Over 30 years, the term Open Source has been gaining momentum and it is at its peak right now, with all tech giants shifting focus into open source. In contrast, you don’t see a lot of penetration in open source IAM, this is largely due to the uncertainty and doubts around the topic. Register here for an in-depth explanation of facts and fiction in this space.
View the on-demand webinar: https://wso2.com/library/webinars/open-source-value-benefits-risks/
The cloud is rapidly becoming the de-facto standard for deploying enterprise applications. Microservices are at the core of building cloud-native applications due to its proven advantages such as granularity, cloud-native deployment, and scalability. With the exponential growth of the consumer base of these service offerings, enforcing microservice/API security has become one of the biggest challenges to overcome.
In this deck, we discuss:
- The need for API/Microservices Security
- The importance of delegating security enforcement to an API Gateway
- API Authentication and Authorization methodologies
- OAuth2 - The de-facto standard of API Authentication
- Protection against cyber attacks and anomalies
- Security aspects to consider when designing Single Page Applications (SPAs)
Watch the webinar on-demand here - https://wso2.com/library/webinars/2019/11/api-security-in-a-cloud-native-era/
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...WSO2
Client-side applications are becoming an increasingly popular technology to build applications owing to the advanced user experience that they provide consumers. Authentication and API authorization for these applications are also becoming equally popular topics that many developers have a hard time getting their heads around.
Check these slides, where Johann Nallathamby, Head of Solutions Architecture for IAM at WSO2, will attempt to demystify some complexities and misconceptions surrounding this topic and help you better understand the most important features to consider when choosing an authentication and API authorization solution for client-side applications.
These slides will review:
- The broader classification of client-side applications and their legacy and more recent authentication and API authorization patterns
- Sender-constrained token patterns
- Solution patterns being employed to improve user experience in client-side applications
42Crunch Security Audit for WSO2 API Manager 3.1WSO2
API Security has become an important concern in recent times as organizations are more cautious about exposing raw, sensitive data via APIs. Therefore, it is important that APIs adhere to the OpenAPI Specification (OAS) to ensure API security.
WSO2 has partnered with 42Crunch, to bring in the ability to conduct a security audit on the OpenAPI Specification definition, and to obtain an audit report.
The WSO2 API Manager 3.1 brings a lot of interesting features, including the ability to run 42Crunch’s audit tool directly from the API Publishing portal.
In this webinar, we will:
- Explain the advantages of introducing security at design time
- Introduce the 42Crunch audit functionality
- Explain how 42Crunch and WSO2 API Manager can be used together for better API Security
Building layers of defense for your applicationVMware Tanzu
SpringOne 2021
Session Title: Building Layers of Defense for Your Application Using Spring Security Framework
Speaker: Neha Sardana, Software Developer at BNY Mellon
Over 30 years, the term Open Source has been gaining momentum and it is at its peak right now, with all tech giants shifting focus into open source. In contrast, you don’t see a lot of penetration in open source IAM, this is largely due to the uncertainty and doubts around the topic. Register here for an in-depth explanation of facts and fiction in this space.
View the on-demand webinar: https://wso2.com/library/webinars/open-source-value-benefits-risks/
The cloud is rapidly becoming the de-facto standard for deploying enterprise applications. Microservices are at the core of building cloud-native applications due to its proven advantages such as granularity, cloud-native deployment, and scalability. With the exponential growth of the consumer base of these service offerings, enforcing microservice/API security has become one of the biggest challenges to overcome.
In this deck, we discuss:
- The need for API/Microservices Security
- The importance of delegating security enforcement to an API Gateway
- API Authentication and Authorization methodologies
- OAuth2 - The de-facto standard of API Authentication
- Protection against cyber attacks and anomalies
- Security aspects to consider when designing Single Page Applications (SPAs)
Watch the webinar on-demand here - https://wso2.com/library/webinars/2019/11/api-security-in-a-cloud-native-era/
[APIdays INTERFACE 2021] The Evolution of API Security for Client-side Applic...WSO2
Client-side applications are becoming an increasingly popular technology to build applications owing to the advanced user experience that they provide consumers. Authentication and API authorization for these applications are also becoming equally popular topics that many developers have a hard time getting their heads around.
Check these slides, where Johann Nallathamby, Head of Solutions Architecture for IAM at WSO2, will attempt to demystify some complexities and misconceptions surrounding this topic and help you better understand the most important features to consider when choosing an authentication and API authorization solution for client-side applications.
These slides will review:
- The broader classification of client-side applications and their legacy and more recent authentication and API authorization patterns
- Sender-constrained token patterns
- Solution patterns being employed to improve user experience in client-side applications
42Crunch Security Audit for WSO2 API Manager 3.1WSO2
API Security has become an important concern in recent times as organizations are more cautious about exposing raw, sensitive data via APIs. Therefore, it is important that APIs adhere to the OpenAPI Specification (OAS) to ensure API security.
WSO2 has partnered with 42Crunch, to bring in the ability to conduct a security audit on the OpenAPI Specification definition, and to obtain an audit report.
The WSO2 API Manager 3.1 brings a lot of interesting features, including the ability to run 42Crunch’s audit tool directly from the API Publishing portal.
In this webinar, we will:
- Explain the advantages of introducing security at design time
- Introduce the 42Crunch audit functionality
- Explain how 42Crunch and WSO2 API Manager can be used together for better API Security
Building layers of defense for your applicationVMware Tanzu
SpringOne 2021
Session Title: Building Layers of Defense for Your Application Using Spring Security Framework
Speaker: Neha Sardana, Software Developer at BNY Mellon
In this presentation, we explain why OAuth and SSL are not enough when it comes to API Security, and that you should also think about addressing other aspects such as confidentiality, integrity, audit or compliance requirements. We expose the tactics to address each of those aspects, and a set of recommendations to apply immediately to your APIs development.
If you ask about API security, you will be most likely be told about OAuth2, may be OpenID Connect and of course TLS.
But in order to properly secure APIs, you will have to address many other aspects. This presentation cover key concepts related to API Security, as well as practical tools/solutions to address the overall issue, such as:
- Transport and message encryption.
- Digital Signatures
- Auditing and non-repudiation
- SecDevOps and security as code
- Coding best practices and how to enforce them
- Infrastructure Best Practices
How WSO2 API Manager Supports the Ministry of Hajj and UmrahWSO2
The Ministry of Hajj and Umrah aims to serve the pilgrims and Umrah in the best way possible. With dozens of internal and external systems already integrated to fulfill the ministry's many business needs, it was vital to maintain an organized and well-defined integration strategy. APIs play a pivotal role in this, and managing them was a key priority and a prime concern.
WSO2, in partnership with Sejel Technologies, designed and implemented a dedicated API management platform for the ministry of Hajj and Umrah, and to date provides professional support.
Owing to the significant increase in integration endpoints and stakeholders, the need to formally manage the ministry’s assets exposed through APIs was essential. Following a thorough evaluation of the API management offerings available in the market, the ministry selected WSO2 API Manager. Not only did the platform meet all of the requirements—such as security, policy enforcement, clustered high availability options, and analytical reporting—it also came with professional support and the active involvement of WSO2 consultants, who were committed to the goal of achieving API sophistication.
We will also cover:
Why the Ministry of Hajj and Umrah required a dedicated API management platform.
The evaluation criteria and how the ministry shortlisted WSO2 API Manager.
How WSO2 API Manager helps the ministry efficiently achieve its business goals.
How the ministry benefits from WSO2’s support model and expertise.
How to release more reliable, better-performing APIs
Watch the on-demand webinar here: https://wso2.com/library/webinars/wso2-apimanager-supports-the-ministry-of-hajj-and-umrah/
API security needs to be thought with agility and collaboration in mind. In this presentation, we explain why API security must be automated: explosion of endpoints, continuous change, human errors and early involvement of security teams in API dev process.
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!Mike Schwartz
Sometimes you need to be more sure your are connected to the right person. In those cases, to mitigate the risk of identity fraud, you should consider using a technique called trust elevation. Its easy with the OAuth2 profiles: OpenID Connect and UMA.
While TLS and OAuth are widely used today, they are not always well-used and in many cases they are not enough. In this presentation, we introduce all aspects of security to consider as well as the OpenAPI security extensions which can be leveraged to better express the contract between the consumer and the provider.
apidays LIVE New York 2021 - Solving API security through holistic obervabili...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Solving API security through holistic obervability
Jean-Baptiste Aviat, AppSec Staff Engineer at Datadog
Using a Third Party Key Management System with WSO2 API ManagerWSO2
To view recording of this webinar please use below URL:
http://wso2.com/library/webinars/2015/08/using-a-third-party-key-management-system-with-wso2-api-manager/
This webinar will demonstrate the WSO2 API Manager plugged into a third party key management system (MITREid Connect) in compliance with OpenID connect 2.0 specification. During this demonstration we will discuss
Configuration changes that need to be done in WSO2 API Manager
Java interfaces that need to be extended when writing your own implementation
Feeding in custom attributes required to create and manage clients created at third-party authorization servers using Jaggery REST APIs
A sample implementation with the third party key management system
Why upgrade your MFA to Adaptive Authentication?WSO2
This slide deck discusses the emerging of MFA, the pitfalls, why you should upgrade your MFA and best possible alternatives for MFA.
Watch the webinar here - https://wso2.com/library/webinars/2019/02/why-upgrade-your-mfa-to-adaptive-authentication/
More and more enterprises are restructuring their development teams to replicate the agility and innovation of startups.
In the last few years, microservices have gained popularity for their ability to provide modularity, scalability, high availability, as well as make it easier for smaller development teams to develop in an agile way.
But how do they deal with security? what about security contexts?
This talk will give insights about the most interesting issues found in the last years while testing the security of multilayered microservices solutions and how they were fixed.
As the pace at which APIs are created, proper security requires automation. This presentation introduces top OWASP issues which are occurring today and a series of steps to better protect our APIs.
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Mike Schwartz
Increased trust in an online identity = increased mitigation of the risk of fraud. As an enterprise interacts with a person via the Internet, it may be prudent, for certain transactions, to have more evidence of that person’s identity. Web Access Management systems include some proprietary features to force “stepped-up authentication.” But luckily, new OAuth2 profiles like UMA and OpenID Connect offer a standards based approach to achieve inter-domain trust elevation. This slideshows includes a high level overview of the Enterprise UMA use case and some of the useful OpenID Connect features that can be leveraged to create centralized authentication policies.
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays
apidays LIVE Paris - Responding to the New Normal with APIs for Business, People and Society
December 8, 9 & 10, 2020
Principles for API security
Alan Glickenhouse, Digital Transformation and API Business Strategist at IBM
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOpenIDFoundation
Roland Hedberg with Catalogix and the OpenID Foudation provided an update on OpenID Connect Federation at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
Learn how to exploit security vulnerabilities that are commonly found in the arsenal of malicious attackers. We won't simply talk about issues like XSS, CSRF and SQL Injection, but will have live demos showing how hackers exploit these potentially devastating defects using freely available tools. You'll see how to hack a real world open source application and explore bugs in commonly used open source frameworks. We also look at the source code and see how to fix these issues using secure coding principles. We will also discuss best practices that can be used to build security into your SDLC. Java developers and architects will learn how to find and fix security issues in their applications before hackers do.
In this presentation, we explain why OAuth and SSL are not enough when it comes to API Security, and that you should also think about addressing other aspects such as confidentiality, integrity, audit or compliance requirements. We expose the tactics to address each of those aspects, and a set of recommendations to apply immediately to your APIs development.
If you ask about API security, you will be most likely be told about OAuth2, may be OpenID Connect and of course TLS.
But in order to properly secure APIs, you will have to address many other aspects. This presentation cover key concepts related to API Security, as well as practical tools/solutions to address the overall issue, such as:
- Transport and message encryption.
- Digital Signatures
- Auditing and non-repudiation
- SecDevOps and security as code
- Coding best practices and how to enforce them
- Infrastructure Best Practices
How WSO2 API Manager Supports the Ministry of Hajj and UmrahWSO2
The Ministry of Hajj and Umrah aims to serve the pilgrims and Umrah in the best way possible. With dozens of internal and external systems already integrated to fulfill the ministry's many business needs, it was vital to maintain an organized and well-defined integration strategy. APIs play a pivotal role in this, and managing them was a key priority and a prime concern.
WSO2, in partnership with Sejel Technologies, designed and implemented a dedicated API management platform for the ministry of Hajj and Umrah, and to date provides professional support.
Owing to the significant increase in integration endpoints and stakeholders, the need to formally manage the ministry’s assets exposed through APIs was essential. Following a thorough evaluation of the API management offerings available in the market, the ministry selected WSO2 API Manager. Not only did the platform meet all of the requirements—such as security, policy enforcement, clustered high availability options, and analytical reporting—it also came with professional support and the active involvement of WSO2 consultants, who were committed to the goal of achieving API sophistication.
We will also cover:
Why the Ministry of Hajj and Umrah required a dedicated API management platform.
The evaluation criteria and how the ministry shortlisted WSO2 API Manager.
How WSO2 API Manager helps the ministry efficiently achieve its business goals.
How the ministry benefits from WSO2’s support model and expertise.
How to release more reliable, better-performing APIs
Watch the on-demand webinar here: https://wso2.com/library/webinars/wso2-apimanager-supports-the-ministry-of-hajj-and-umrah/
API security needs to be thought with agility and collaboration in mind. In this presentation, we explain why API security must be automated: explosion of endpoints, continuous change, human errors and early involvement of security teams in API dev process.
RSA Conference 2016: Don't Use Two-Factor Authentication... Unless You Need It!Mike Schwartz
Sometimes you need to be more sure your are connected to the right person. In those cases, to mitigate the risk of identity fraud, you should consider using a technique called trust elevation. Its easy with the OAuth2 profiles: OpenID Connect and UMA.
While TLS and OAuth are widely used today, they are not always well-used and in many cases they are not enough. In this presentation, we introduce all aspects of security to consider as well as the OpenAPI security extensions which can be leveraged to better express the contract between the consumer and the provider.
apidays LIVE New York 2021 - Solving API security through holistic obervabili...apidays
apidays LIVE New York 2021 - API-driven Regulations for Finance, Insurance, and Healthcare
July 28 & 29, 2021
Solving API security through holistic obervability
Jean-Baptiste Aviat, AppSec Staff Engineer at Datadog
Using a Third Party Key Management System with WSO2 API ManagerWSO2
To view recording of this webinar please use below URL:
http://wso2.com/library/webinars/2015/08/using-a-third-party-key-management-system-with-wso2-api-manager/
This webinar will demonstrate the WSO2 API Manager plugged into a third party key management system (MITREid Connect) in compliance with OpenID connect 2.0 specification. During this demonstration we will discuss
Configuration changes that need to be done in WSO2 API Manager
Java interfaces that need to be extended when writing your own implementation
Feeding in custom attributes required to create and manage clients created at third-party authorization servers using Jaggery REST APIs
A sample implementation with the third party key management system
Why upgrade your MFA to Adaptive Authentication?WSO2
This slide deck discusses the emerging of MFA, the pitfalls, why you should upgrade your MFA and best possible alternatives for MFA.
Watch the webinar here - https://wso2.com/library/webinars/2019/02/why-upgrade-your-mfa-to-adaptive-authentication/
More and more enterprises are restructuring their development teams to replicate the agility and innovation of startups.
In the last few years, microservices have gained popularity for their ability to provide modularity, scalability, high availability, as well as make it easier for smaller development teams to develop in an agile way.
But how do they deal with security? what about security contexts?
This talk will give insights about the most interesting issues found in the last years while testing the security of multilayered microservices solutions and how they were fixed.
As the pace at which APIs are created, proper security requires automation. This presentation introduces top OWASP issues which are occurring today and a series of steps to better protect our APIs.
Trust Elevation: Implementing an OAuth2 Infrastructure using OpenID Connect &...Mike Schwartz
Increased trust in an online identity = increased mitigation of the risk of fraud. As an enterprise interacts with a person via the Internet, it may be prudent, for certain transactions, to have more evidence of that person’s identity. Web Access Management systems include some proprietary features to force “stepped-up authentication.” But luckily, new OAuth2 profiles like UMA and OpenID Connect offer a standards based approach to achieve inter-domain trust elevation. This slideshows includes a high level overview of the Enterprise UMA use case and some of the useful OpenID Connect features that can be leveraged to create centralized authentication policies.
apidays LIVE Paris - Principles for API security by Alan Glickenhouseapidays
apidays LIVE Paris - Responding to the New Normal with APIs for Business, People and Society
December 8, 9 & 10, 2020
Principles for API security
Alan Glickenhouse, Digital Transformation and API Business Strategist at IBM
OIDF Workshop at Verizon Media -- 9/30/2019 -- OpenID Connect Federation UpdateOpenIDFoundation
Roland Hedberg with Catalogix and the OpenID Foudation provided an update on OpenID Connect Federation at the OIDF Workshop at Verizon Media on Monday, September 30, 2019 in Sunnyvale, CA.
Learn how to exploit security vulnerabilities that are commonly found in the arsenal of malicious attackers. We won't simply talk about issues like XSS, CSRF and SQL Injection, but will have live demos showing how hackers exploit these potentially devastating defects using freely available tools. You'll see how to hack a real world open source application and explore bugs in commonly used open source frameworks. We also look at the source code and see how to fix these issues using secure coding principles. We will also discuss best practices that can be used to build security into your SDLC. Java developers and architects will learn how to find and fix security issues in their applications before hackers do.
A pragmatic approach to different SQL Injection techniques such as Stacked statements, Tautology based, Union based, Error based, Second Order and Blind SQL Injection coherently explaining the path behind these attacks including tips and tricks to make them more likely to work in real life.
Also I will show you ways to avoid weak defenses as black listing and quote filtering as well as how privilege escalation may take place from this sort of vulnerabilities.
There will be a live demonstration where you can catch on some handy tools and actually see blind sql injection working efficiently with the latest techniques showing you why this type of SQL injection shouldn't be taken any less seriously than any other.
Finally, a word on countermeasures and real solutions to prevent these attacks, what you should do and what you should not.
http://videos.sapo.pt/ZvwITnTBMzD8HYvEZrov (video)
Vulnerabilities in modern web applicationsNiyas Nazar
Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.
Lateral Movement: How attackers quietly traverse your NetworkEC-Council
After successfully attacking an endpoint and gaining a foothold there, sophisticated attackers know that to get to the valuable data within an organization they must quietly pivot. From reconnaissance to escalation of privileges to stealing credentials, learn about the tactics and tools that attackers are using today.
Here you can find the slides that accompany my “SPA Secure Coding Guide”, this presentation go through a set of security best practices specially targeted towards developing Angular applications with ASP.Net Web Api backends.
It comes with a WebApi example project available on GitHub that provides several code examples of how to defend yourself. The example app is based on the famous "Tour of Heroes" Angular app used throughout the Angular documentation.
It first introduce general threat modelling before explaining the most current type of attacks Asp.Net Web API are vulnerable to .
It is designed to serve as a secure coding reference guide, to help development teams quickly understand Asp.Net Core secure coding practices.
The OWASP Top Ten is an expert consensus of the most critical web application security threats. If properly understood, it is an invaluable framework to prioritize efforts and address flaws that expose your organization to attack.
This webcast series presents the OWASP Top 10 in an abridged format, interpreting the threats for you and providing actionable offensive and defensive best practices. It is ideal for all IT/development stakeholders that want to take a risk-based approach to Web application security.
How to Test for the OWASP Top Ten webcast focuses on tell tale markers of the OWASP Top Ten and techniques to hunt them down:
• Vulnerability anatomy – how they present themselves
• Analysis of vulnerability root cause and protection schemas
• Test procedures to validate susceptibility (or not) for each threat
Few developers pay attention to security, in spite of the unstoppable tide of security defects in code. Big money is being spent by governments to buy bugs, and exploits have become a new class of weapon in the arsenal of militaries around the world. It is high time that developers pay attention. In these slides, Coverity CTO & co-founder Andy Chou presents a model for how developers can begin to think about security, including some of the most common types of weaknesses that are still plaguing our applications. For each weakness, a concrete code example helps illustrate the bug and what to do about it. From there, he goes up a level and discuss why developers need to begin to "own security" and change the culture from within in order to make a dent in the security problems we face.
Most software developers have heard about OWASP Top Ten, describing the 10 most critical security vulnerabilities that should be avoided in web applications.
However, in order to prevent them, developers must be aware of the proactive controls that should be incorporated from early stages of software development lifecycle.
This talk briefly discusses the OWASP Top Ten Proactive Controls and then maps them to the respective OWASP Vulnerabilities that each of them addresses.
Similar to Api days 2018 - API Security by Sqreen (20)
This describes which technics Sqreen is using to protect against various kind of injections at scale (XSS, SQL, NoSQL, XXE, ...).
This is the key concept behind our RASP approach.
Serverless security - how to protect what you don't see?Sqreen
Protecting serverless is a new topic. This presentation aims at showing what new security challenges it brings, and how CISO and security teams should approach it.
The serverless space evolves fast and there is no convergence on best practices yet. The switch to a serverless architecture involves several changes, for instance developers doing much more ops with serverless, deploying 20 times more services than previously...
Application Security from the Inside - OWASPSqreen
Presentation at the OWASP (Open Web Application Security Project) on how to make apps secure by protecting them from the inside.
Detecting and protecting from
1. SQL injection
2. Cross Site Scripting (XSS)
3. Third party components vulnerabilities
4. Shell injection
etc.
Instrument Rack to visualize Rails requests processing Sqreen
This talk will introduce you to methods typically used to perform low level instrumentation on Ruby software. We apply these methods to Rack and Sinatra in a real life example, used by Sqreen to quickly locate a precise line of Rack source code.
Such methods have been widely used by the author in security related fields.
Ruby on Rails security in your Continuous IntegrationSqreen
Sqreen (https://www.sqreen.io) describes how open-source public tools can help improve your software security in your Continuous Integration cycle.
This presentation focus on Ruby on Rails and uses open source Ruby gems as well as Jenkins, an open source CI tool.
Two tools are presented. Arachni (https://github.com/Arachni/arachni) is a dynamic security analysis tool. It need some special scripting to get integrated to Jenkins (ask me!).
Brakeman (https://github.com/presidentbeef/brakeman), a static analysis tool, targets Ruby on Rails applications source code. It can be easily integrated to Jenkins thanks to an existing plug-in.
This method can make the reports hard to understand and process systematically in a CI work flow.
Jean-Baptiste Aviat, Sqreen CTO
Professional air quality monitoring systems provide immediate, on-site data for analysis, compliance, and decision-making.
Monitor common gases, weather parameters, particulates.
A brief information about the SCOP protein database used in bioinformatics.
The Structural Classification of Proteins (SCOP) database is a comprehensive and authoritative resource for the structural and evolutionary relationships of proteins. It provides a detailed and curated classification of protein structures, grouping them into families, superfamilies, and folds based on their structural and sequence similarities.
Cancer cell metabolism: special Reference to Lactate PathwayAADYARAJPANDEY1
Normal Cell Metabolism:
Cellular respiration describes the series of steps that cells use to break down sugar and other chemicals to get the energy we need to function.
Energy is stored in the bonds of glucose and when glucose is broken down, much of that energy is released.
Cell utilize energy in the form of ATP.
The first step of respiration is called glycolysis. In a series of steps, glycolysis breaks glucose into two smaller molecules - a chemical called pyruvate. A small amount of ATP is formed during this process.
Most healthy cells continue the breakdown in a second process, called the Kreb's cycle. The Kreb's cycle allows cells to “burn” the pyruvates made in glycolysis to get more ATP.
The last step in the breakdown of glucose is called oxidative phosphorylation (Ox-Phos).
It takes place in specialized cell structures called mitochondria. This process produces a large amount of ATP. Importantly, cells need oxygen to complete oxidative phosphorylation.
If a cell completes only glycolysis, only 2 molecules of ATP are made per glucose. However, if the cell completes the entire respiration process (glycolysis - Kreb's - oxidative phosphorylation), about 36 molecules of ATP are created, giving it much more energy to use.
IN CANCER CELL:
Unlike healthy cells that "burn" the entire molecule of sugar to capture a large amount of energy as ATP, cancer cells are wasteful.
Cancer cells only partially break down sugar molecules. They overuse the first step of respiration, glycolysis. They frequently do not complete the second step, oxidative phosphorylation.
This results in only 2 molecules of ATP per each glucose molecule instead of the 36 or so ATPs healthy cells gain. As a result, cancer cells need to use a lot more sugar molecules to get enough energy to survive.
Unlike healthy cells that "burn" the entire molecule of sugar to capture a large amount of energy as ATP, cancer cells are wasteful.
Cancer cells only partially break down sugar molecules. They overuse the first step of respiration, glycolysis. They frequently do not complete the second step, oxidative phosphorylation.
This results in only 2 molecules of ATP per each glucose molecule instead of the 36 or so ATPs healthy cells gain. As a result, cancer cells need to use a lot more sugar molecules to get enough energy to survive.
introduction to WARBERG PHENOMENA:
WARBURG EFFECT Usually, cancer cells are highly glycolytic (glucose addiction) and take up more glucose than do normal cells from outside.
Otto Heinrich Warburg (; 8 October 1883 – 1 August 1970) In 1931 was awarded the Nobel Prize in Physiology for his "discovery of the nature and mode of action of the respiratory enzyme.
WARNBURG EFFECT : cancer cells under aerobic (well-oxygenated) conditions to metabolize glucose to lactate (aerobic glycolysis) is known as the Warburg effect. Warburg made the observation that tumor slices consume glucose and secrete lactate at a higher rate than normal tissues.
Earliest Galaxies in the JADES Origins Field: Luminosity Function and Cosmic ...Sérgio Sacani
We characterize the earliest galaxy population in the JADES Origins Field (JOF), the deepest
imaging field observed with JWST. We make use of the ancillary Hubble optical images (5 filters
spanning 0.4−0.9µm) and novel JWST images with 14 filters spanning 0.8−5µm, including 7 mediumband filters, and reaching total exposure times of up to 46 hours per filter. We combine all our data
at > 2.3µm to construct an ultradeep image, reaching as deep as ≈ 31.4 AB mag in the stack and
30.3-31.0 AB mag (5σ, r = 0.1” circular aperture) in individual filters. We measure photometric
redshifts and use robust selection criteria to identify a sample of eight galaxy candidates at redshifts
z = 11.5 − 15. These objects show compact half-light radii of R1/2 ∼ 50 − 200pc, stellar masses of
M⋆ ∼ 107−108M⊙, and star-formation rates of SFR ∼ 0.1−1 M⊙ yr−1
. Our search finds no candidates
at 15 < z < 20, placing upper limits at these redshifts. We develop a forward modeling approach to
infer the properties of the evolving luminosity function without binning in redshift or luminosity that
marginalizes over the photometric redshift uncertainty of our candidate galaxies and incorporates the
impact of non-detections. We find a z = 12 luminosity function in good agreement with prior results,
and that the luminosity function normalization and UV luminosity density decline by a factor of ∼ 2.5
from z = 12 to z = 14. We discuss the possible implications of our results in the context of theoretical
models for evolution of the dark matter halo mass function.
What is greenhouse gasses and how many gasses are there to affect the Earth.moosaasad1975
What are greenhouse gasses how they affect the earth and its environment what is the future of the environment and earth how the weather and the climate effects.
This presentation explores a brief idea about the structural and functional attributes of nucleotides, the structure and function of genetic materials along with the impact of UV rays and pH upon them.
Deep Behavioral Phenotyping in Systems Neuroscience for Functional Atlasing a...Ana Luísa Pinho
Functional Magnetic Resonance Imaging (fMRI) provides means to characterize brain activations in response to behavior. However, cognitive neuroscience has been limited to group-level effects referring to the performance of specific tasks. To obtain the functional profile of elementary cognitive mechanisms, the combination of brain responses to many tasks is required. Yet, to date, both structural atlases and parcellation-based activations do not fully account for cognitive function and still present several limitations. Further, they do not adapt overall to individual characteristics. In this talk, I will give an account of deep-behavioral phenotyping strategies, namely data-driven methods in large task-fMRI datasets, to optimize functional brain-data collection and improve inference of effects-of-interest related to mental processes. Key to this approach is the employment of fast multi-functional paradigms rich on features that can be well parametrized and, consequently, facilitate the creation of psycho-physiological constructs to be modelled with imaging data. Particular emphasis will be given to music stimuli when studying high-order cognitive mechanisms, due to their ecological nature and quality to enable complex behavior compounded by discrete entities. I will also discuss how deep-behavioral phenotyping and individualized models applied to neuroimaging data can better account for the subject-specific organization of domain-general cognitive systems in the human brain. Finally, the accumulation of functional brain signatures brings the possibility to clarify relationships among tasks and create a univocal link between brain systems and mental functions through: (1) the development of ontologies proposing an organization of cognitive processes; and (2) brain-network taxonomies describing functional specialization. To this end, tools to improve commensurability in cognitive science are necessary, such as public repositories, ontology-based platforms and automated meta-analysis tools. I will thus discuss some brain-atlasing resources currently under development, and their applicability in cognitive as well as clinical neuroscience.
Slide 1: Title Slide
Extrachromosomal Inheritance
Slide 2: Introduction to Extrachromosomal Inheritance
Definition: Extrachromosomal inheritance refers to the transmission of genetic material that is not found within the nucleus.
Key Components: Involves genes located in mitochondria, chloroplasts, and plasmids.
Slide 3: Mitochondrial Inheritance
Mitochondria: Organelles responsible for energy production.
Mitochondrial DNA (mtDNA): Circular DNA molecule found in mitochondria.
Inheritance Pattern: Maternally inherited, meaning it is passed from mothers to all their offspring.
Diseases: Examples include Leber’s hereditary optic neuropathy (LHON) and mitochondrial myopathy.
Slide 4: Chloroplast Inheritance
Chloroplasts: Organelles responsible for photosynthesis in plants.
Chloroplast DNA (cpDNA): Circular DNA molecule found in chloroplasts.
Inheritance Pattern: Often maternally inherited in most plants, but can vary in some species.
Examples: Variegation in plants, where leaf color patterns are determined by chloroplast DNA.
Slide 5: Plasmid Inheritance
Plasmids: Small, circular DNA molecules found in bacteria and some eukaryotes.
Features: Can carry antibiotic resistance genes and can be transferred between cells through processes like conjugation.
Significance: Important in biotechnology for gene cloning and genetic engineering.
Slide 6: Mechanisms of Extrachromosomal Inheritance
Non-Mendelian Patterns: Do not follow Mendel’s laws of inheritance.
Cytoplasmic Segregation: During cell division, organelles like mitochondria and chloroplasts are randomly distributed to daughter cells.
Heteroplasmy: Presence of more than one type of organellar genome within a cell, leading to variation in expression.
Slide 7: Examples of Extrachromosomal Inheritance
Four O’clock Plant (Mirabilis jalapa): Shows variegated leaves due to different cpDNA in leaf cells.
Petite Mutants in Yeast: Result from mutations in mitochondrial DNA affecting respiration.
Slide 8: Importance of Extrachromosomal Inheritance
Evolution: Provides insight into the evolution of eukaryotic cells.
Medicine: Understanding mitochondrial inheritance helps in diagnosing and treating mitochondrial diseases.
Agriculture: Chloroplast inheritance can be used in plant breeding and genetic modification.
Slide 9: Recent Research and Advances
Gene Editing: Techniques like CRISPR-Cas9 are being used to edit mitochondrial and chloroplast DNA.
Therapies: Development of mitochondrial replacement therapy (MRT) for preventing mitochondrial diseases.
Slide 10: Conclusion
Summary: Extrachromosomal inheritance involves the transmission of genetic material outside the nucleus and plays a crucial role in genetics, medicine, and biotechnology.
Future Directions: Continued research and technological advancements hold promise for new treatments and applications.
Slide 11: Questions and Discussion
Invite Audience: Open the floor for any questions or further discussion on the topic.
Observation of Io’s Resurfacing via Plume Deposition Using Ground-based Adapt...Sérgio Sacani
Since volcanic activity was first discovered on Io from Voyager images in 1979, changes
on Io’s surface have been monitored from both spacecraft and ground-based telescopes.
Here, we present the highest spatial resolution images of Io ever obtained from a groundbased telescope. These images, acquired by the SHARK-VIS instrument on the Large
Binocular Telescope, show evidence of a major resurfacing event on Io’s trailing hemisphere. When compared to the most recent spacecraft images, the SHARK-VIS images
show that a plume deposit from a powerful eruption at Pillan Patera has covered part
of the long-lived Pele plume deposit. Although this type of resurfacing event may be common on Io, few have been detected due to the rarity of spacecraft visits and the previously low spatial resolution available from Earth-based telescopes. The SHARK-VIS instrument ushers in a new era of high resolution imaging of Io’s surface using adaptive
optics at visible wavelengths.
19. SQL injection vulnerability
•injection vuln = using data in an other context, without proper
preparation
•basically, anything can be retrieved from the database
20. (byebug) break ActiveRecord::SQLite3Adapter.exec_query
[283, 292] in …/active_record/…/sqlite3_adapter.rb
287:
=> 288: def exec_query(sql, name = nil, …)
[...]
(byebug) var local
[…]
sql = SELECT * FROM posts WHERE id=3
Database access: from the inside
22. (byebug) var local
[…]
sql = SELECT * FROM posts WHERE id=3 UNION SELECT
password from users
params = { ‘q’ => ‘3 UNION SELECT password from users’}
Database access: from the inside
23. Take aways
•Injections vulnerabilities lies in your code
•They can be detected at runtime, hooking e.g. SQL drivers
•Ruby on Rails:
ActiveRecord::ConnectionAdapters::AbstractAdapter::log
25. class SessionsController < ApplicationController
def create
user = login(params[:email], params[:password])
JWT.encode(user.email, hmac_secret)
end
end
User authentication
26.
27. Take aways
•Authentication related vulnerabilities happen (or lies) in the code
•Many can be detected at runtime, hooking authentication
frameworks
•Ruby on Rails:
Devise::Strategies::DatabaseAuthenticatable.authenticate!
30. Take aways
•Business vulnerabilities… are triggered in your code!
•Even if you have no vulnerability
•They can be measured during runtime
•And analysed (realtime or not) then
•What to monitor? You know your business!
33. Take aways
•Defined in your code - or in your configuration files
anyway
•So important even GitHub does it nowadays
•Runtime allows to check all deployments are fine
34. Meta take aways (OMG)
•Bug happens
•Some of them are security related
•Be aware of in-code vulnerabilities
•And business vulnerabilities
•It will be on you (you, as an API builder) some day