App Sec Eu08 Sec Frm Not In Code

•

1 like•469 views

Samuele Reghenzi

My presentation at App Sec Eu08 GANT

OWASP Europe Conference 2008

Security framework is not in
the code

Sam Reghenzi

OWASP
Copyright © The OWASP Foundation
Permission is granted to copy, distribute and/or modify this document
under the terms of the OWASP License.

The OWASP Foundation
http://www.owasp.org

Do we really need more security in
our software?

OWASP

Do we really need more security in
our software?

Number of security related vulnerabilities

OWASP

Do we really need more security in
our software?

Number of security related vulnerabilities

We need to build better software
OWASP

#1
What we mean with Security Framework

It is not
Authentication and authorization
Encryption
Firewall software
It could be
An enterprise security approach
A risk management framework for security related threats
Defined steps in your (Secure) development life cycle

OWASP

Traditions (And other bad habits)

Security is a network problem and it can be solved
with hardware

No budget in development

Software not
developed in a
security aware life
cycle

OWASP

Establish security in your DL

Software engineering
Find best practice to fit your team or company
Test for abuse, not only for good use
Measure code, bug and progress

Social engineering
Make good friends
Be aware of your business compliancy
Wait... something bad will happen

OWASP

The ROI Problem

Security in software development brings no direct revenue

#1 Reduce costs

#2 Bring evidence of risks

#3 Sell security as a value

OWASP

[Static]Code analysis

Add security awareness in code reviews
Add security blue prints in automatic code analysis
Fix codebase and third party software

OWASP

[Static]Code analysis

The poor man so!ware security

Add security awareness in code reviews
Add security blue prints in automatic code analysis
Fix codebase and third party software

OWASP

Security Risk management

Manage knowledge, identify risks,
rank them and fix them

Context Risk Sort

Fix

OWASP

Security Risk management
Gather documentation

#1 Gather information from management
Gather information from the team
Gather information from artifacts

#2 Organize everything

#3 Make the deal

OWASP

Hot stages of SDLC

The architectural design
User stories
The development
Test driven
The test
Iterations
The enhancement

Code review
Abuse cases
Penetration testing
Security requirements
Risk analysis

OWASP

Hot stages of SDLC
Traditional
The architectural design
User stories
The development
Test driven
The test
Iterations
The enhancement

Code review
Abuse cases
Penetration testing
Security requirements
Risk analysis

OWASP

Hot stages of SDLC
Traditional Agile
The architectural design
User stories
The development
Test driven
The test
Iterations
The enhancement

Code review
Abuse cases
Penetration testing
Security requirements
Risk analysis

OWASP

Hot stages of SDLC
Traditional Agile
The architectural design
User stories
The development
Test driven
The test
Iterations
The enhancement

Touchpoints

Code review
Abuse cases
Penetration testing
Security requirements
Risk analysis

OWASP

Historical knowledge

Know your enemies

Find exploit earlier

Find focus Prevent attack patterns

Enrich security management framework

OWASP

Tips

Jump on the High availability train
Mitigate Web 2.0
Deliver something concrete
In Rome act like a Roman

OWASP

For the security industry to mature more data needs to be available about the true cost of security vulnerabilities. Data and statistics are starting to be released, but most of this currently focuses on the prevalence of different types of vulnerabilities and incidents rather than the costs of addressing the underlying issues. This session presents statistics from the remediation of 15 web-based applications in order to provide insight into the actual cost of remediating application-level vulnerabilities. The presentation begins by setting out a structured model for software security remediation projects so that time spent on tasks can be consistently tracked. It lays out possible sources of bias in the underlying data to allow for better-informed consumption of the final analysis. Also it discusses different approaches to remediating vulnerabilities such as fixing easy vulnerabilities first versus fixing serious vulnerabilities first. Next, historical data from the fifteen remediation projects is presented. This data consists of the average cost to remediate specific classes of vulnerabilities – cross-site scripting, SQL injection and so on – as well as the overall project composition to demonstrate the percentage of time spent on actual fixes as well as the percentages of time spent on other supporting activities such as environment setup, testing and verification and deployment. The data on the remediation of specific vulnerabilities allows for a comparison of the relative difficulty of remediating different vulnerability types. The data on the overall project composition can be used to determine the relative “efficiency” of different projects. Finally, analysis of the data is used to create a model for estimating remediation projects so that organizations can create realistic estimates in order to make informed remediate/do not remediate decisions. In addition, characteristics of the analyzed projects are mapped to project composition to demonstrate best practices that can be used to decrease the cost of future remediation efforts.

RSA 2015 Blending the Automated and the Manual: Making Application Vulnerabil...

Denim Group

Secure development of codeSalomeVictor

2013 Toorcon San Diego Building Custom Android Malware for Penetration Testing

Stephan Chenette

In this presentation Stephan will discuss some recent research that emerged he was asked to build malicious applications that bypassed custom security controls. He will walk through some of the basics of reversing malicious apps for android as well as common android malware techniques and methodologies. From the analysis of the wild android malware, he will discuss techniques and functionality to include when penetration testing against 3rd-party android security controls. BIO Stephan Chenette is the Director of Security Research and Development at IOActive where he conducts ongoing research to support internal and external security initiatives within the IOActive Labs. Stephan has been in involved in security research for the last 10 years and has presented at numerous conferences including: Blackhat, CanSecWest, RSA, EkoParty, RECon, AusCERT, ToorCon, SecTor, SOURCE, OWASP, B-Sides and PacSec. His specialty is in writing research tools for both the offensive and defensive front as well as investigating next generation emerging threats. He has released public analyses on various vulnerabilities and malware. Prior to joining IOActive, Stephan was the head security researcher at Websense for 6 years and a security software engineer for 4 years working in research and product development at eEye Digital Security.

Are Agile And Secure Development Mutually Exclusive?

Source Conference

Open Source Libraries - Managing Risk in Cloud

Suman Sourav

In recent months we have seen several critical security threat because of third party libraries used in software products and services, Heartbleed, POODLE is a great example of it but things are not limited here since we have large threat landscape because of huge consumption of external third party components in cloud application development. Security threat will not stop ever since new attack vectors will keep coming in these open/external sources components but what is important here is how we handle risks due to these third party libraries.

Security testing is an important part of any (agile) secure software development lifecyle. Still, security testing is often understood as an activity done by security testers in the time between "end of development" and "offering the product to customers." Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, we believe that security testing should be integrated into the daily development activities. To achieve this, we developed a security testing strategy, as part of SAP's security development lifecycle which supports the specific needs of the various software development models at SAP. In this presentation, we will briefly presents SAP's approach to an agile secure software development process in general and, in particular, present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools.

Ibm עמרי וייסמןlihig

Good Security Starts with Software Assurance - Software Assurance Market Plac...Phil Agcaoili

Integrating Application Security into a Software Development Process

Achim D. Brucker

Static Code Analysis (SCA) is an important means for detecting software vulnerabilities at an early stage in the software development lifecycle. The wide-spread introducing static code analysis at a large software vendor is challenging. Besides the technical challenges, e.g., caused by the large number of software development projects, large number of used programming languages (e.g., ABAP, C, Objective-C, ...), the use of dynamic programming models such as HTML5/JavaScript, there are also many non-technical challenges, e.g, creating security awareness among the developers, organizing trainings, integration of static code analysis into the development and maintenance processes. In this talk, we report the experiences we made while introducing static code analysis at SAP AG.

Using Third Party Components for Building an Application Might be More Danger...

Achim D. Brucker

Today, nearly all developers rely on third party components for building an application. Thus, for most software vendors, third party components in general and Free/Libre and Open Source Software (FLOSS) in particular, are an integral part of their software supply chain. As the security of a software offering, independently of the delivery model, depends on all components, a secure software supply chain is of utmost importance. While this is true for both proprietary and as well as FLOSS components that are consumed, FLOSS components impose particular challenges as well as provide unique opportunities. For example, on the one hand, FLOSS licenses contain usually a very strong “no warranty” clause and no service-level agreement. On the other hand, FLOSS licenses allow to modify the source code and, thus, to fix issues without depending on an (external) software vendor. This talk is based on working on integrating securely third-party components in general, and FLOSS components in particular, into the SAP's Security Development Lifecycle (SSDL). Thus, our experience covers a wide range of products (e.g., from small mobile applications of a few thousands lines of code to large scale enterprise applications with more than a billion lines of code), a wide range of software development models (ranging from traditional waterfall to agile software engineering to DevOps), as well as a multiple deployment models (e.g., on premise products, custom hosting, or software-as-a-service).

Web Application Remediation - OWASP San Antonio March 2007

Denim Group

24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days

Secure Software Development Life Cycle

Maurice Dawson

This article examines the emerging need for software assurance. As defense contractors continue to develop systems for the Department of Defense (DoD) those systems must meet stringent requirements for deployment. However as over half of the vulnerabilities are found at the application layer organizations must ensure that proper mechanisms are in place to ensure the integrity, availability, and confidentiality of the code is maintained. Download paper at https://www.researchgate.net/publication/255965523_Integrating_Software_Assurance_into_the_Software_Development_Life_Cycle_(SDLC)

Meucci OWASP Pci Milan 09

Matteo Meucci

Why AppSec Matters

InnoTech

Николай Бьернер «Program Analysis and Testing using Efficient Satisfiability ...

Yandex

Software Security CertificationVskills

Benchmarking Web Application Scanners for YOUR Organization

Denim Group

Web applications pose significant risks for organizations. The selection of an appropriate scanning product or service can be challenging because every organization develops their web applications differently and decisions made by developers can cause wide swings in the value of different scanning technologies. To make a solid, informed decision, organizations need to create development team- and organization-specific benchmarks for the effectiveness of potential scanning technologies. This involves creating a comprehensive model of false positives, false negatives and other factors prior to mandating analysis technologies and making decisions about application risk management. This presentation provides a model for evaluating application analysis technologies, introduces an open source tool for benchmarking and comparing tool effectiveness, and outlines a process for making organization-specific decisions about analysis technology selection.

Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...

Denim Group

Threat modeling is a valuable technique for identifying potential security issues in complex applications but many teams have been slow to adopt. This presentation looks at Threat Modeling from two perspectives – from that of a system builder trying to avoid introducing security defects into a new system and from that of a system tester trying to identify security issues in an existing system. The materials include discussion of where threat modeling is best done during the development lifecycle as well as the process of creating and refining a threat model. Follow Dan Cornell on twitter - @danielcornell

Coverity Data SheetJon Lundquist

On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...

Achim D. Brucker

Developing mobile applications is a challenging business: developers need to support multiple platforms and, at the same time, need to cope with limited resources, as the revenue generated by an average app is rather small. This results in an increasing use of cross-platform development frameworks that allow developing an app once and offering it on multiple mobile platforms such as Android, iOS, or Windows. Apache Cordova is a popular framework for developing multi-platform apps. Cordova combines HTML5 and JavaScript with native application code. Combining web and native technologies creates new security challenges as, e. g., an XSS attacker becomes more powerful. In this paper, we present a novel approach for statically analysing the foreign language calls. We evaluate our approach by analysing the top Cordova apps from Google Play. Moreover, we report on the current state of the overall quality and security of Cordova apps.

Matteo Meucci - Security Summit 12th March 2019

Minded Security

Android Secure Coding

JPCERT Coordination Center

Cloud Security vs Security in the Cloud

Tjylen Veselyj

OWASP Overview of Projects You Can Use Today - DefCamp 2012DefCamp

Security as a New Metric for Your Business, Product and Development Lifecycle...

IT Arena

Lviv IT Arena is a conference specially designed for programmers, designers, developers, top managers, inverstors, entrepreneur and startuppers. Annually it takes place on 2-4 of October in Lviv at the Arena Lviv stadium. In 2015 conference gathered more than 1400 participants and over 100 speakers from companies like Facebook. FitBit, Mail.ru, HP, Epson and IBM. More details about conference at itarene.lviv.ua.

What's hot

Security best practices

AVEVA

Agile Secure Software Development in a Large Software Development Organisatio...

Achim D. Brucker

Ibm עמרי וייסמןlihig

Good Security Starts with Software Assurance - Software Assurance Market Plac...Phil Agcaoili

Integrating Application Security into a Software Development Process

Achim D. Brucker

Using Third Party Components for Building an Application Might be More Danger...

Achim D. Brucker

Web Application Remediation - OWASP San Antonio March 2007

Denim Group

24may 1200 valday eric anklesaria 'secure sdlc – core banking'Positive Hack Days

Secure Software Development Life Cycle

Maurice Dawson

Meucci OWASP Pci Milan 09

Matteo Meucci

Why AppSec Matters

InnoTech

Николай Бьернер «Program Analysis and Testing using Efficient Satisfiability ...

Yandex

Software Security CertificationVskills

Benchmarking Web Application Scanners for YOUR Organization

Denim Group

Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...

Denim Group

Coverity Data SheetJon Lundquist

On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...

Achim D. Brucker

Matteo Meucci - Security Summit 12th March 2019

Minded Security

Android Secure Coding

JPCERT Coordination Center

What's hot (19)

Security best practices

Agile Secure Software Development in a Large Software Development Organisatio...

Ibm עמרי וייסמן

Good Security Starts with Software Assurance - Software Assurance Market Plac...

Integrating Application Security into a Software Development Process

Using Third Party Components for Building an Application Might be More Danger...

Web Application Remediation - OWASP San Antonio March 2007

24may 1200 valday eric anklesaria 'secure sdlc – core banking'

Secure Software Development Life Cycle

Meucci OWASP Pci Milan 09

Why AppSec Matters

Николай Бьернер «Program Analysis and Testing using Efficient Satisfiability ...

Software Security Certification

Benchmarking Web Application Scanners for YOUR Organization

Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...

Coverity Data Sheet

On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...

Matteo Meucci - Security Summit 12th March 2019

Android Secure Coding

Similar to App Sec Eu08 Sec Frm Not In Code

Cloud Security vs Security in the Cloud

Tjylen Veselyj

OWASP Overview of Projects You Can Use Today - DefCamp 2012DefCamp

Security as a New Metric for Your Business, Product and Development Lifecycle...

IT Arena

Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode

Digital Defense Inc

Vulnerability Management In An Application Security World: AppSecDC

Denim Group

Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities. This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams’ practice of vulnerability management and development teams’ practice of defect management will be addressed in order to facilitate healthy communication between these groups.

Security case buffer overflowIan Sommerville

What Every Developer And Tester Should Know About Software Security

Anne Oikarinen

Software security is best built in. This presentation introduces three essential things to help you design more secure software. In order to have a secure foundation, you can create and select security requirements for your applications using evil user stories and utilizing existing material for example from OWASP. Another useful skill is threat modeling which helps you to assess security already in the design phase. Threat modeling helps you deliver better software, prioritize your preventive security measures, and focus penetration testing to the most risky parts of the system. The presentation covers various methods, such as the STRIDE model, for finding security and privacy threats. You will also learn what kind of security related testing you can do without having any infosec background.

OWASP - Building Secure Web Applications

alexbe

Software Security Initiative And Capability Maturity ModelsMarco Morana

NessPRO Italy on CAST

Ernesto Di Mauro

Secure SDLC in mobile software development.

Mykhailo Antonishyn

DevSecOps Best Practices-Safeguarding Your Digital Landscape

stevecooper930744

ONE Conference: Vulnerabilities in Web ApplicationsNetcetera

PHP under controlDamien Seguy

Confoo 2012 - Web security keynoteAntonio Fontes

Dev{sec}ops

Steven Carlson

Ibm עמרי וייסמןlihig

Omrilihig

Agile and Secure SDLC

Nazar Tymoshyk, CEH, Ph.D.

Bridging the gap - Security and Software Testing

Roberto Suggi Liverani

When performing a security testing, I often sit in a room with other QA and Software testers. During that time, it is likely I receive questions such as: "Roberto, are you hacking this? Are you breaking this again? What exactly are you testing?" Whi l e talking to them I realise there is an information gap between us, especially when they share information which is essential for my testing and crucial to identify security vulnerabilities. After a good number of security tests, I came to a conclusion that people in our industry do not realise that software testing and security testing have a lot to share. This talk intends to reduce that information gap and provides an introduction to security software testing, methodologies, and most importantly offers some food for thought to stimulate synergy between security and software testers

Similar to App Sec Eu08 Sec Frm Not In Code (20)

Cloud Security vs Security in the Cloud

OWASP Overview of Projects You Can Use Today - DefCamp 2012

Security as a New Metric for Your Business, Product and Development Lifecycle...

Crafting Super-Powered Risk Assessments by Digital Defense Inc & Veracode

Vulnerability Management In An Application Security World: AppSecDC

Security case buffer overflow

What Every Developer And Tester Should Know About Software Security

OWASP - Building Secure Web Applications

Software Security Initiative And Capability Maturity Models

NessPRO Italy on CAST

Secure SDLC in mobile software development.

DevSecOps Best Practices-Safeguarding Your Digital Landscape

ONE Conference: Vulnerabilities in Web Applications

PHP under control

Confoo 2012 - Web security keynote

Dev{sec}ops

Ibm עמרי וייסמן

Omri

Agile and Secure SDLC

Bridging the gap - Security and Software Testing

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

Assuring Contact Center Experiences for Your Customers With ThousandEyes

ThousandEyes

Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024

Tobias Schneck

As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other? Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

Epistemic Interaction - tuning interfaces to provide information for AI support

Alan Dix

Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024 https://alandix.com/academic/papers/synergy2024-epistemic/ As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.

Essentials of Automations: Optimizing FME Workflows with Parameters

Safe Software

Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place. Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects. Here’s what you’ll gain: - Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows. - Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy. - Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency. - Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity. We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic. Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.

Generating a custom Ruby SDK for your web service or Rails API using Smithy

g2nightmarescribd

Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.

Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...

Ramesh Iyer

In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

AI for Every Business: Unlocking Your Product's Universal Potential by VP of ...

Product School

To Graph or Not to Graph Knowledge Graph Architectures and LLMs

Paul Groth

UiPath Test Automation using UiPath Test Suite series, part 3

DianaGray10

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

DevOps and Testing slides at DASA Connect

Kari Kakkonen

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

Neuro-symbolic is not enough, we need neuro-*semantic*

Frank van Harmelen

Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”. All of this illustrated with link prediction over knowledge graphs, but the argument is general.

FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf

FIDO Alliance

Recently uploaded (20)