Serverless architectures enable organizations to build and deploy software and services without maintaining or provisioning any physical or virtual servers. They are an excellent choice for a wide range of services, and can scale elastically as cloud workloads grow, and as a result have become a popular architectural element for development teams. However, this new approach can have a significant impact on the security of systems, and many teams are not familiar with how to securely incorporate serverless elements into their architectures. Using the OWASP SAMM maturity model as a framework, this webinar walks through how teams adopting serverless computing can do so in a secure manner and consistent with their organization’s roadmap for maturing their application security posture.
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
Security assessments are a critical part of any security program. Being able to identify – and communicate about – vulnerabilities systems is required to get vulnerabilities prioritized for remediation. For web and mobile applications, assessment methodologies are reasonably straightforward and established. However, for cloud-native applications, the combination of new technologies and architectural elements has introduced questions about how to scope, plan, and execute security assessments. This presentation looks at how the assessment landscape has changed with the introduction of cloud-native applications and explores how threat modeling is central to testing their security. In addition, the “Four C’s” conceptual model for looking at cloud-native application security is introduced, including a discussion of how both automated and manual testing methodologies can be used to accomplish assessment goals. Finally, vulnerability contextualization and reporting are discussed, so that teams running cloud-native application assessments can properly characterize the results of their efforts to aid in the prioritization and remediation of identified issues.
Using Collaboration to Make Application Vulnerability Management a Team SportDenim Group
Vulnerability management - especially application vulnerability management - is a challenging business function because it crosses disciplinary boundaries. Security teams find and adjudicate vulnerabilities, DevOps and server ops teams have to fix them, and GRC teams need to be kept apprised of status and progress. As has always been the case - but especially in a necessarily remote work environment - collaboration is key to making these business functions operate efficiently and effectively. This webinar looks at common bottlenecks that snarl vulnerability remediation workflows and discusses strategies to address these issues via collaboration. Examples are given of implementing these via the ThreadFix platform, but the strategies are universally-applicable for vulnerability management professionals looking to streamline their vulnerability remediation workflows.
Security and DevOps - Managing Security in a DevOps EnterpriseClaudia Ring
Looking at security and DevOps requires a view across two dimensions:
Securing the application; and
Securing the application delivery pipeline
Securing the application focuses on ensuring the application being developed and delivered, and the associated data, are secure. This means building and delivering them using secure engineering practices that ensure their security and integrity, as well as that of the business and end-users.
Securing the application delivery pipeline focuses on securing the delivery platform itself, so that the application development and delivery tools, the Infrastructure and environments, configurations, automation tools, repositories, and associated services and APIs are all secure.
Join us to hear an overview of these concepts, how they can be applied across the software delivery pipeline and IBM offerings that can help you on your journey to secure DevOps.
How to Integrate AppSec Testing into your DevOps Program Denim Group
During this live webinar, IBM & Denim Group join forces to demonstrate how Application Security Testing can be integrated with DevOps methodologies to identify and remediate high-risk vulnerabilities quickly, with minimal overhead.
Specifically, we’ll discuss how you can integrate Dynamic Application Security Testing (DAST) using IBM AppScan Enterprise REST API into a DevOps CI/CD pipeline, which helps you to automatically identify high-risk vulnerabilities within web applications and web services. We’ll also show how using Denim Group’s ThreadFix offering with AppScan Enterprise allows for seamless integration with typical DevOps tool-sets, in order to further reduce the overhead associated with AppSec testing within the SDLC.
Multi-Cloud Load Balancing and Application ServicesAvi Networks
Watch the on-demand webinar here https://info.avinetworks.com/webinars/multicloud-load-balancing-and-app-services
81% of enterprises have a multi-cloud strategy and on average, operating 5 clouds. This reality imposes demanding requirements on automation and operational consistency across heterogeneous environments. In this webinar, we will explore what is required for application services, and how Avi Networks builds a single platform for load balancing, security and analytics. We will walk through live demos on how applications can be delivered consistently regardless of the underlying infrastructures.
You will learn how to:
- Integrate into private and public cloud ecosystems including AWS, Azure, Cisco and VMware.
- Deliver applications using a software-defined and policy-driven platform.
- Apply DevOps principles to application delivery and accelerate multi-cloud deployments.
Hybrid Cloud DevOps with Apprenda and UrbanCode DeployClaudia Ring
In this webinar, Michael Elder, IBM Distinguished Engineer for UrbanCode, Rakesh Malhotra, SVP of Product Strategy at Apprenda, and Chris Dutra, Senior Integrations Engineer at Apprenda, will walk through best practices and a live demo showing how to;
Standardize, simplify and orchestrate deployments across IBM Bluemix and Apprenda with UrbanCode Deploy
Cloud enable existing multi-tier applications with Apprenda PaaS, making them elastically scalable and reliable
Enable modern applications built with Kubernetes to integrate with on premises systems of record
Enable multiple development teams releasing code at different speeds to coordinate deployments
Achieve abstraction over different cloud APIs
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
Security assessments are a critical part of any security program. Being able to identify – and communicate about – vulnerabilities systems is required to get vulnerabilities prioritized for remediation. For web and mobile applications, assessment methodologies are reasonably straightforward and established. However, for cloud-native applications, the combination of new technologies and architectural elements has introduced questions about how to scope, plan, and execute security assessments. This presentation looks at how the assessment landscape has changed with the introduction of cloud-native applications and explores how threat modeling is central to testing their security. In addition, the “Four C’s” conceptual model for looking at cloud-native application security is introduced, including a discussion of how both automated and manual testing methodologies can be used to accomplish assessment goals. Finally, vulnerability contextualization and reporting are discussed, so that teams running cloud-native application assessments can properly characterize the results of their efforts to aid in the prioritization and remediation of identified issues.
Using Collaboration to Make Application Vulnerability Management a Team SportDenim Group
Vulnerability management - especially application vulnerability management - is a challenging business function because it crosses disciplinary boundaries. Security teams find and adjudicate vulnerabilities, DevOps and server ops teams have to fix them, and GRC teams need to be kept apprised of status and progress. As has always been the case - but especially in a necessarily remote work environment - collaboration is key to making these business functions operate efficiently and effectively. This webinar looks at common bottlenecks that snarl vulnerability remediation workflows and discusses strategies to address these issues via collaboration. Examples are given of implementing these via the ThreadFix platform, but the strategies are universally-applicable for vulnerability management professionals looking to streamline their vulnerability remediation workflows.
Security and DevOps - Managing Security in a DevOps EnterpriseClaudia Ring
Looking at security and DevOps requires a view across two dimensions:
Securing the application; and
Securing the application delivery pipeline
Securing the application focuses on ensuring the application being developed and delivered, and the associated data, are secure. This means building and delivering them using secure engineering practices that ensure their security and integrity, as well as that of the business and end-users.
Securing the application delivery pipeline focuses on securing the delivery platform itself, so that the application development and delivery tools, the Infrastructure and environments, configurations, automation tools, repositories, and associated services and APIs are all secure.
Join us to hear an overview of these concepts, how they can be applied across the software delivery pipeline and IBM offerings that can help you on your journey to secure DevOps.
How to Integrate AppSec Testing into your DevOps Program Denim Group
During this live webinar, IBM & Denim Group join forces to demonstrate how Application Security Testing can be integrated with DevOps methodologies to identify and remediate high-risk vulnerabilities quickly, with minimal overhead.
Specifically, we’ll discuss how you can integrate Dynamic Application Security Testing (DAST) using IBM AppScan Enterprise REST API into a DevOps CI/CD pipeline, which helps you to automatically identify high-risk vulnerabilities within web applications and web services. We’ll also show how using Denim Group’s ThreadFix offering with AppScan Enterprise allows for seamless integration with typical DevOps tool-sets, in order to further reduce the overhead associated with AppSec testing within the SDLC.
Multi-Cloud Load Balancing and Application ServicesAvi Networks
Watch the on-demand webinar here https://info.avinetworks.com/webinars/multicloud-load-balancing-and-app-services
81% of enterprises have a multi-cloud strategy and on average, operating 5 clouds. This reality imposes demanding requirements on automation and operational consistency across heterogeneous environments. In this webinar, we will explore what is required for application services, and how Avi Networks builds a single platform for load balancing, security and analytics. We will walk through live demos on how applications can be delivered consistently regardless of the underlying infrastructures.
You will learn how to:
- Integrate into private and public cloud ecosystems including AWS, Azure, Cisco and VMware.
- Deliver applications using a software-defined and policy-driven platform.
- Apply DevOps principles to application delivery and accelerate multi-cloud deployments.
Hybrid Cloud DevOps with Apprenda and UrbanCode DeployClaudia Ring
In this webinar, Michael Elder, IBM Distinguished Engineer for UrbanCode, Rakesh Malhotra, SVP of Product Strategy at Apprenda, and Chris Dutra, Senior Integrations Engineer at Apprenda, will walk through best practices and a live demo showing how to;
Standardize, simplify and orchestrate deployments across IBM Bluemix and Apprenda with UrbanCode Deploy
Cloud enable existing multi-tier applications with Apprenda PaaS, making them elastically scalable and reliable
Enable modern applications built with Kubernetes to integrate with on premises systems of record
Enable multiple development teams releasing code at different speeds to coordinate deployments
Achieve abstraction over different cloud APIs
Metrics That Matter: How to Measure Digital Transformation SuccessXebiaLabs
Learn how to go beyond simple metrics to identify what really matters to your business and your teams. Get actionable tips on how to use historical analysis, machine learning, and data from across your toolchain to surface trends, predict outcomes, and recommend actions to drive more informed decisions and deliver more value to end-users.
S106 using ibm urban code deploy to deliver your apps to cicsnick_garrod
GSE Nordic 2015 Using IBM UrbanCode Deploy to deliver your apps to CICS. Deploying applications to CICS can be tricky, and you may be struggling to figure out how to handle the many new zFS artifacts such as cloud, bundles, Java, and web services. This could even be slowing down the adoption of new technologies that could deliver the solutions your business needs. This session will introduce IBM UrbanCode Deploy as a tool to automate many types of application deployments through your environments. It can provide rapid feedback and continuous delivery in agile development while providing the audit trails, versioning and approvals needed in production. See the new z/OS and CICS TS plug-ins for UrbanCode Deploy in action to deploy COBOL, web services, and Java applications to CICS in a single action.
Continuous Delivery for cloud - scenarios and scopeSanjeev Sharma
Cloud is both a catalyst and an enabler for DevOps. Having the flexibility and the services and capabilities provided by the Cloud lowers the barrier to adoption for organization looking to adopt DevOps. Hence, allowing them to achieve the business goals of Speed, Business Agility and Innovation.
This webinar will explore the impact of DevOps on using the Cloud as a Platform as a Service and vice versa. It will explore the different use cases of DevOps that are enabled or enhanced by the Cloud platform, and the different 'scopes' of adoption by organizations adopting Cloud and DevOps in an iterative manner.
OTT for Mobile Devices, An Implementers Checklist: device support, experience of the end user, value added features, internet delivery methods, compliance with studio requirements - DRM, and end to end interoperability.
How to achieve 'Flow' in your delivery pipeline.
This was an 'Ignite' session at DevOpsDaysDC 2018. Ignite sessions are 5 minutes long with 20 slides auto-advancing every 15 seconds.
Securing Web Applications with Deep Automation with VMware NSX Advanced Load ...Avi Networks
Watch webinar on-demand here https://info.avinetworks.com/webinars/securing-web-apps-deep-automation
Application security requires a high degree of automation, however making security decisions can be very difficult. Deploying and securing web applications gets further complicated in public clouds for load balancing and web application firewall. We show the importance of applying visibility, end-to-end orchestration and decision automation to different layers of application security. In this webinar, you will learn about:
- AI / ML based analytics for automating decisions
- Automated canary deployments for application security
- VMware NSX Advanced Load Balancer (Avi Networks) use cases
Technology is transforming how the world operates thanks to cloud, mobile, social business and big data being key catalysts to innovation. While each of these stands on their own, they enable the others at the same time. But to innovate at the speed of business, you need to deliver the software that drives it. That is where DevOps come in. DevOps enables organizations to maximize their ability to leverage these technologies for innovation. This webinar will focus on Cloud and DevOps, describing how IBM's DevOps solution helps organizations maximize their ability to drive software innovation by leveraging the flexibility, scalability and services offered by a Cloud Computing solution. We will discuss the benefits of using Cloud across the software delivery lifecycle including development, testing, and operations and how that lifecycle can be maximized with DevOps. We will introduce integrations between IBM UrbanCode Deploy and IBM Cloud offerings highlighting the value they can bring to your organization through the integration and automation of provisioning and deployment capabilities.
The complexity of managing and delivering the high level of reliability expected of web-based, cloud hosted systems today, and the expectation of Continuous Delivery of new features has led to the evolution of a totally new field of Service Reliability Engineering catered for such systems. Google, who has been a pioneer in this field, calls it Site Reliability Engineering (SRE). While it would be more aptly named Service Reliability Engineering, the name has caught on. The seminal work documenting Google approach and practices is in the book by Google by the same name (commonly referred to as the ‘SRE book’), and has become the defacto standard on how to adopt SRE in an organization. This session will cover adopting SRE as a practice in organizations also adopting DevOps; address the challenges to adopting SRE faced by large traditional enterprises, and how to overcome them.
Microservices are a new paradigm for software architecture: small services in separated processes take the place of large applications. This way monolithic architecture can be avoided, and systems are easily scalable and changeable.
At Aspire we have a well formulated road map and offer a gamut of cloud application. We advise on choosing the right combination of cloud services for your enterprise.
Cloud With DevOps Enabling Rapid Business DevelopmentSam Garforth
My point of view on accelerating business development with improved time to market by using lean principles enabled by devops and cloud. Some of the narrative can be found here http://thoughtsoncloud.com/2014/04/speed-devops-cloud/
IBM BlueMix Presentation - Paris Meetup 17th Sept. 2014IBM France Lab
Bluemix is an open-standard, cloud-based platform for
building, managing, and running applications of all types
(web, mobile, big data, new smart devices, and so on).
Deliver Modern Applications with an Elastic Load Balancing Fabric Powered by ...Avi Networks
Traditionally hyper-scale applications have been deployed on ultra-high-end, specialized hardware which are statically provisioned. These legacy appliances are not built for the cloud era – rigid to scale, hard to manage and expensive to operate. With Intel’s high-performance CPUs and VMware NSX Advanced Load Balancer (formerly Avi Networks), you can easily deploy and manage capacity for modern applications with an intelligent, elastic load balancing fabric.
During this webinar, learn how to:
- Deliver hyper-scale applications with a software defined architecture on general purpose compute processors
- Scale and load balance elastically to 1 million SSL TPS on 2nd Generation Intel Xeon Scalable processors
- Save $$$ with an elastic application services fabric while providing flexibility and fault tolerance
- Utilize Avi’s platform intelligence to auto scale your application with just right sizing
Advanced Web Application Security with an Intelligent WAFAvi Networks
Watch on-demand here https://info.avinetworks.com/webinars/intelligent-waf
Web application attacks are becoming #1 in terms of breaches. It’s critical to deploy web application firewall (WAF) to secure your applications. However, 90% of organizations find it complex. Why?
Avi Networks, now part of VMware, offers advanced load balancing and intelligent WAF to address three top challenges: policy complexity, lack of visibility and low performance. You will learn about:
- An optimized security pipeline composed of whitelist, positive security and signature engines
- An analytics-driven close loop that allows automatic application learning to create policies
- A comprehensive security stack from L4/L7 firewall and DDoS protection to rate limiting and WAF
- An elastic fabric to autoscale or burst capacity into cloud in case of unpredictable traffic loads
Deep Automation and ML-Driven Analytics for Application ServicesAvi Networks
Watch on-demand here https://info.avinetworks.com/webinars/deep-automation-ml-driven-analytics
Do you want to simplify capacity planning, web application security, and continuous delivery? The secret sauce for application delivery automation is deep intelligence and deep automation. Avi Networks’ multi-cloud application services include software-defined load balancing, security, and analytics across on-prem data centers and public clouds.
In this webinar, you will learn:
- The “Deep Automation” framework
- Its application in three use cases: autoscaling, WAF, and CI/CD
- How to apply ML principals and rich analytics to automate application delivery
Improving Software Delivery with DevOps & Software Defined Environments | The...IBM UrbanCode Products
IBM UrbanCode Deploy with Patterns is a full-stack environment management and deployment solution that enables users to design, deploy and update full-stack environments for multiple clouds.
Join Michael Elder, Senior Technical Staff Member, IBM DevOps, as he shows you how you can improve your customer feedback loop using iterative, full-stack application design for the cloud. In this webinar, he will cover an innovative new way of designing and versioning your cloud applications through a web-based environment development toolkit.
Assessing Business Operations Risk With Unified Vulnerability Management in T...Denim Group
For almost 10 years, ThreadFix has been the preeminent solution for managing your application vulnerabilities. In that time, it has grown from that initial correlation and reporting engine which brought your SAST and DAST vulnerabilities together, into a developer-integrated, CI/CD-enabling management platform. Deployed and used in Fortune 100 companies ranging from entertainment to banking to health care, in addition to some of the largest organizations within the Federal Government, ThreadFix now helps organizations correlate and prioritize risk across their applications and the network infrastructure that supports them.
Join us as we debut the largest update to the ThreadFix platform to date, ThreadFix 3.0. Featuring new network vulnerability management tools, a new containerized microservices architecture, and a new user interface, ThreadFix 3.0 is the solution for comprehensive and correlated risk-based reporting on your entire portfolio of applications and infrastructure assets.
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
Developers need to move quickly and efficiently. Coverity’s speed, accuracy, ease of use, and scalability meet the needs of even the largest, most complex environments. ThreadFix allows you to centralize all test and vulnerability data in one place so your software security team can spend less time on manually correlating results and more time focusing on higher-level risk decisions. Join us to get a firsthand look at how Coverity and ThreadFix arm development teams with the tools they need to advance security programs in real time.
Metrics That Matter: How to Measure Digital Transformation SuccessXebiaLabs
Learn how to go beyond simple metrics to identify what really matters to your business and your teams. Get actionable tips on how to use historical analysis, machine learning, and data from across your toolchain to surface trends, predict outcomes, and recommend actions to drive more informed decisions and deliver more value to end-users.
S106 using ibm urban code deploy to deliver your apps to cicsnick_garrod
GSE Nordic 2015 Using IBM UrbanCode Deploy to deliver your apps to CICS. Deploying applications to CICS can be tricky, and you may be struggling to figure out how to handle the many new zFS artifacts such as cloud, bundles, Java, and web services. This could even be slowing down the adoption of new technologies that could deliver the solutions your business needs. This session will introduce IBM UrbanCode Deploy as a tool to automate many types of application deployments through your environments. It can provide rapid feedback and continuous delivery in agile development while providing the audit trails, versioning and approvals needed in production. See the new z/OS and CICS TS plug-ins for UrbanCode Deploy in action to deploy COBOL, web services, and Java applications to CICS in a single action.
Continuous Delivery for cloud - scenarios and scopeSanjeev Sharma
Cloud is both a catalyst and an enabler for DevOps. Having the flexibility and the services and capabilities provided by the Cloud lowers the barrier to adoption for organization looking to adopt DevOps. Hence, allowing them to achieve the business goals of Speed, Business Agility and Innovation.
This webinar will explore the impact of DevOps on using the Cloud as a Platform as a Service and vice versa. It will explore the different use cases of DevOps that are enabled or enhanced by the Cloud platform, and the different 'scopes' of adoption by organizations adopting Cloud and DevOps in an iterative manner.
OTT for Mobile Devices, An Implementers Checklist: device support, experience of the end user, value added features, internet delivery methods, compliance with studio requirements - DRM, and end to end interoperability.
How to achieve 'Flow' in your delivery pipeline.
This was an 'Ignite' session at DevOpsDaysDC 2018. Ignite sessions are 5 minutes long with 20 slides auto-advancing every 15 seconds.
Securing Web Applications with Deep Automation with VMware NSX Advanced Load ...Avi Networks
Watch webinar on-demand here https://info.avinetworks.com/webinars/securing-web-apps-deep-automation
Application security requires a high degree of automation, however making security decisions can be very difficult. Deploying and securing web applications gets further complicated in public clouds for load balancing and web application firewall. We show the importance of applying visibility, end-to-end orchestration and decision automation to different layers of application security. In this webinar, you will learn about:
- AI / ML based analytics for automating decisions
- Automated canary deployments for application security
- VMware NSX Advanced Load Balancer (Avi Networks) use cases
Technology is transforming how the world operates thanks to cloud, mobile, social business and big data being key catalysts to innovation. While each of these stands on their own, they enable the others at the same time. But to innovate at the speed of business, you need to deliver the software that drives it. That is where DevOps come in. DevOps enables organizations to maximize their ability to leverage these technologies for innovation. This webinar will focus on Cloud and DevOps, describing how IBM's DevOps solution helps organizations maximize their ability to drive software innovation by leveraging the flexibility, scalability and services offered by a Cloud Computing solution. We will discuss the benefits of using Cloud across the software delivery lifecycle including development, testing, and operations and how that lifecycle can be maximized with DevOps. We will introduce integrations between IBM UrbanCode Deploy and IBM Cloud offerings highlighting the value they can bring to your organization through the integration and automation of provisioning and deployment capabilities.
The complexity of managing and delivering the high level of reliability expected of web-based, cloud hosted systems today, and the expectation of Continuous Delivery of new features has led to the evolution of a totally new field of Service Reliability Engineering catered for such systems. Google, who has been a pioneer in this field, calls it Site Reliability Engineering (SRE). While it would be more aptly named Service Reliability Engineering, the name has caught on. The seminal work documenting Google approach and practices is in the book by Google by the same name (commonly referred to as the ‘SRE book’), and has become the defacto standard on how to adopt SRE in an organization. This session will cover adopting SRE as a practice in organizations also adopting DevOps; address the challenges to adopting SRE faced by large traditional enterprises, and how to overcome them.
Microservices are a new paradigm for software architecture: small services in separated processes take the place of large applications. This way monolithic architecture can be avoided, and systems are easily scalable and changeable.
At Aspire we have a well formulated road map and offer a gamut of cloud application. We advise on choosing the right combination of cloud services for your enterprise.
Cloud With DevOps Enabling Rapid Business DevelopmentSam Garforth
My point of view on accelerating business development with improved time to market by using lean principles enabled by devops and cloud. Some of the narrative can be found here http://thoughtsoncloud.com/2014/04/speed-devops-cloud/
IBM BlueMix Presentation - Paris Meetup 17th Sept. 2014IBM France Lab
Bluemix is an open-standard, cloud-based platform for
building, managing, and running applications of all types
(web, mobile, big data, new smart devices, and so on).
Deliver Modern Applications with an Elastic Load Balancing Fabric Powered by ...Avi Networks
Traditionally hyper-scale applications have been deployed on ultra-high-end, specialized hardware which are statically provisioned. These legacy appliances are not built for the cloud era – rigid to scale, hard to manage and expensive to operate. With Intel’s high-performance CPUs and VMware NSX Advanced Load Balancer (formerly Avi Networks), you can easily deploy and manage capacity for modern applications with an intelligent, elastic load balancing fabric.
During this webinar, learn how to:
- Deliver hyper-scale applications with a software defined architecture on general purpose compute processors
- Scale and load balance elastically to 1 million SSL TPS on 2nd Generation Intel Xeon Scalable processors
- Save $$$ with an elastic application services fabric while providing flexibility and fault tolerance
- Utilize Avi’s platform intelligence to auto scale your application with just right sizing
Advanced Web Application Security with an Intelligent WAFAvi Networks
Watch on-demand here https://info.avinetworks.com/webinars/intelligent-waf
Web application attacks are becoming #1 in terms of breaches. It’s critical to deploy web application firewall (WAF) to secure your applications. However, 90% of organizations find it complex. Why?
Avi Networks, now part of VMware, offers advanced load balancing and intelligent WAF to address three top challenges: policy complexity, lack of visibility and low performance. You will learn about:
- An optimized security pipeline composed of whitelist, positive security and signature engines
- An analytics-driven close loop that allows automatic application learning to create policies
- A comprehensive security stack from L4/L7 firewall and DDoS protection to rate limiting and WAF
- An elastic fabric to autoscale or burst capacity into cloud in case of unpredictable traffic loads
Deep Automation and ML-Driven Analytics for Application ServicesAvi Networks
Watch on-demand here https://info.avinetworks.com/webinars/deep-automation-ml-driven-analytics
Do you want to simplify capacity planning, web application security, and continuous delivery? The secret sauce for application delivery automation is deep intelligence and deep automation. Avi Networks’ multi-cloud application services include software-defined load balancing, security, and analytics across on-prem data centers and public clouds.
In this webinar, you will learn:
- The “Deep Automation” framework
- Its application in three use cases: autoscaling, WAF, and CI/CD
- How to apply ML principals and rich analytics to automate application delivery
Improving Software Delivery with DevOps & Software Defined Environments | The...IBM UrbanCode Products
IBM UrbanCode Deploy with Patterns is a full-stack environment management and deployment solution that enables users to design, deploy and update full-stack environments for multiple clouds.
Join Michael Elder, Senior Technical Staff Member, IBM DevOps, as he shows you how you can improve your customer feedback loop using iterative, full-stack application design for the cloud. In this webinar, he will cover an innovative new way of designing and versioning your cloud applications through a web-based environment development toolkit.
Assessing Business Operations Risk With Unified Vulnerability Management in T...Denim Group
For almost 10 years, ThreadFix has been the preeminent solution for managing your application vulnerabilities. In that time, it has grown from that initial correlation and reporting engine which brought your SAST and DAST vulnerabilities together, into a developer-integrated, CI/CD-enabling management platform. Deployed and used in Fortune 100 companies ranging from entertainment to banking to health care, in addition to some of the largest organizations within the Federal Government, ThreadFix now helps organizations correlate and prioritize risk across their applications and the network infrastructure that supports them.
Join us as we debut the largest update to the ThreadFix platform to date, ThreadFix 3.0. Featuring new network vulnerability management tools, a new containerized microservices architecture, and a new user interface, ThreadFix 3.0 is the solution for comprehensive and correlated risk-based reporting on your entire portfolio of applications and infrastructure assets.
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
Developers need to move quickly and efficiently. Coverity’s speed, accuracy, ease of use, and scalability meet the needs of even the largest, most complex environments. ThreadFix allows you to centralize all test and vulnerability data in one place so your software security team can spend less time on manually correlating results and more time focusing on higher-level risk decisions. Join us to get a firsthand look at how Coverity and ThreadFix arm development teams with the tools they need to advance security programs in real time.
Enabling Developers in Your Application Security Program With Coverity and Th...Denim Group
Developers need to move quickly and efficiently. Coverity’s speed, accuracy, ease of use, and scalability meet the needs of even the largest, most complex environments. ThreadFix allows you to centralize all test and vulnerability data in one place so your software security team can spend less time on manually correlating results and more time focusing on higher-level risk decisions. Join us to get a firsthand look at how Coverity and ThreadFix arm development teams with the tools they need to advance security programs in real time.
Many organizations have only a passing understanding of the scope of their application portfolios and how these assets are exposed to the Internet and other potentially dangerous networks. This puts them in a risky situation where they have attack surface that is unknown and unmanaged, often resulting in serious vulnerabilities being exposed indefinitely. This presentation looks at several tools and methods that can be used to enumerate enterprise application assets – including web applications, mobile applications, and web services. The discussion covers several open source application asset identification tools and compares their effectiveness. Finally, a framework for ongoing application asset discovery and enumeration is presented so that security managers can embark on a structured program to characterize their risk exposure due to their enterprise attack surface.
AppSec in a World of Digital TransformationDenim Group
The mandate for digital transformation is forcing companies to innovate faster in order to provide more value to customers and bring products and services to the market more quickly. Technological innovations such as the cloud, microservice architectures, and CI/CD pipelines are being adopted to support the increased pace of development and more easily address scaling requirements. This upheaval presents both risks and opportunities for security leaders. The successful leaders view this transition as a clean-slate opportunity to “get security right” and will restructure their teams and technologies to deeply-embed security throughout the new tech stack. This session will cover emerging strategies that security leaders are using to ensure they keep up with this massive industry change.
AppSec in a World of Digital TransformationDenim Group
The mandate for digital transformation is forcing companies to innovate faster in order to provide more value to customers and bring products and services to the market more quickly. Technological innovations such as the cloud, microservice architectures, and CI/CD pipelines are being adopted to support the increased pace of development and more easily address scaling requirements. This upheaval presents both risks and opportunities for security leaders. The successful leaders view this transition as a clean-slate opportunity to “get security right” and will restructure their teams and technologies to deeply-embed security throughout the new tech stack. This session will cover emerging strategies that security leaders are using to ensure they keep up with this massive industry change.
Many organizations have only a passing understanding of the scope of their application portfolios and how these assets are exposed to the Internet and other potentially dangerous networks. This puts them in a risky situation where they have an attack surface that is unknown and unmanaged, often resulting in serious vulnerabilities being exposed indefinitely. This presentation looks at several tools and methods that can be used to enumerate enterprise application assets – including web applications, mobile applications, and web services. The discussion covers several open source application asset identification tools and compares their effectiveness. Finally, a framework for ongoing application asset discovery and enumeration is presented so that security managers can embark on a structured program to characterize their risk exposure due to their enterprise attack surface.
Security Across the Cloud Native Continuum with ESG and Palo Alto NetworksDevOps.com
Today’s enterprises have more compute options than ever before across the cloud native continuum. This continuum, spanning VMs, containers, managed Kubernetes, PaaS and serverless, provides users trade-offs and advantages when it comes to building and running their modern workloads and applications.
Recently, Enterprise Strategy Group conducted a survey titled “Leveraging DevSecOps to Secure Cloud Native Applications.” This research, covers the latest adoption numbers, trends and security concerns across all of the categories in the cloud native continuum—with insights into how organizations are successfully building and securing these technologies.
Join ESG, Senior Analyst and Group Practice Director Doug Cahill and Palo Alto Networks VP of Product John Morello to unpack the latest survey findings and discuss how security plays a vital role in securing cloud native applications.
DevSecOps: Integrating security into pipelines - SDD310 - AWS re:Inforce 2019 Amazon Web Services
"In this workshop, you practice running an environment with a test and production deployment pipeline. Along the way, we cover topics such as static code analysis, dynamic infrastructure review, and workflow types. You also learn how to update your process in response to security events. We write new AWS Lambda functions and incorporate them into the pipeline, and we consider capabilities such as AWS Systems Manager Parameter Store and AWS Secrets Manager.
The journey of cloud migration isn’t a straight and narrow path, and enterprise DevSecOps teams generally use a variety of tools to reach their goal. In this webinar, we will deep dive into SAP Concur’s journey, and how they are leveraging Contrast Security’s embedded application security model and AWS in tandem to “shift left”, create a seamless developer experience, and deliver secure application workloads on the cloud.
Join key executives from SAP Concur, AWS and Contrast Security as they discuss how to avoid the pitfalls and pioneer a secure cloud path to success.
In this webinar, you will learn:
The start: Why SAP Concur moved to AWS
The next step: Cloud enables increased velocity
The chutes and ladders: Security challenges with increased software velocity
The resolution: Design Architectures and Deployment Models between Contrast Security and AWS
The lessons learned: Continuous Improvement & Best Practices.
Application Asset Management with ThreadFixDenim Group
Too many organizations have an incomplete picture of their application portfolios. Because you are unable to protect attack surfaces that you don’t know about, this leaves them vulnerable. In this webinar, we will cover the capabilities that ThreadFix has to allows security teams to manage their application asset portfolios. We will also take a deeper dive into several tools such as nmap and OWASP Amass that can help security analysts better enumerate all of the applications in their organization’s portfolio.
A New View of Your Application Security Program with Snyk and ThreadFixDenim Group
Snyk continuously monitors your application’s dependencies and lets you quickly respond when new vulnerabilities are disclosed. Threadfix allows organizations to gain true visibility into a your project’s security posture by cross referencing results on an app from multiple sources (SCA, SAST, DAST, etc.), ultimately enabling better prioritization, while Snyk focuses on remediation at the source with the automated fix pull requests. Join us to see how, together, Snyk and ThreadFix can enhance application security and prevent risks, while preserving development scale and speed.
Continuous Authority to Operate (ATO) with ThreadFix – Bringing Commercial In...Denim Group
The tempo for software delivery to the warfighter continues to accelerate to meet the goals and demands of their missions. Pressures to rapidly build and deploy mission software drive the need to deliver new capabilities via DevSecOps pipelines. Many of the latest leading-edge DevSecOps practices draw heavily from commercial tech companies and innovative programs across DoD like Kessel Run. What are these latest trends, and how do you take advantage of them? How do you quantify the risk of microservices, new languages and frameworks, and cloud environments and still obtain authority to operate (ATO)?
The ThreadFix platform has built-in automation and orchestration capabilities to enable your teams to provide immediate feedback in the form of policy evaluation, notifications in the form of emails and automated developer defect creation, and decision-making on your CI program as scan results are generated. In addition to built-in automation, plugins and the ThreadFix API enable CI programs to seamlessly integrate security testing into existing build/release pipelines to provide evaluation of code changes directly to your development tools.
These key issue items and other trends will be discussed in this highly interactive briefing, providing critical insights on how to inject agility and responsiveness into environments that have traditionally struggled to keep pace with modern development approaches.
Delivering infrastructure, security, and operations as code - DEM06 - Santa C...Amazon Web Services
The move to AWS enables new application and architectural patterns that are in a continual state of change. The only way that your infrastructure, security, and operations can keep pace with these changes is with automation. In this session, we discuss the various automation tools you can use to first deploy the AWS infrastructure (as code), add the VM-Series to protect against threats (security as code), and then automatically update the policy based on Amazon GuardDuty or AWS Security Hub findings (operations as code). We conclude with a brief demonstration.
So you want to provision a test environment...DevOps.com
With cloud technologies, it’s easier than ever to provision a couple of servers. It seems every cloud has its own way of expressing an environment definition as a file. However, teams that are just scripting their infrastructure encounter problems. How do you manage costs? How do you share services with other teams? What about getting test data? How do you manage complexity? What happens when you want to be in multiple clouds?
That simple text document starts to look insufficient.
Join IBM’s Bill Stoddard and Eric Minick for a look at what it really takes to create environments on demand that are actually useful and to get into production faster. In this webinar, we will highlight common “gotchas” that trip teams up and how to set a path for success.
Delivering infrastructure, security, and operations as code with AWS - DEM10-...Amazon Web Services
The move to AWS enables new application and architectural patterns that are in a continual state of change. The only way that your infrastructure, security, and operations can keep pace with these changes is with automation. In this session, we discuss the various automation tools you can use to first deploy the AWS infrastructure (as code), add the VM-Series to protect against threats (security as code), and then automatically update the policy based on Amazon GuardDuty or AWS Security Hub finding (operations as code). A brief demonstration concludes the session. This presentation is brought to you by AWS partner, Palo Alto Networks.
Managing Your Application Security Program with the ThreadFix EcosystemDenim Group
ThreadFix is an open source application vulnerability management system that helps automate many common application security tasks and integrate security and development tools. This tutorial will walk through the capabilities of the ecosystem of ThreadFix applications, showing how ThreadFix can be used to:
•Manage a risk-ranked application portfolio
•Consolidate, normalize and de-duplicate the results of DAST, SAST and other application security testing activities and track these results over time to produce trending and mean-time-to-fix reporting
•Convert application vulnerabilities into software defects in developer issue tracking systems
•Pre-seed DAST scanners such as OWASP ZAP with application attack surface data to allow for better scan coverage
•Instrument developer Continuous Integration (CI) systems such as Jenkins to automatically collect security test data
•Map the results of DAST and SAST scanning into developer IDEs
The presentation walks through these scenarios and demonstrates how ThreadFix, along with other open source tools, can be used to address common problems faced by teams implementing software security programs. It will also provide insight into the ThreadFix development roadmap and upcoming enhancements.
ThreadFix 2.2 Preview Webinar with Dan CornellDenim Group
ThreadFix allows security analysts to create a consolidated view of applications and vulnerabilities, prioritize application risk decisions based on data, and translate application vulnerabilities to developers in the tools they are already using. This webinar examines how organizations can use ThreadFix 2.2 to help establish and scale their application security programs. Using a combination of demos and real-world examples, attendees will learn how to best use ThreadFix's capabilities to support their application security program.
Topics will include:
Consolidating application vulnerability data by integrating SAST, DAST and now IAST and component lifecycle management results into a single dashboard
Managing application risk with ThreadFix’s completely overhauled vulnerability analytics and reporting as well as GRC integration capabilities
Ramping up application penetration testing with the updated ThreadFix ZAP and Burp plugins, featuring integrated Hybrid Analysis Mapping
Communicating security risks to development managers via SonarQube integration
In its aftermath, Log4j vulnerabilities put the spotlight on vendor management and supply chain security practices. Now that the dust has settled and the worst of the fallout has passed, this talk presents perspectives on likely mid- and long-term changes that the security industry will see as a result of dealing with the Log4j issue as the latest in an escalating series of open source and software supply chain incidents.
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
The SolarWinds attack brought additional scrutiny software supply chain security, but concerns about organizations’ software supply chains have been discussed for a number of years. Development organizations’ shift to DevOps or DevSecOps has pushed teams to adopt new technologies in the build pipeline – often hosted by 3rd parties. This has resulted in build pipelines that expose a complicated and often uncharted attack surface. In addition, modern products also incorporate code from a variety of contributors – ranging from in-house developers, 3rd party development contractors, as well as an array open source contributors.
This talk looks at the challenge of developing secure build pipelines. This is done via the construction of a threat model for an example software build pipeline that walks through how the various systems and communications along the way can potentially be misused by malicious actors. Coverage of the major components of a build pipeline – source control, open source component management, software builds, automated testing, and packaging for distribution – is used to enumerate likely attack surface exposed via the build process and to highlight potential controls that can be put in place to harden the pipeline against attacks. The presentation is intended to be useful both for evaluating internal build processes as well as to support the evaluation of critical external vendors’ processes.
Threat Modeling the CI/CD Pipeline to Improve Software Supply Chain Security ...Denim Group
The SolarWinds attack brought additional scrutiny software supply chain security, but concerns about organizations’ software supply chains have been discussed for a number of years. Development organizations’ shift to DevOps or DevSecOps has pushed teams to adopt new technologies in the build pipeline – often hosted by 3rd parties. This has resulted in build pipelines that expose a complicated and often uncharted attack surface. In addition, modern products also incorporate code from a variety of contributors – ranging from in-house developers, 3rd party development contractors, as well as an array open source contributors.
This talk looks at the challenge of developing secure build pipelines. This is done via the construction of a threat model for an example software build pipeline that walks through how the various systems and communications along the way can potentially be misused by malicious actors. Coverage of the major components of a build pipeline – source control, open source component management, software builds, automated testing, and packaging for distribution – is used to enumerate likely attack surface exposed via the build process and to highlight potential controls that can be put in place to harden the pipeline against attacks. The presentation is intended to be useful both for evaluating internal build processes as well as to support the evaluation of critical external vendors’ processes.
Optimizing Security Velocity in Your DevSecOps Pipeline at ScaleDenim Group
Businesses are driving development teams to build, test and deliver app innovations faster and faster, while attackers continue to grow in sophistication and complexity. To protect the business, dev and security teams are deploying multiple app/network/OSS security testing tools, internal & 3rd party manual assessments, and other processes which in turn drives an exponential spike in volume of issues to analyze, correlate, triage, route and repair. Facing this data deluge, DevSecOps teams are turning to automation of mobile app security testing and orchestration of vulnerability management for speed and scale. Join Brian Reed, Chief Mobility Officer of NowSecure and Dan Cornell, Co-Founder and CTO of Denim Group in this best practices session to learn how to drive efficiencies in team and pipeline performance at scale.
Title:
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA Program
Abstract:
With all the focus on DevSecOps and integrating security into Continuous Integration/Continuous Delivery (CI/CD) pipelines, some teams may be lured into thinking that the entirety of a Software Security Assurance (SSA) program can be baked into these pipelines. While integrating security into CI/CD offers many benefits, it is critical to understand that a full SSA program encompasses a variety of activities – many of which are incompatible with run time restrictions and other constraints imposed by these pipelines. This webinar looks at the breadth of activities involved in a mature SSA program and steps through the aspects of a program that can be realistically included in a pipeline, as well as those that cannot. It also reviews how these activities and related tooling have evolved over time as the application security discipline has matured and as development teams started to focus on cloud-native development techniques and technologies.
Speaker:
Dan Cornell
Bio:
A globally recognized application security expert, Dan Cornell holds over 15 years of experience architecting, developing and securing web-based software systems. As Chief Technology Officer and Principal at Denim Group, Ltd., he leads the technology team to help Fortune 500 companies and government organizations integrate security throughout the development process.
AppSec Fast and Slow: Your DevSecOps CI/CD Pipeline Isn’t an SSA ProgramDenim Group
With all the focus on DevSecOps and integrating security into Continuous Integration/Continuous Delivery (CI/CD) pipelines, some teams may be lured into thinking that the entirety of a Software Security Assurance (SSA) program can be baked into these pipelines. While integrating security into CI/CD offers many benefits, it is critical to understand that a full SSA program encompasses a variety of activities – many of which are incompatible with run time restrictions and other constraints imposed by these pipelines. This webinar looks at the breadth of activities involved in a mature SSA program and steps through the aspects of a program that can be realistically included in a pipeline, as well as those that cannot. It also reviews how these activities and related tooling have evolved over time as the application security discipline has matured and as development teams started to focus on cloud-native development techniques and technologies.
Managing Penetration Testing Programs and Vulnerability Time to Live with Thr...Denim Group
This webinar takes a dive into the biggest features and benefits in the latest ThreadFix release and the evolving feature set. We will focus on ThreadFix’s new capabilities, including - managing internal penetration testing teams with ThreadFix, tracking vulnerability time to live policies, as well as a host of additional enhancements.
Security Champions: Pushing Security Expertise to the Edges of Your OrganizationDenim Group
Application security teams are outnumbered. Even in security-conscious environments, application developers often exceed application security professionals by a ratio of 100:1. In addition, the push for digital transformation is accelerating the pace of development – exacerbating these challenges. One technique forward-looking security teams have adopted to stay afloat is to deploy security champions into development teams throughout the organization. This webinar looks at different models for standing up security champion initiatives and relates Denim Group’s experiences helping organizations craft and staff these programs.
The As, Bs, and Four Cs of Testing Cloud-Native ApplicationsDenim Group
Security assessments are a critical part of any security program. Being able to identify – and communicate about – vulnerabilities systems is required to get vulnerabilities prioritized for remediation. For web and mobile applications, assessment methodologies are reasonably straightforward and established. However, for cloud-native applications, the combination of new technologies and architectural elements has introduced questions about how to scope, plan, and execute security assessments. This presentation looks at how the assessment landscape has changed with the introduction of cloud-native applications and explores how threat modeling is central to testing their security. In addition, the “Four C’s” conceptual model for looking at cloud-native application security is introduced, including a discussion of how both automated and manual testing methodologies can be used to accomplish assessment goals. Finally, vulnerability contextualization and reporting are discussed, so that teams running cloud-native application assessments can properly characterize the results of their efforts to aid in the prioritization and remediation of identified issues.
An Updated Take: Threat Modeling for IoT SystemsDenim Group
The Internet of Things (IoT) is an exciting and emerging area of technology allowing individuals and businesses to make radical changes to how they live their lives and conduct commerce. The challenge with this trend is that IoT devices are just computers with sensors running applications. Because IoT devices interact with our personal lives, the proliferation of these devices exposes an unprecedented amount of personal sensitive data to significant risk. In addition, IoT security is not only about the code running on the device, these devices are connected to systems that include supporting web services as well as other client applications that allow for management and reporting.
A critical step to understanding the security of any system is building a threat model. This helps to enumerate the components of the system as well as the paths that data takes as it flows through the system. Combining this information with an understanding of trust boundaries helps provide system designers with critical information to mitigate systemic risks to the technology and architecture.
This webinar looks at how Threat Modeling can be applied to IoT systems to help build more security systems during the design process, as well as how to use Threat Modeling when testing the security of IoT systems.
Optimize Your Security Program with ThreadFix 2.7Denim Group
ThreadFix 2.7’s feature set represents the most significant expansion to the platform since ThreadFix was first released almost 10 years ago. This release bundles new application risk-ranking capabilities with the powerful addition to receive a 3rd party assessment for any application managed within ThreadFix. Join us to see how your team’s capacity and capabilities can be instantly expanded through on-demand application security assessments delivered directly into your ThreadFix instance, adding Denim Group’s nearly two decades of application security experience to your team anytime you need it.
Application Security Testing for a DevOps Mindset Denim Group
The cultural transition to DevOps is coming to organizations, and security teams must learn to adapt or be marginalized. Forward-thinking security teams will use this transition to their advantage and will reap the benefits of better and more frequent security insight into development cycles. By understanding the goals of development teams, security representatives can help to meaningfully include themselves in the development process and provide value through sensible risk management.
Reducing Attack Surface in Budget Constrained EnvironmentsDenim Group
Sprawling networks, streaming vendor vulnerability updates, and an application portfolio that remains a mystery keep you up late wondering where your weakest link exists. Budget constraints make you wonder where to begin, given that the responsibility to protect your organization remains firmly on your shoulders. How do savvy leaders identify the most pressing exposures and prioritize their efforts given limited budgets? What are the strategies that sophisticated IT and security leaders pursue to identify the scariest vulnerabilities and fix them before attackers find them? This session will lay out actionable plans to immediately identify and reduce more of your organization’s attack surface.
Securing Voting Infrastructure before the Mid-Term ElectionsDenim Group
The prospect of nation state interference with our 2018 mid-term elections is a reality that secretaries of state are facing. Given the fast-changing nature of the threat and the sprawling election infrastructure across the country, how are state officials securing their voting systems and databases in anticipation of the election? What are emerging strategies given the limited resources and unlimited needs? Where are the most vulnerable parts of the election systems and where should state officials focus their efforts given the potential for disruption? This webinar will provide an attacker’s view of a typical state-run election system and will make recommendations where to focus limited time and resources in the run up of the 2018 mid-term election in November.
The Internet of Things (IoT) is an exciting and emerging area of technology allowing individuals and businesses to make radical changes to how they live their lives and conduct commerce. The challenge with this trend is that IoT devices are just computers with sensors running applications. Because IoT devices interact with our personal lives, the proliferation of these devices exposes an unprecedented amount of personal sensitive data to significant risk. In addition, IoT security is not only about the code running on the device, these devices are connected to systems that include supporting web services as well as other client applications that allow for management and reporting.
A critical step to understanding the security of any system is building a threat model. This helps to enumerate the components of the system as well as the paths that data takes as it flows through the system. Combining this information with an understanding of trust boundaries helps provide system designers with critical information to mitigate systemic risks to the technology and architecture.
This webinar looks at how Threat Modeling can be applied to IoT systems to help build more security systems during the design process, as well as how to use Threat Modeling when testing the security of IoT systems.
Understanding IoT Security: How to Quantify Security Risk of IoT TechnologiesDenim Group
IoT devices are proliferating throughout corporate networks raising concerns about security risks they may introduce. However, IoT technologies differ in many ways from most enterprise-ready technologies that currently exist. Understanding the risks that IoT represents and how to best quantify that risk can be a challenge for many security leaders. This webinar provides an overview of IoT architectures, how they differ from existing infrastructure devices, and how best to measure the risk IoT devices represent. It will expose attendees to concepts like Threat Modeling for IoT and provide additional references that will help build a successful IoT security assessment program.
Elevate Your Application Security Program with Burp Suite and ThreadFix Denim Group
Burp Suite is the premier software for web security testing, allowing organizations to deploy cutting-edge scanning technology to identify the very latest serious application vulnerabilities. ThreadFix is the industry leading vulnerability resolution platform that provides a window into the state of application security programs for organizations that build software. The combination of ThreadFix and Burp Suite allows organizations to efficiently identify security vulnerabilities, correlate and trend test results, and prioritize application risk to resolve vulnerabilities more quickly and more efficiently. This webinar will demonstrate how organizations can use ThreadFix and Burp Suite together to integrate application security into DevOps CI/CD pipelines and to track organization-wide metrics on progress finding and resolving web application vulnerabilities.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar