, Could Security Access Broker, CASB's four pillars, proxy and API deployment mode and advantage and limitation of deployment modes
As organizations shift control of their infrastructure and data to the cloud, it is critical that they rethink their application security efforts. This can be accomplished by ensuring applications are designed to take advantage of built-in cloud security controls and configured properly in deployment.
Attend this webcast to gain insight into the security nuances of the cloud platform and risk mitigation techniques. Topics include:
• Common cloud threats and vulnerabilities
• Exposing data with insufficient Authorization and Authentication
• The danger of relying on untrusted components
• Distributed Denial of Service (DDoS) and other application attacks
• Securing APIs and other defensive measures
Cloud computing delivers computing resources over a network and includes three service models: Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Security threats to cloud computing include hackers abusing cloud resources to conduct denial of service attacks and brute force attacks at low cost. Data breaches are also a risk as sensitive data stored in the cloud has been targeted by online theft. Malware injection attacks and wrapping attacks that change the execution of web applications are additional security risks. Countermeasures include access management, data protection techniques, and implementing security policies and technologies.
This document discusses cloud computing security and outlines key considerations for both cloud service providers and users. It describes the major cloud service models (SaaS, PaaS, IaaS) and deployment models (public, private, community, hybrid). The document then covers security pitfalls and responsibilities of providers versus users. Specific areas of focus include governance, compliance, data management, security, encryption, and access control. It emphasizes the importance of effective security controls and trust between providers and users for widespread adoption of cloud computing.
Cloud computing security is the set of control-based technologies and policies designed to adhere to regulatory compliance rules and protect information, data applications and infrastructure associated with cloud computing use
Security As A Service In Cloud(SECaaS)أحلام انصارى
This document discusses security as a service (SECaaS) in cloud computing. It begins by explaining other common cloud service models like SaaS, PaaS, IaaS, and STaaS. It then defines SECaaS as a business model where large service providers integrate security services like authentication, antivirus, intrusion detection, and security event management into a corporate infrastructure on a subscription basis. The document lists the top 10 cloud service providers and reasons why cloud-based security is required. It outlines common areas covered by SECaaS like identity and access management, data loss prevention, and network security. Finally, it provides examples of specific SECaaS products and services offered by vendors.
This document discusses cloud security governance and related challenges. It begins by outlining key cloud security concerns like lack of visibility, loss of control, and multi-tenancy issues. Major risks are then examined, such as data leakage, account hijacking, and insecure cloud software. The document also explores the shared responsibility model between cloud service providers and consumers. It notes that many breaches are due to customer misconfiguration rather than provider vulnerabilities. Finally, challenges in implementing cloud security governance are mentioned, such as cloud discovery, gaps in contracts, and rapidly changing cloud services and architectures.
This document discusses cloud security and provides an overview of McAfee's cloud security program. It begins with definitions of cloud computing and cloud security. It then analyzes the growth of the global cloud security market from 2012-2014. Next, it discusses McAfee's cloud security offerings, strengths, weaknesses, opportunities, threats and competitors in the cloud security space. It also provides details on some of McAfee's major customers. Finally, it discusses Netflix's move to the cloud and its cloud security strategy.
This presentation is on the basics of cyber security and cloud computing, where it also addresses the aspects ethical hacking in detail.
The url of the live presentation: http://syscolabs.lk/blog/cyber-security-and-cloud-computing/
This document summarizes best practices for web development based on a study by Larry Wilson. It discusses using responsive design, flexible frameworks, HTML5 semantics and forms, CSS3 rules and properties, web fonts, JavaScript optimization, and usability testing. The goal is to implement these standards to create accessible, optimized websites that work across devices. Key aspects covered include mobile-first design, progressive enhancement, minimizing file sizes and requests, and testing with users.
These slides will cover the “Certified Cloud Security Professional” course by (ISC)2.
They are supposed to give you an idea about the course contents, and make it easier for you when reviewing the subjects.
This document discusses cloud computing, including its definition, components, characteristics, service and deployment models, and security considerations. It provides a case study on a social engineering attack where a hacker was able to gain access to a victim's Amazon and Apple accounts by exploiting identity verification systems and tricking customer service representatives. The hacker used information found on the victim's personal website to remotely delete data from all his cloud-based devices. The case study illustrates that cloud systems require new security measures beyond password-based authentication to prevent social engineering attacks in the age of cloud computing.
The document discusses McAfee Email Protection for Microsoft Office 365. It highlights that Office 365 adoption is growing rapidly, but email threats still exist in the cloud. McAfee's solution layers additional security on top of Office 365 to protect against phishing and malware. Key features include targeted attack protection, faster protection through McAfee's threat intelligence, and email continuity to ensure uptime. The document also addresses common customer objections and provides resources for sales enablement.
The document discusses data security in cloud environments. It covers cloud computing models including infrastructure as a service, platform as a service and software as a service. It also discusses common attacks on clouds like denial of service and phishing attacks. The document outlines cloud security controls that are deterrent, preventive, detective and corrective. It discusses security models for data integrity, privacy and confidentiality in clouds.
Cloud computing allows users to access data and software over the internet rather than locally. While convenient, this presents security risks as users lose some control over their data. Common threats include hacking, malware, and insider privileges being misused. However, the document outlines security measures for cloud computing like encryption, access control, backups, and continuous monitoring that can help protect users if implemented properly. The key is treating security as an ongoing process rather than a one-time event.
In shared infrastructures such as clouds, sensitive or regulated data—including run-time and archived data—must be properly segregated from unauthorized users. Database and system administrators may have access to multiple clients’ data, and the location of stored data in a cloud may change rapidly. Compliance requirements such as Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) and others may need to be met. This webinar will discuss how to help protect cloud-based customer information and intellectual property from both external and internal threats.
View the On-demand webinar: https://www2.gotomeeting.com/register/187735186
This webinar covers cloud security fundamentals across AWS, Azure, and GCP. It begins with introductions and an overview of the course, which includes cloud security 101, best practices for each cloud provider, and a discussion of current threats. The presentation covers topics such as the shared responsibility model, cloud security risks and governance models, identity and access management, data security, and techniques for mitigating risks in the cloud. It emphasizes the importance of a data-centric approach to security and controlling access according to the principles of least privilege and separation of duties.
This document summarizes a presentation on threat modeling for web application deployment. The presentation introduces threat modeling and provides a real-world example of threat modeling an e-commerce site. Key steps in the threat modeling methodology include information gathering, analysis of users, assets, and threats, and defining mitigation strategies. The example analyzes threats to an online store's users, entry points, and remaining assets, and defines mitigation strategies like restricting access, reducing the attack surface, and securing the application and database.
Core strategies to develop defense in depth in AWSShane Peden
Information security guidance and strategies for securing cloud infrastructure in Amazon Web Services, presented by risk3sixty LLC and Afonza. Atlanta based cyber risk management.
The document provides an overview of AWS security presented by Max Ramsay. It discusses AWS security capabilities that are available to all customers regardless of business type. It focuses on case studies of how Serasa Experian and Trend Micro use AWS, highlighting benefits like agility, flexibility and cost reduction. The document also covers shared security responsibilities on AWS, compliance controls, network security features, and resources for learning more about AWS security best practices.
001 - Get acquainted with the AWS platform -- hide01.ir.pptxnitinscribd
This document provides an introduction to security in AWS, including identifying primary AWS offerings and security concerns. It discusses several major data breaches in AWS caused by misconfigured access keys and permissions, including Code Spaces (2014), Uber (2017), Tesla (2018), and Capital One (2019). The key lessons are to apply security principles like least privilege and defense in depth, protect access keys, safeguard metadata, detect changes, and keep systems simple. Understanding past breaches can help implement proper detection and response controls.
This document discusses anatomy of cloud hacks by analyzing past data breaches and vulnerabilities. It begins by looking at known attacks where compromised infrastructure was based in the cloud. Specific case studies of attacks on Code Spaces, Olindata, and Tesla are described. The document then covers techniques for enumerating cloud services and resources like storage containers. Methods for gaining an initial foothold like leaked credential hunting and exploiting server-side request forgery are also outlined.
Security in the cloud Workshop HSTC 2014Akash Mahajan
A broad overview of what it takes to be secure. This is more of an introduction where we introduce the basic terms around Cloud Computing and how do we go about securing our information assets(Data, Applications and Infrastructure)
The workshop was fun because all the slides were paired with real world examples of security breaches and attacks.
The document discusses the top 10 vulnerabilities of databases. The most common is deployment failures where databases are not properly secured when deployed. Other vulnerabilities include broken authentication that allows worms like SQL Slammer to spread rapidly; data leaks through unencrypted network traffic; stolen backups; abuse of standard database features; lack of access controls; SQL injections; weak key management; and inconsistent security practices. Proper configuration such as encrypted connections, access control, and regular patching can help address many of these issues.
For Business's Sake, Let's focus on AppSecLalit Kale
Slide-Deck for session on Application Security at Limerick DotNet-Azure User Group on 15th Feb, 2018
Event URL: https://www.meetup.com/Limerick-DotNet/events/hzctdpyxdbtb/
Practical Red Teaming is a hands-on class designed to teach participants with various techniques and tools for performing red teaming attacks. The goal of the training is to give a red teamer’s perspective to participants who want to go beyond VAPT. This intense course immerses students in a simulated enterprise environment, with multiple domains, up-to-date and patched operating systems. We will cover several phases of a Red Team engagement in depth – Local Privilege escalation, Domain Enumeration, Admin Recon, Lateral movement, Domain Admin privileges etc.
If you want to learn how to perform Red Team operations, sharpen your red teaming skillset, or understand how to defend against modern attacks, Practical Red Teaming is the course for you.
Topics :
• Red Team philosophy/overview
• Red Teaming vs Penetration Testing
• Active Directory Fundamentals – Forests, Domains, OU’s etc
• Assume Breach Methodology
• Insider Attack Simulation
• Introduction to PowerShell
• Initial access methods
• Privilege escalation methods through abuse of misconfigurations
• Domain Enumeration
• Lateral Movement and Pivoting
• Single sign-on in Active Directory
• Abusing built-in functionality for code execution
• Credential Replay
• Domain privileges abuse
• Dumping System and Domain Secrets
• Kerberos – Basics and its Fundamentals
• Kerberos Attack and Defense (Kerberoasting, Silver ticket, Golden ticket attack etc)
https://bsidessg.org/schedule/2019-ajaychoudhary-and-niteshmalviya/
In enumeration the hacker now pursuing an in-depth analysis of all targeted devices such as hosts, connected devices. Hacker is mapping out your network to build a offensive attack strategy,**very important topic**
Využijte svou Oracle databázi na maximum!
Ondřej Buršík
Senior Presales, Oracle
Arrow / Oracle
The document discusses maximizing the use of Oracle databases. It covers topics such as resilience, performance and agility, security and risk management, and cost optimization. It promotes Oracle Database editions and features, as well as Oracle Engineered Systems like Exadata, which are designed to provide high performance, availability, security and manageability for databases.
The document outlines 10 security design principles for developers to follow when building applications:
1. Minimize the attack surface area by restricting unnecessary features and access.
2. Establish secure defaults so that applications are secure out of the box.
3. Use the principle of least privilege so that users only have necessary access privileges.
4. Employ the principle of defense in depth with multiple layers of security controls.
5. Ensure applications fail securely and don't expose sensitive information when errors occur.
6. Don't implicitly trust external services and validate all data from third parties.
7. Separate duties so that no single user can compromise the system.
8. Avoid relying
AWS Summit 2013 | India - Extend your Datacenter in the Cloud and achieve Hig...Amazon Web Services
The cloud is not an 'All or Nothing' approach with regards to replacing workloads inside your datacenter. Enterprises with existing datacenters can easily extend their Infrastructure into the cloud to seamlessly leverage the benefits of cloud while using the same set of controls familiar to their business. However availability and security still remain among the top two concerns for CIOs when deciding on cloud adoption for their organization.
Amazon Web Services has infrastructure across multiple geographical Regions spanning five continents, with multiple Availability Zones in each Region along with a set of global edge locations. Building a similar infrastructure for high availability with your traditional datacenter would be non-trivial and cost prohibitive. Join this session to understand how you can achieve high availability across geographies, deploy your applications close to your users, control where your data is located, achieve low latency, and migrate your applications around the world in a cost-effective and easy manner using AWS services. You will also learn how AWS builds services in accordance with security best practices, provides appropriate security features in those services, has achieved industry standard certifications, and other third-party attestations. In addition, in line with the shared security model on the cloud, AWS customers must leverage on security features and best practices to architect an appropriately secure application environment. Enabling customers to ensure the confidentiality, integrity, and availability of their data is of the utmost importance to AWS, as is maintaining trust and confidence.
Webinar Fondazione CRUI - Microsoft: La Cyber Security nelle Università Jürgen Ambrosi
The document discusses trends in cyber threats including advanced persistent threats (APTs) and ransomware attacks. It provides information on different types of malware threats and targeted attacks, describing examples like Conficker and Stuxnet. The typical stages of targeted attacks are outlined, showing initial access, credential theft, lateral movement, and privilege escalation. Strategies for detection and prevention of attacks are proposed, including implementing a secure privileged access roadmap from Microsoft. The role of the operating system in security is reviewed, with Windows 10 features highlighted for virtualization-based security and isolation capabilities.
This document discusses recommendations for securing an Active Directory environment. It recommends a single forest single domain architecture by default, but acknowledges exceptions may exist. It introduces a tier model for access control and recommends restricting privilege escalation through measures like privileged access workstations and assessing AD security. It also recommends restricting lateral movement, implementing attack detection solutions, and preparing the organization through strategic planning and technical education.
This document provides an overview of security, compliance, and identity concepts. It describes zero trust principles, defense in depth security layers, common security threats, and the shared responsibility model. Identity concepts like authentication, authorization, and auditing are explained. Modern authentication relies on an identity provider, and federation allows users to authenticate across different identity providers. Active Directory and Azure Active Directory are directory services that store identity information.
This document discusses various aspects of cloud security including cloud security challenges, areas of concern in cloud computing, how to evaluate risks, cloud computing categories, the cloud security alliance, security service boundaries, responsibilities by service models, securing data, auditing and compliance, identity management protocols, and Windows Azure identity standards. It provides information on policies, controls, and technologies used to secure cloud environments, applications, and data.
Challenges with Cloud Security by Ken Y ChanKen Chan
As more businesses move to cloud services, they are facing with new challenges in IT security. This presentation outlines the key challenges in cloud security, and my observations and recommendations
Platform Security IRL: Busting Buzzwords & Building BetterEqual Experts
Practical tips and heroic war stories on how to secure a large, modern, fast software delivery platform. From building a team to building cool stuff, dealing with organisational setups to dealing with security incidents.
Zero Buzzwords Guaranteed.
Chris Rutter has spent the last few years obsessed with making security, engineering and the business work together. Starting his career as an engineer, he uses a deep understanding of Agile, Devops, and product delivery to solve security problems in a way that enables teams, rather than hitting them with bricks.
Similar to 7 Ways To Cyberattack And Hack Azure (20)
TrustArc Webinar - 2024 Global Privacy SurveyTrustArc
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024Neo4j
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Pushing the limits of ePRTC: 100ns holdover for 100 daysAdtran
At WSTS 2024, Alon Stern explored the topic of parametric holdover and explained how recent research findings can be implemented in real-world PNT networks to achieve 100 nanoseconds of accuracy for up to 100 days.
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
20 Comprehensive Checklist of Designing and Developing a WebsitePixlogix Infotech
Dive into the world of Website Designing and Developing with Pixlogix! Looking to create a stunning online presence? Look no further! Our comprehensive checklist covers everything you need to know to craft a website that stands out. From user-friendly design to seamless functionality, we've got you covered. Don't miss out on this invaluable resource! Check out our checklist now at Pixlogix and start your journey towards a captivating online presence today.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
2. Author
• Abdul Khan
• IT Consultant based in Manchester, UK
• Engineering Lead, Executive, Technologist, Architect
• IT experience, within the private and public sectors (Retail, Banking, Digital, Insurance, M.O.D., HMRC, Aviation, Telecommunication,
Housing Associations, Education, Travel, and Pharmaceutical companies). Excellent architectural and strong DevOps experience with
proven-track record of delivering E2E, B2B and B2C solution on regional and global programs.
• SME in specializing in providing integration, data migration, digital transformations to the cloud solutions (Azure and AWS)
• Wealth of experience in global projects across EMEA, ASPAC and LATAM
• Liked in profile https://www.linkedin.com/in/abdul-khan-uk/
3. Accreditations
Thank you to my brother, good friends and colleagues for reviewing, adding value, sharing their vast experience
and knowledge.
• Samad Khan (IT Manager), specialising in enterprise solution in finance and wealth Management
• Steve Lampton (IT Consultant, Cloud SME) specialising in NetOps, DevOps and SecOps
4. Audience
Main Audience
• The top cyberthreats may find a wider group of potential stakeholders who are interested in
understanding the threat landscape in general or deepen their understanding to cover particular
threats.
• This document for decision makers, security architects, risk managers, auditors and end-users
who wish to be informed about the where-about of various cyberthreats may find this material
useful.
Assumptions
• Reader has some knowledge of cloud platforms technologies.
5. Content
1.0 Think Like A Hacker
1.1 Introduction
1.2 Hacker Perspective
1.3 The Top Most Dangerous Cyberattacks
1.4 Account Storage – Architecture
1.5 Account Storage – Storage Stamp
3.0 Final Thoughts
3.1 Considerations & Best Practices
2.0 Cyberattacks and Countermeasures
2.1 Attack01 – Access using account keys
2.2 Attack02 – Ransomware attack and encryption
2.3 Attack03 – Attack VMs and Disks
2.4 Attack04 – Storage Tampering attack
2.5 Attack05 – A Phishing attack
2.6 Attack06 – Attack to Blob and resource using anonymous access
2.7 Attack07 – Attacks To The Public and Private IP Addresses in Azure
8. 1.1 Introduction
• Microsoft Azure offers many types of tool and technology to manage and handle threats and
security. This can be from the classical firewall, encryption, network security group, MOMS,
Security Centre, Audit Logging, GDPR and much more.
• To identify the most important risks and threats and how to manage them we need to choose the
right platform that provides the best features and tools.
• In Cloud, any resources can be linked with security or related to hacking and should be assessed
for vulnerabilities. Therefore, few basic questions that should always be asked :-
• Is the functionality secure or vulnerable?
• If yes, how can it be exploited and how much damage could it cause?
9. 1.2 Hacker Perspective (1/2)
• From a hacker perspective, a DNS provides very important data, this includes :
• The Account name is extremely important because it is used by Azure to locate the
primary storage cluster and the datacentre where the storage is located, all the
requests for this account are directed to this location, an application can use a
different account for different locations.
• The Partition name identifies the storage node of the cluster and it is used to scale-
out access to the data, the ObjectName is the specific object in the partition, the
transactions are atomic and managed across the different objects inside the same
PartitionName.
10. 1.2 Hacker Perspective (2/2)
• The Account Storage architecture has been organized to provide the maximum
capacity and scaling, the let see the most important components and how it works.
• The Storage Stamp is a cluster of N racks of storage nodes, and each rack is a
separate fault domain, the challenge is to maintain the storage provisioned in
production as highly utilized as possible if a rack reach lower then 70% the account is
migrated in another rack
• The Location Service manages the account namespace across all stamps and all the
storage stamps, it is also responsible for disaster recovery and load balancing, the LS
updates the DNS and allow the requests from the name
https://AccountName.service.core.windows.net to that storage stamp’s virtual IP
(VIP, an IP address the storage stamp exposes for external traffic).
11. 1.3 The Top Most Dangerous Cyberattacks (1/2)
• There are three most essential areas in Microsoft Azure, RBAC, Storage and
Networking, everything in Azure depends on these three main pillars, and
considering these areas. The 3 topmost dangerous cyberattacks, below the TOP
Parade:
• Privilege escalation to Azure PIM and the Global Admin Account;
• Ransomware Attack;
• Attack to the public and private IP addresses;
• All these attacks are extremely dangerous and effective. However, the privilege
escalation is the most dangerous because it can escalate a top-level, which
means no more control in the entire cloud and company.
• Internal attacks are much more dangerous and effective than the externals, and
companies often underestimate that. Cloud is more secure than on-premise, we
can rely on a much more solid infrastructure but we know cloud has weaknesses.
12. 1.3 The Top Most Dangerous Cyberattacks (2/2)
• RBAC is used to provide access to the storage account to a specific user. Hacker use this
approach to obtain access storage accounts. This is a classic method used to manage
the storage account by people through the Azure Portal.
• There are 3 major areas of Azure, also these are the weak points, most critical and
vulnerable areas for hackers to exploit, they are:-
• Authentication and Authorization (Azure AD and RBAC),
• Microsoft Azure Storage
• Networks(Azure Infrastructure).
14. 1.5 Account Storage - Storage Stamps
• The three layers in the Storage Stamps:
• Stream Layer is like a distributed file system layer within the stamps, it understands
files, called streams, and it manages how to store, replicate them and more but it
doesn’t have any clue about the data or the semantics.
• The Partition Layers manages and understands the high data abstraction layer (Blob,
Table, Queues, and Files), caching objects, and storing objects on top of the
streaming.
• The Front-End layer manages the authentication and authorizations for the account
though SAS token or Access Key, and it governs the relations between account and
partitions.
16. 2.1 Attack01 – Access Using Account Keys
Attack
• Developers use account keys everywhere, they send by email, they write in the code and often they take
notes in files and there are different techniques to use.
• Google Dorks are used by a hacker to collect any type of information on the internet, it is a very powerful
technique, especially if used is a smart way
• The query will search in all Google database for any file indexed of type config, containing the world
accountkey in the web sites githup.com and sourceforge.net
• The githup is not a typo, google may filter some query types, using this technique you can evade them.
Countermeasures
• Create Azure policy to block any unauthorize key vault creation (use a dedicated AD group/user)
• Set less permission privilege to the Key Vault, monitor any access and notify by email any change
• Store any sensitive information in Key Vaults and force developers on using this practice.
• Execute automation source code scanning with Azure DevOps
17. 2.2 Attack02 – Ransomware Attack And Encryption
Attack
• Azure encrypts any data in the storage account, key requirement for certifications ISO 27001, ISO 9001,
GDPR and others. But Is there a real risk of a ransomware attack in the cloud?, Answer is Yes. So what can a
hacker do? Answer, there is real potentially the entire storage account, all virtual machines, and disks can be
encrypt.
• A hacker could achieve a privilege escalation attack to the cloud or find the account keys and access to the
storage account. If this is achieved, then a hacker has different choices, One quick and very dangerous attack
is on the encryption keys, an attacker is able to encrypt the entire storage account. Azure uses two
mechanisms to encrypt the data:
• one using the internal encryption key;
• and the second is using an arbitrary key created by the customer.
• Attack simulation to the encryption keys, Hacker only required a basic knowledge of Storage Account and
Key Vault, a hacker can :-
• To execute a privilege escalation attack to Azure, (contributor access to the resource group re required)
• The attacker now will delete the key from the key vault, enter the key vault and delete the key.
18. 2.2 Attack02 – Ransomware Attack And Encryption
Countermeasures
• The best option is using policies and blocks any unauthorized usage, especially creation.
• Create Azure policy to block any unauthorize key vault creation (use a dedicated AD
group/user)
• Set less permission privilege to the Key Vault, monitor any access and notify by email any
change
• Use Multi-Factor Authentication in any sensitive location of the company.
19. 2.3 Attack03 – Attack VMs and Disks
Attack
• Another option is encrypting the content of the storage account, for example, all disks,
this is a procedure that we can achieve using Powershell and remotely
Countermeasures
• Create Azure policy to block any unauthorize encrypting operation (use a dedicated AD
group/user)
• Set less permission privilege to the resources
• Use Multi-Factor Authentication in any sensitive location of the company.
20. 2.4 Attack04 – Storage Tampering attack
Attack
• This is an extremely effective and dangerous attack, the hacker found the storage
account keys and will execute a scan in the account, below an example to list Blobs using
Azure CLI :
• The attacker has now a clear idea about the content and they may will inject in the
storage account-specific malicious content. The hacker could upload malicious scripts,
PDF files tampered and more.
• Developers and IT administrators use the queues to execute specific infrastructure tasks
and execution following a specific FIFO order, the hacker could inject messages in the
queue and execute arbitrary code and script.
• This Azure storage tampering is usually used in conjunction with the phishing attack.
21. 2.4 Attack04 – Storage Tampering attack
Countermeasures
• The prevention is the best countermeasure, we must prevent access to the resource.
• Create Azure policy to block any unauthorized usage (use a dedicated AD group/user)
• Set less permission privilege to the storage account and to the specific resource, monitor
any access and notify by email any change
• Refer to Attack01 regarding the protection of the keys
• Use Multi-Factor Authentication in any sensitive location of the company.
22. 2.5 Attack05 – A Phishing attack
Attack
• This is a very used attack because able to be combined in many different combinations, the concept is very
simple.
• trusted web site, the attacker can send email using this URL without being intercepted or blocked, and it
looks a legitimate URL. The hacker can simulate an internal communication and an employee could click on
the URL and open a malicious file hosted in the blob.
• This is a very simple example, in the future we will examine some nasty phishing attacks using a blob storage
account.
Countermeasures
• Robust email security solutions are actually the best option, also filtering any email containing the
windows.net domain.
• Educate employees about recognizing different types of phishing attacks and avoid clicking any link.
• Use multi security layers, scanning email, antivirus and use the red team to test malicious attack.
• Educate everybody in the companies, also the very top management.
• Use Multi-Factor Authentication in any sensitive location of the company.
23. 2.6 Attack06 – Attack To Blob And Resource Using
Anonymous Access
Attack
• We can set the reading access type of the container and blob as anonymous. We may need to use this
setting because we want to provide public access to our content, hackers use this setting for phishing
attacks.
• Black hats daily scan the public internet and they check the contents of these blobs by: -
• Option 1 – Using Shodan - Login with a free account to Shodan.io and use the search string
• Option 2 – Using scripting - This is the most productive and effective way to collect anonymous blob
storages, we can use any script type technique, the concept is quite simple.
• During an HTTP GET to request the anonymous blob storage responds in a different way from a private one,
this is the discriminant
• A program or script to created any possible combination of the account name and check for any possible
public blob on the internet. The procedure is a simple representation of what criminal companies do using
very high calculation power.
• The program used by these companies is specifically designed to check the content and they use Artificial
intelligence to quickly understand if the content can be something useful or not.
24. 2.6 Attack06 – Attack To Blob And Resource Using
Anonymous Access
Countermeasures
• Don’t publish any sensitive information in public storage.
Important Note
• The usage of public blobs can be a good honey trap, criminals will be focused on that specific area
of attack, you may also put false and misleading information.
• The honey trap is an interesting strategy and it can be extremely effective if well planned, we can
also make the criminal think what we want and discourage them from continuing any more
investigation to the company.
25. 2.7 Attack07 – Attacks To The Public and Private IP
Addresses In Azure
Attack
• A public IP is attacked by a hacker after the first five minutes of life on the internet, this is a standard procedure, these
people are criminal organizations looking for information to use against the company and employee. You can find public IP
exposed in Azure very easily. The entire Azure infrastructure can be scanned for ay public IP’s, open RDP ports with one
command : . By this hacker can download the entire Azure IP range by scanning the service,
these are all public information.
• Never underestimate the internal threats, if a hacker penetrates a VM, he will also have access to the internal network, at
least in the subnet, and if the VM is in the domain then the escalation of the damage is not measurable, it depends by the
Azure experience of the hacker.
Countermeasures
• Option 1 – The basic solution is avoid using public IP’s and if you really need then lock it and masquerade.
• Option 2 – Control the creation of new Public IP
• Option 3 – Use Azure Bastion
• Option 4 – Use VPN
• VPN is the best option and we avoid exposure to the internet however we still need to handle the private IPs because we
can face an internal attack.
27. 3.1 Considerations & Best Practices
• Centralize the security control and access using a good subscription structure and firewalling appliance.
• Create a Base subscription, install ExpressRoute and firewalling and propagate the connectivity to the other
subscriptions, this will give you a lot of control.
• Use a proper segmentation of the network and organize your IP Schemas and VNet by Regions.
• Create Azure policies and force your network rules
• Use Zero trust approach and limit any access
• This presentation has highlights some of the most important and dangerous attacks to the Storage Account,
prevention is always the best practice and in order to achieve that we need to use Azure Policies.
• Azure Policies are the first line of defense, the first opportunity to stop the attack. This is what we need to
achieve, we need to stop the attack from the beginning and not in the during.
• the most dangerous attack always starts from the internal, we need to make our home secure from any risk.
• Don’t trust anybody, even yourself, if you are not sure about something, better ask and discuss it in the team.
28. - END OF DECK
By Abdul Khan – https://www.linkedin.com/in/abdul-khan-uk/