GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.
Enchancing adoption of Open Source Libraries. A case study on Albumentations.AIVladimir Iglovikov, Ph.D.
Presented by Vladimir Iglovikov:
- https://www.linkedin.com/in/iglovikov/
- https://x.com/viglovikov
- https://www.instagram.com/ternaus/
This presentation delves into the journey of Albumentations.ai, a highly successful open-source library for data augmentation.
Created out of a necessity for superior performance in Kaggle competitions, Albumentations has grown to become a widely used tool among data scientists and machine learning practitioners.
This case study covers various aspects, including:
People: The contributors and community that have supported Albumentations.
Metrics: The success indicators such as downloads, daily active users, GitHub stars, and financial contributions.
Challenges: The hurdles in monetizing open-source projects and measuring user engagement.
Development Practices: Best practices for creating, maintaining, and scaling open-source libraries, including code hygiene, CI/CD, and fast iteration.
Community Building: Strategies for making adoption easy, iterating quickly, and fostering a vibrant, engaged community.
Marketing: Both online and offline marketing tactics, focusing on real, impactful interactions and collaborations.
Mental Health: Maintaining balance and not feeling pressured by user demands.
Key insights include the importance of automation, making the adoption process seamless, and leveraging offline interactions for marketing. The presentation also emphasizes the need for continuous small improvements and building a friendly, inclusive community that contributes to the project's growth.
Vladimir Iglovikov brings his extensive experience as a Kaggle Grandmaster, ex-Staff ML Engineer at Lyft, sharing valuable lessons and practical advice for anyone looking to enhance the adoption of their open-source projects.
Explore more about Albumentations and join the community at:
GitHub: https://github.com/albumentations-team/albumentations
Website: https://albumentations.ai/
LinkedIn: https://www.linkedin.com/company/100504475
Twitter: https://x.com/albumentations
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank
Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
Climate Impact of Software Testing at Nordic Testing DaysKari Kakkonen
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Communications Mining Series - Zero to Hero - Session 1DianaGray10
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
A tale of scale & speed: How the US Navy is enabling software delivery from l...sonjaschweigert1
Rapid and secure feature delivery is a goal across every application team and every branch of the DoD. The Navy’s DevSecOps platform, Party Barge, has achieved:
- Reduction in onboarding time from 5 weeks to 1 day
- Improved developer experience and productivity through actionable findings and reduction of false positives
- Maintenance of superior security standards and inherent policy enforcement with Authorization to Operate (ATO)
Development teams can ship efficiently and ensure applications are cyber ready for Navy Authorizing Officials (AOs). In this webinar, Sigma Defense and Anchore will give attendees a look behind the scenes and demo secure pipeline automation and security artifacts that speed up application ATO and time to production.
We will cover:
- How to remove silos in DevSecOps
- How to build efficient development pipeline roles and component templates
- How to deliver security artifacts that matter for ATO’s (SBOMs, vulnerability reports, and policy evidence)
- How to streamline operations with automated policy checks on container images
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...Neo4j
Leonard Jayamohan, Partner & Generative AI Lead, Deloitte
This keynote will reveal how Deloitte leverages Neo4j’s graph power for groundbreaking digital twin solutions, achieving a staggering 100x performance boost. Discover the essential role knowledge graphs play in successful generative AI implementations. Plus, get an exclusive look at an innovative Neo4j + Generative AI solution Deloitte is developing in-house.
Generative AI Deep Dive: Advancing from Proof of Concept to ProductionAggregage
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
1. Andy's JavaScript Tutorial
PDF Electronic Version Reproduced By: Khurram Hussain Zuberi on May 09, 2000
NOTE: The original Andy's tutorial site is located at http://andyjava.simplenet.com/ where more updated version might be found.
FAQs on JavaScript
"What is JavaScript? Is it advanced HTML? Java? Some form of Active X?" Actually, none of the
above. JavaScript is JavaScript, and that's that. One of the most common preconceptions
about JavaScript is that it's somewhat related to Java (since they have very similar names).
Ironically, JavaScript and Java, besides the fact that they are all programming languages, are
completely different. I won't go into detail what Java is, but I will say this: it's something I
definitely won't be taking on in the near future (hint: Java is very hard to learn).
Ok, let's shift our focus back to JavaScript. "What can it do? Why should I learn it? How long
will it take me to learn it? Do I have to learn it?" Wow, that's a lot of questions. First, the
short answer, then the long:
Short answer: Cool stuff. Just because. 1-2 weeks. No.
Now, the long: JavaScript can greatly enhance the "coolness" and interactivity of your web
page. Great stuff you see on the net such as image flips, drop down menu boxes, live clocks
etc are all written in JavaScript. If you want your web pages to look more than just a bunch
of stale and boring paper documents converted into digital form, you'll want to learn this
neat programming language. It's very easy to get a handle on; I spent around two weeks- on
and off- learning JavaScript, and that was it!
Writing your first script
Are you ready to write your first script? No, it's not too soon. A bare-bone script consists of
only two lines: The <script></script> tag:
<script>
</script>
The actualJavaScript codes will fall inside this tag. Ok, are you ready to do something
interesting with JavaScript? I thought so.
Dynamically changing the document's background
color
Ok, let's begin by seeing how to change the background color of the document using
JavaScript. Take a look:
2. <script>
document.bgColor="blue"
</script>
You can change blue to any color name, or the color's hex representation (ie: #000000).
This is a very simple illustration of JavaScript at work; changing the background color isn't
exactly something good-old HTML can't do easily all by itself. However, this is just the
beginning of our JavaScript journey...have some patience!
Status bar messages
Using JavaScript, you can display messages in the status bar of your browser below. This is
accomplished by setting a string value to the "window.status" property. For example:
<script>
window.status="Welcome to my homepage"
</script>
By doing the above, the message "Welcome to my homepage" is shown in the status bar. One
trick you may have seen on the web is a status bar message that is initiated only when the
user moves her mouse over a link:
Yahoo
Here's the code used:
<a href="http://www.yahoo.com" onMouseover="window.status='Click here for
Yahoo!';return true" onMouseout="window.status=''">Yahoo</a>
I captured the mouse's "position" by using the onMouseover and onMouseout event handlers of
JavaScript. Event handlers are added directly inside certain HTML tags such as the <a> tag,
and allows you to run code that react to a certain event (such as when the mouse moves over
a link). In this case, the code displays "Click here for Yahoo!" in the status bar when the
surfer moves her mouse over the link "Yahoo", and resets the status bar when the mouse
moves out. Pretty cool, uh?
On-the-fly text
Text inside the document is usually static- if you reload this document 5 times, there's no
reason to believe that the document's text will be any different each time...or is there? One
of the coolest things about JavaScript is that it allows you to generate text on the fly. You
could, for example, have the document greet you "Good morning" in the morning, and "Good
night" at night. The basic way to write out text in JavaScript is by using the document.write()
command, as follows:
<script>
document.write('Some text')
3. </script>
Whatever you put inside the parentheses, JavaScript displays it on the page. Taking this basic
idea one step further, I'll create a script that writes out the last modified date of this page.
<script>
var modifieddate=document.lastModified
document.write(modifieddate)
</script>
The above is a perfect example of "on-the-fly" text. The text reflects the last modified date
of your page, and is updated automatically whenever you edit the page and save it!
JavaScript dialog boxes
So, what the heck are JavaScript dialog boxes? Well, they are interesting little "pop-up" boxes
that can be used to display a message, ask for confirmation, user input etc. They're very easy
to create, not to mention cool!
Three types of dialog boxes exist in JavaScript- alert, confirm, and prompt. I'll show you an
example of each:
Alert:
<script>
alert("Welcome, my friend!")
</script>
Confirm:
<script>
var answer=confirm("Jump to CNN?")
if (answer)
window.location="http://cnn.com"
</script>
Prompt:
<script>
var answer=prompt("Please enter your name")
alert("Hello "+answer)
</script>
All of the boxes allow you to customize the message simply by entering in a different text
inside the function's parentheses. Go ahead, try it now on your web page!
Image submit button
JavaScript is not only practical, it's cosmetical as well! If you work with HTML forms (and who
doesn't?), then you should agree that form buttons are probably one of the most ugly things
ever to exist inside a browser. They're dull, ugly, and desperately need a make-over! Well,
with the help of JavaScript, it's actually possible to use a custom image in place of form
buttons to perform the important task of sending the form's content to you. Here's how:
4. 1) Give your form a name:
<form name="andy">
"
</form>
2) Replace the usual submit button (<input>) with the below:
<form name="andy">
"
<a href="javascript:document.andy.submit()"><img src="myimage.gif"></a>
</form>
That's it. For the submit button, noticed that I used an image link with an unusual url:
javascript:document.andy.submit(). This line of code tells JavaScript to submit the form
named andy when the link is clicked on. Here's an actual example of a form with an image
submit button:
Name:
Email:
Displaying a random message/ image
I get a lot of emails asking me stuff like: "How do I display a random quote on my page?", or
"Is it possible to have a random image show up each time the surfer reloads the page?" The
answer? No problemo! JavaScript can be used to easily accomplish just that.
The below's a "random" quote example, where a quote out of three is randomly displayed
each time this page is loaded (Reload this web page to see another quote):
Here's the source code used:
<script>
var whichquote=Math.round(Math.random())*3
if (whichquote<=1)
document.write('"You can take away my life, but you can never take away my freedom!"')
else if (whichquote<=2)
document.write('"I'll be back"')
else if (whichquote<=3)
document.write('"You can count on it"')
</script>
The key here is the code:
var whichquote=Math.round(Math.random())*3
I'll explain this code by breaking it down: Math.random() is a JavaScript method, and always
5. generates a real number between 0 and 1. Math.round() rounds that number to an integer. By
multiplying that number by 3, I always get a random number that's between 0 and 3. Why 3?
Because I have three quotes I want to randomly display, so I need three random "slots". If you
have 5 quotes, just multiple the code by 5 instead.
Now, quotes are great, but what if you want to display a random image? Simple. Just change
the text to the <img> tag:
<script>
var whichquote=Math.round(Math.random())*3
if (whichquote<=1)
document.write('<img src="first.gif">')
else if (whichquote<=2)
document.write('<img src="second.gif">')
else if (whichquote<=3)
document.write('<img src="third.gif">')
</script>
Don't you just love JavaScript?
Advanced JavaScript applications
Ok, I'll dedicate this final tutorial to showing you some more advanced JavaScript
applications, along with their complete source code, so you can simply cut and paste 'em to
instantly "pump up" your site!
JavaScript live clock
This is a cool script that displays a "live" form clock on your web page:
5:50:32 PM
Source code:
<form name="time">
<input type="text" name="time2" size=15>
</form>
<script>
function liveclock(){
var curdate=new Date()
var hours=curdate.getHours()
var minutes=curdate.getMinutes()
var seconds=curdate.getSeconds()
var suffix="AM"
if (hours>=12){
suffix="PM"
if (hours>=13)
hours-=12
}
if (minutes<10)
minutes="0"+minutes
if (seconds<10)
6. seconds="0"+seconds
var thetime=hours+":"+minutes+":"+seconds+" "+suffix
document.time.time2.value=thetime
setTimeout("liveclock()",1000)
}
liveclock()
</script>
Image Flip
An image flip is a cool JavaScript effect that makes an image change to another when the
mouse moves over it. Not very practical, but defintely cool:
The above button consists of two images - one before the mouse is over it, and one after.
Here's the source code:
Source code:
<a href="index.htm" onMouseover="if (document.images) document.images.menu.src='after.gif'"
onMouseout="if (document.images) document.images.menu.src='before.gif'"><img src="before.gif"
name="menu" border=0></a>
Try pasting the above code onto your webpage, and change 'before.gif' and 'after.gif' to
reflect your own images. Notice how I gave the image a name ('menu') using the name
attribute. This is neccessary, and if you want to have multiple image flips on one page, you'll
need to give each image flip a unique name.
Drop down menu box
I'ms sure most of you have seen a drop down menu box before. They are <select> lists that go
to the selected url when clicked on...a great space saver!
Geocities GO
<form name="c1">
<p><select name="c2" size="1">
<option selected value="http://www.geocities.com">Geocities</option>
<option value="http://www.happypuppy.com">Happypuppy</option>
<option value="http://www.gamespot.com">Gamespot</option>
</select>
<input type="button" value="Go"
onClick="location=document.c1.c2.options
[document.c1.c2.selectedIndex].value"></p>
</form>
You can cram in as many links as you wish into the box simply by adding more options to the
selection list.
7. Recommended JavaScript sites:
Website Abstraction- A superb JavaScript technology center featuring free scripts and
tutorials on many aspects of JavaScript. I credit most of my JavaScript knowledge to this
site.
Dynamic Drive- Quite an amazing JavaScript site with advanced JavaScripts/DHTML
scripts you can simply cut and paste onto your site to intantly add magic to your site. I must
have used at least a dozen of them on my personal site already...