Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Fpweb
Presentation from our 7th webinar entitled "Protect Your Infrastructure: Basics of Cloud Security", a short, yet in-depth look at the ins and outs of data center security, network security and even application security.
How to make Android apps secure: dos and don’tsNowSecure
Learn from the mobile app security fails of others and understand how to get Android app security right the first time around.
A quarter of mobile apps include flaws that expose sensitive personal or corporate data that can be used for illicit purposes. And the security of a mobile app has a lot to do with a user’s impression of its quality.
Fixing vulnerabilities in the late stages of your build-and-deploy cycle is a hassle, and more expensive. You’ve got to switch contexts, dig through code you haven’t thought about in weeks (or didn’t develop in the first place), and delay progress on your latest sprint.
So, what can you, the savvy Android developer, do to get security right the first time around and save yourself work later?
Or, if you’re a security practitioner, how can you give security guidance up front to help your colleagues on the development team work more efficiently?
The fundamentals of Android and iOS app securityNowSecure
Looking for a high-intensity bootcamp covering the basics of secure mobile development? This slideshare was originally presented by mobile security expert and NowSecure CEO Andrew Hoog for a 60-minute workshop at Security by Design covering the following topics:
+ Introduction to identifying security flaws in mobile apps (and how to avoid them)
+ Examples of secure and insecure mobile apps and how to secure them
+ Overview of secure mobile development based on the NowSecure Secure Mobile Development Best Practices
Public WiFi works as an essential tool for people who are constantly on the move and need to get things done. But, while having easy access to public WiFi networks is convenient, it can put your data at risk of being snooped by attackers, simply because such networks are often not secured. This webinar will give you an in-depth knowledge on:
1. Dangers of using unsecured WiFi networks
2. 6 security tips for using such networks securely
3. How Quick Heal helps reduce the risks of unsecured WiFi networks
Five mobile security challenges facing the enterpriseNowSecure
Mobile devices have permeated our personal lives, and increasingly impact all types of enterprise. The information security industry is just beginning to catch up to the dramatic impact of mobile. Since inception, NowSecure has focused entirely on mobile. Content Marketing Manager Sam Bakken shares insights into 5 key challenges facing mobile enterprise.
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Anant Shrivastava
This presentation talks about OWASP Mobile Risk M2 i.e. Insecure Data Storage. The agenda of the presentation is to understand the Data Storage and effect of insecure data storage. Then it also had demo's of known insecure data storage flaws. Methods to identify this flaw and various precautions that a developer should take to prevent this flaw.
The presentation was done as part of null/OWASP/G4H Monthly Meet
How to scale mobile application security testingNowSecure
Mobile security testing during application development is difficult - but it doesn’t have to be. Director of Mobile Services Katie Strzempka highlights how you can incorporate automated mobile application security testing throughout every step of your app SDLC.
Protect Your Infrastructure: Basics of Cloud Security | Fpwebinar Fpweb
Presentation from our 7th webinar entitled "Protect Your Infrastructure: Basics of Cloud Security", a short, yet in-depth look at the ins and outs of data center security, network security and even application security.
How to make Android apps secure: dos and don’tsNowSecure
Learn from the mobile app security fails of others and understand how to get Android app security right the first time around.
A quarter of mobile apps include flaws that expose sensitive personal or corporate data that can be used for illicit purposes. And the security of a mobile app has a lot to do with a user’s impression of its quality.
Fixing vulnerabilities in the late stages of your build-and-deploy cycle is a hassle, and more expensive. You’ve got to switch contexts, dig through code you haven’t thought about in weeks (or didn’t develop in the first place), and delay progress on your latest sprint.
So, what can you, the savvy Android developer, do to get security right the first time around and save yourself work later?
Or, if you’re a security practitioner, how can you give security guidance up front to help your colleagues on the development team work more efficiently?
The fundamentals of Android and iOS app securityNowSecure
Looking for a high-intensity bootcamp covering the basics of secure mobile development? This slideshare was originally presented by mobile security expert and NowSecure CEO Andrew Hoog for a 60-minute workshop at Security by Design covering the following topics:
+ Introduction to identifying security flaws in mobile apps (and how to avoid them)
+ Examples of secure and insecure mobile apps and how to secure them
+ Overview of secure mobile development based on the NowSecure Secure Mobile Development Best Practices
Public WiFi works as an essential tool for people who are constantly on the move and need to get things done. But, while having easy access to public WiFi networks is convenient, it can put your data at risk of being snooped by attackers, simply because such networks are often not secured. This webinar will give you an in-depth knowledge on:
1. Dangers of using unsecured WiFi networks
2. 6 security tips for using such networks securely
3. How Quick Heal helps reduce the risks of unsecured WiFi networks
Five mobile security challenges facing the enterpriseNowSecure
Mobile devices have permeated our personal lives, and increasingly impact all types of enterprise. The information security industry is just beginning to catch up to the dramatic impact of mobile. Since inception, NowSecure has focused entirely on mobile. Content Marketing Manager Sam Bakken shares insights into 5 key challenges facing mobile enterprise.
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014Anant Shrivastava
This presentation talks about OWASP Mobile Risk M2 i.e. Insecure Data Storage. The agenda of the presentation is to understand the Data Storage and effect of insecure data storage. Then it also had demo's of known insecure data storage flaws. Methods to identify this flaw and various precautions that a developer should take to prevent this flaw.
The presentation was done as part of null/OWASP/G4H Monthly Meet
How to scale mobile application security testingNowSecure
Mobile security testing during application development is difficult - but it doesn’t have to be. Director of Mobile Services Katie Strzempka highlights how you can incorporate automated mobile application security testing throughout every step of your app SDLC.
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
In this, the second, episode of our mobile penetration testing trilogy, NowSecure Solutions Engineer Michael Krueger takes you beyond the device. Michael will explain how to perform network and web services/API testing to capture data exposed in transit between apps and backend services -- some of the highest risk security flaws around.
This high intensity 30-minute crash course covers:
+ Man-in-the-middle (MITM) attacks
+ Taking advantage of improper certificate validation
+ Demonstration of a privilege escalation exploit of a web back-end vulnerability
Watch it here: https://youtu.be/bT1-7ZkSdNY
While the growth of cyber threats and malware artists is rampant, there are still many people who feel antivirus for their machine is unnecessary and actually causes more trouble than it’s worth. In this important webinar, our cyber security expert will help you understand these essential aspects:
1. 5 common myths that stop people from using an antivirus
2. Why you should invest in a quality antivirus
3. How Quick Heal keeps your computer and data safe
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device.
Episode 2 - Return of the Network/Back-end
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-ii-attack-of-the-code
Episode 3 - Attack of the Code
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-iii-attack-of-the-code
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
This Session will focus on Mobile Top 10 2014-M3 : Insufficient Transport Layer protection. We will try to understand Transport Layer, Transport layer security (TLS), insecurities in TLS/SSL, and how this affects the overall security of Mobile Devices as well as what kind of protection can be applied and how this can be identified..
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeEC-Council
Straight to the point, with the multitude of leaks, the latest new age hacking weapons have brought an onslaught of new attack vectors! This is one of the presentations you don’t want to miss!
Wayne will be demonstrating highly modified custom mobile deployable network hacking cyber weapons, such as Network BlackBoxs, Evil WiFi Honeypots, custom USB delivered payloads and finally how we can take these weapons to the sky autonomously using various custom build drones.
After food, air and water, the Internet has evolved to become the next basic necessity for most. The current Internet user base in India is a whopping 400 million and is expected to reach 500 million by 2016. The list of benefits that Internet has for us is an exhaustive one and so is the list of dangers it entails. In this presentation, we help you understand:
a. 30 killer Internet security tips
b. How Quick Heal protects you from all types of threats on the
Internet.
4 Precautions to Keep Your Supply Chain Data SafeAlexis Global
Supply Chain companies should take a step in developing high-quality risk management strategies and train their employees to identify potential threats and avoid these types of situations.
Epoch Universal can protect your network and significantly reduce the amount of vulnerabilities, resulting in a more secure network. Our security experts offer professional experience, strong industry knowledge and proficiency to help defend against threats, reduce risks, and facilitate the implementation of new technologies that support growth.
The Internet is a fun place to be, but it is also riddled with hackers, online scammers, and malware artists. They wait for you to falter so that they can latch onto you like parasites to feed on your money and identity.
In this presentation, we help you understand:
a. The most common online dangers most people fall prey to.
b. 10 cyber security tips every Internet user must follow.
c. How Quick Heal helps you keep your PC and its data safe from all types of Internet
dangers.
Applying regular Software Updates on your computer is one of the basic security measures that helps keep you safe from attackers and malware.
In this presentation, we help you understand:
a. What are Software updates?
b. What are software Vulnerabilities?
c. Why are Software Update so Important for your Security?
d. How Quick Heal helps you stay away from Software
Vulnerabilities?
Compliance in the mobile enterprise: 5 tips to prepare for your next auditNowSecure
Mobile workforces and apps have revolutionized a number of highly regulated industries. State and federal regulations, such as the Health Information Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX), and industry standards, such as the PCI Data Security Standard (PCI DSS) and OWASP Top 10, have evolved as a result. So how do you achieve compliance outcomes for mobile apps?
*These slides accompany the webinar: https://youtu.be/mqIU5dDyHwM
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
Over the last few years Seculert and other leading security companies have discovered many advanced malwares lurking on company networks that have gone undetected by standard advanced threat prevention solutions. Enterprises are now realizing that they need to find alternative solutions to protect their network. Learn why depending on malware prevention alone is no longer an option. Join Seculert’s CTO Aviv Raff for an in-depth webinar.
Aviv Raff will address:
- How recent malware such as Dexter and Shamoon entered company networks despite their APT prevention systems
- How Seculert discovered Shamoon
- Why your peers are moving to malware detection instead of prevention
- How Big Data is an indispensable tool to fight Advanced Persistent Threats
Raff is responsible for the fundamental research and design of Seculert’s core technology. Don’t miss out on hearing from the expert.
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
As an active security researcher with immense professional expertise in application security, Jason Haddix joins us to explain the common attack vectors that face today’s mobile applications -- from a hacker’s perspective.
Mobile Penetration Testing: Episode II - Attack of the CodeNowSecure
In this, the second, episode of our mobile penetration testing trilogy, NowSecure Solutions Engineer Michael Krueger takes you beyond the device. Michael will explain how to perform network and web services/API testing to capture data exposed in transit between apps and backend services -- some of the highest risk security flaws around.
This high intensity 30-minute crash course covers:
+ Man-in-the-middle (MITM) attacks
+ Taking advantage of improper certificate validation
+ Demonstration of a privilege escalation exploit of a web back-end vulnerability
Watch it here: https://youtu.be/bT1-7ZkSdNY
While the growth of cyber threats and malware artists is rampant, there are still many people who feel antivirus for their machine is unnecessary and actually causes more trouble than it’s worth. In this important webinar, our cyber security expert will help you understand these essential aspects:
1. 5 common myths that stop people from using an antivirus
2. Why you should invest in a quality antivirus
3. How Quick Heal keeps your computer and data safe
Mobile Penetration Testing: Episode 1 - The Forensic MenaceNowSecure
This is Episode 1 of a trilogy on mobile penetration testing - forensic analysis of data at rest on the device.
Episode 2 - Return of the Network/Back-end
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-ii-attack-of-the-code
Episode 3 - Attack of the Code
http://www.slideshare.net/nowsecure/mobile-penetration-testing-episode-iii-attack-of-the-code
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer ProtectionAnant Shrivastava
This Session will focus on Mobile Top 10 2014-M3 : Insufficient Transport Layer protection. We will try to understand Transport Layer, Transport layer security (TLS), insecurities in TLS/SSL, and how this affects the overall security of Mobile Devices as well as what kind of protection can be applied and how this can be identified..
Extreme Hacking: Encrypted Networks SWAT style - Wayne BurkeEC-Council
Straight to the point, with the multitude of leaks, the latest new age hacking weapons have brought an onslaught of new attack vectors! This is one of the presentations you don’t want to miss!
Wayne will be demonstrating highly modified custom mobile deployable network hacking cyber weapons, such as Network BlackBoxs, Evil WiFi Honeypots, custom USB delivered payloads and finally how we can take these weapons to the sky autonomously using various custom build drones.
After food, air and water, the Internet has evolved to become the next basic necessity for most. The current Internet user base in India is a whopping 400 million and is expected to reach 500 million by 2016. The list of benefits that Internet has for us is an exhaustive one and so is the list of dangers it entails. In this presentation, we help you understand:
a. 30 killer Internet security tips
b. How Quick Heal protects you from all types of threats on the
Internet.
4 Precautions to Keep Your Supply Chain Data SafeAlexis Global
Supply Chain companies should take a step in developing high-quality risk management strategies and train their employees to identify potential threats and avoid these types of situations.
Epoch Universal can protect your network and significantly reduce the amount of vulnerabilities, resulting in a more secure network. Our security experts offer professional experience, strong industry knowledge and proficiency to help defend against threats, reduce risks, and facilitate the implementation of new technologies that support growth.
The Internet is a fun place to be, but it is also riddled with hackers, online scammers, and malware artists. They wait for you to falter so that they can latch onto you like parasites to feed on your money and identity.
In this presentation, we help you understand:
a. The most common online dangers most people fall prey to.
b. 10 cyber security tips every Internet user must follow.
c. How Quick Heal helps you keep your PC and its data safe from all types of Internet
dangers.
Applying regular Software Updates on your computer is one of the basic security measures that helps keep you safe from attackers and malware.
In this presentation, we help you understand:
a. What are Software updates?
b. What are software Vulnerabilities?
c. Why are Software Update so Important for your Security?
d. How Quick Heal helps you stay away from Software
Vulnerabilities?
Compliance in the mobile enterprise: 5 tips to prepare for your next auditNowSecure
Mobile workforces and apps have revolutionized a number of highly regulated industries. State and federal regulations, such as the Health Information Portability and Accountability Act (HIPAA) and Sarbanes-Oxley (SOX), and industry standards, such as the PCI Data Security Standard (PCI DSS) and OWASP Top 10, have evolved as a result. So how do you achieve compliance outcomes for mobile apps?
*These slides accompany the webinar: https://youtu.be/mqIU5dDyHwM
Why Depending On Malware Prevention Alone Is No Longer An Option Seculert
Over the last few years Seculert and other leading security companies have discovered many advanced malwares lurking on company networks that have gone undetected by standard advanced threat prevention solutions. Enterprises are now realizing that they need to find alternative solutions to protect their network. Learn why depending on malware prevention alone is no longer an option. Join Seculert’s CTO Aviv Raff for an in-depth webinar.
Aviv Raff will address:
- How recent malware such as Dexter and Shamoon entered company networks despite their APT prevention systems
- How Seculert discovered Shamoon
- Why your peers are moving to malware detection instead of prevention
- How Big Data is an indispensable tool to fight Advanced Persistent Threats
Raff is responsible for the fundamental research and design of Seculert’s core technology. Don’t miss out on hearing from the expert.
Mobile Application Security Threats through the Eyes of the Attackerbugcrowd
As an active security researcher with immense professional expertise in application security, Jason Haddix joins us to explain the common attack vectors that face today’s mobile applications -- from a hacker’s perspective.
This course provides an introduction to security for mobile applications. It walks through a basic threat model for a mobile application. This threat model is then used as a framework for making good decisions about designing and building applications as well as for testing the security of existing applications. Examples are provided for both iOS (iPhone and iPad) and Android platforms and sample code is provided to demonstrate mobile security assessment techniques.
this is a short awareness talk in one of OWASP MEETUP sessions in University Kuala Lumpur, Malaysia, discussing about Android application penetration testing and how to discover potential vulnerabilities
Is your company data secure? This talk is going to help understand some of the possible attack vectors on mobile platforms and what can Enterprises do, to lower the risk on this platforms.
Is your company data secure? This talk is going to help understand some of the possible attack vectors on mobile platforms and what can Enterprises do, to lower the risk on this platforms.
Slides from data MindsConnect 2018 Conference hosted at Ghelamnco Arena in Ghent by Belgian SQL Server USer Grup. SECDev(OPS) How to embrace your security.
Addressing the OWASP Mobile Security Threats using XamarinAlec Tucker
You think your mobile app is secure, but is it really? In this session from Xamarin Evolve 2016 in Orlando, Alec will give you the Top 10 mobile threats to be aware of and take an in-depth look at how to mitigate some of these threats using Xamarin and the OWASP Mobile Security Project. A video of the talk is available here: https://youtu.be/rCT9kiA7SE0?list=PLM75ZaNQS_Fb7I6E9MDnMgwW1GGZIijf_
This is about the Mobile Application Security Verification Standard (MASVS) and the Mobile Security Testing Guide (MSTG) from OWASP. This relates my experience both as an author and a user of these resources and includes some practical examples of what mobile security means and why it is important in IoT.
The whole set of documents can be found at https://www.owasp.org/index.php/OWASP_Mobile_Security_Testing_Guide
SAE 2014 - Cyber Security: Mission Critical for the Internet of CarsAndreas Mai
Connected vehicles are becoming rolling data centers. More attack surfaces expose vehicles to cyber threats that have become common in the IT industry. Connected vehicles will require an end-to-end security architecture spanning from chip level to cloud based security services that protect vehicles over the entire life cycle.
1000+ Apps are released on Google Play and Appstore every day!
The most popular ones are downloaded
75 000 times a day.
There are many success factors that must be met for your app to be successful and one of these are trust
5 Key Ways to Incorporate Security Protection into your Organization’s Mobile...IBM Security
Take a deep-dive into the benefits of incorporating improved security protection into your organization’s mobile application development lifecycle, from testing phase to run-time.
In this on-demand webinar, you’ll learn how to:
- Better identify application integrity risks (vulnerable portions of your apps that could serve as attractive attack targets to hackers, even after you’ve adhered to safe-coding practices), and to bolster your overall level of mobile security protection.
- Deploy protection tools—based on AppScan-aided risk assessment technology and supplemented by manual analysis—to design and implement “defend”, “detect”, and “react” protections inside your applications, without modifying their source code.
- Augment your code-testing with proactive protections inside your mobile applications, by learning more about IBM’s and Arxan’s partnered solutions.
View the full on-demand webcast: http://securityintelligence.com/events/incorporating-security-protection-organizations-mobile-application-development-lifecycle/#.VYxU1_lVhBf
Nowadays, like the technology itself, hacking activities against mobile phone is growing very rapidly, both for mobile devices (operating system) or mobile applications, some applications providers even dedicate a penetration testing activity for applications that they created right before it gets released to the public, while others open a bug bounty programs, and sadly the rest just watch and do nothing.
On the other side, malware developer arround the world also already move their main target and has been developing malware to take over the mobile devices which surely keep all our personal/private and our work, some of it even make us to pay for getting it back.
This talks will be focusing more on the trend of mobile device security lately, mobile security penetration testing activity, also in practice, showing several types of common weaknesses/vulnerabiliies within the mobile applications and how the exploitation is done by the attacker, malware is created and planted, until it is successfully to take over the target mobile device.
Talk given in Bsides Lisbon 2015 by me and Herman Duarte.
Based on our experience on testing mobile applications, both on Android and iOS, we challenged ourselves on doing an assessment of both app stores' applications, using OWASP mobile top 10 as a reference in terms of vulnerabilities to search for.
As a criteria for choosing the apps to test, we focused on the most common mobile applications available in the Portuguese Android and iOS app stores, from several categories such as finance, social media, medical and security.
For this talk we expect to highlight the most interesting design choices both good and bad and what should be done to avoid such mistakes.
Mobile application (in)security - 2nd Integrity Smart Executive BreakfastCláudio André
Presentation done by me and Herman Duarte in the 2nd Smart Executive Breakfast.
Images credited to:
https://www.flickr.com/photos/2_dogs/15608584698/in/photolist-pMh5rh-7z9ART-p7VxWx-7z9AUV-7HiJTB-7HnE4o-7Cu1Sn-7HnEbu-7HnDZm-7BvfGM-7HnDuQ-7HnDP9-7BvfCK-7HiJoM-7Bz6nf-92sk9u-BDvjQ-4Z8Kom-7B76Yv-8ZoH5N-boVMC1-qkwnSx-7bPUnN-7bPWaL-bHCJEc-7hHtiq-av98aY-7z9ANe-9FFk-dqwACQ-qXsZmm-7zdnwj-6xYN7X-7z9B2D-7z9AXV-7zdo45-7zdnZU-357Hy-9UWz6d-7uXCPC-7z9AGv-7uTNAp-7uXCYo-7uTPh8-7uXDkJ-7uTPc2-7uTN6k-7uTNiH-7uTPmi-7uXDr9
Pixabay.com Common Creative images.
Web applications secure development. Tips for securing your web applications.
Credits to the cover artwork: http://stickeesbiz.deviantart.com/art/You-Shall-Not-Pass-Gandalf-lotr-389220701
This talk is going to give an overview of Android operating system and it´s apps ecosystem from the security point of view of a penetration tester.
So lets dive into topics like Pentest Environment Setup, Tools of the Trade, App Analysis and some security hints for Android developers.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
A day in the life of a pentester
1. A day in the life of a pentester
@clviper
ca@integrity.pt
Cláudio André
2. • whoami
• Who is a Pentester?
• Mobile App Architecture
• Android Mobile App Components
• OWASP Top 10 Mobile Risks
• Practical Examples
• Security Recommendations
/// Agenda
3. 10+ years working in Information Systems.
Pentester at
BSc in Management Information Technology at
ULHT.
Offensive Security Certified Professional (OSCP)
Security Blog: http://security.claudio.pt
/// whoami
16. Zip Archive.
Contains Dalvik class files, assets, resources and
AndroidManifest.xml.
Stored at /data/app.
Android Application Package File (.apk)
/// Android Mobile App Components - APK
17. Presents information about the app to the
system.
Describes app components.
Define permissions.
AndroidManifest.xml
/// Android Mobile App Components – AndroidManifest.xml
18. XML format file with key-value pairs.
App settings.
/// Android Mobile App Components – Shared Preferences
19. Single file relational database used to store
application data and settings.
/// Android Mobile App Components - SQLite
37. M2 - Insecure Data Storage
- Shared Preferences without MODE_WORLD_READABLE.
- Sensitive information should not be stored. If needed, should be encrypted
from derivation of user Password/PIN and not with hardcoded encryption keys.
Still vulnerable to offline brute-force. Enforce strong password policy.
M3 - Insufficient Transport Layer Protection
- Apply TLS transport in channels that the app transmits sensitive
information to the backend.
- Implement Certificate Pinning if very sensitive information is transmitted.
/// Security Recommendations
38. M7 - Client Side Injection
- Only export components(Activities,Services,Broadcast Receivers, Content
Providers) that make sense and that cannot bypass access controls and leak
Internal information.
- Always validate User Input.
M10 - Lack of Binary Protection
- Obfuscate your code, at minimum with ProGuard. Dont make your attacker
life easier.
/// Security Recommendations