Remediation Statistics: What Does Fixing Application Vulnerabilities Cost?Denim Group
For the security industry to mature more data needs to be available about the true cost of security vulnerabilities. Data and statistics are starting to be released, but most of this currently focuses on the prevalence of different types of vulnerabilities and incidents rather than the costs of addressing the underlying issues. This session presents statistics from the remediation of 15 web-based applications in order to provide insight into the actual cost of remediating application-level vulnerabilities.
The presentation begins by setting out a structured model for software security remediation projects so that time spent on tasks can be consistently tracked. It lays out possible sources of bias in the underlying data to allow for better-informed consumption of the final analysis. Also it discusses different approaches to remediating vulnerabilities such as fixing easy vulnerabilities first versus fixing serious vulnerabilities first.
Next, historical data from the fifteen remediation projects is presented. This data consists of the average cost to remediate specific classes of vulnerabilities – cross-site scripting, SQL injection and so on – as well as the overall project composition to demonstrate the percentage of time spent on actual fixes as well as the percentages of time spent on other supporting activities such as environment setup, testing and verification and deployment. The data on the remediation of specific vulnerabilities allows for a comparison of the relative difficulty of remediating different vulnerability types. The data on the overall project composition can be used to determine the relative “efficiency” of different projects.
Finally, analysis of the data is used to create a model for estimating remediation projects so that organizations can create realistic estimates in order to make informed remediate/do not remediate decisions. In addition, characteristics of the analyzed projects are mapped to project composition to demonstrate best practices that can be used to decrease the cost of future remediation efforts.
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
In this presentation Stephan will discuss some recent research that emerged he was asked to build malicious applications that bypassed custom security controls. He will walk through some of the basics of reversing malicious apps for android as well as common android malware techniques and methodologies. From the analysis of the wild android malware, he will discuss techniques and functionality to include when penetration testing against 3rd-party android security controls.
BIO
Stephan Chenette is the Director of Security Research and Development at IOActive where he conducts ongoing research to support internal and external security initiatives within the IOActive Labs. Stephan has been in involved in security research for the last 10 years and has presented at numerous conferences including: Blackhat, CanSecWest, RSA, EkoParty, RECon, AusCERT, ToorCon, SecTor, SOURCE, OWASP, B-Sides and PacSec. His specialty is in writing research tools for both the offensive and defensive front as well as investigating next generation emerging threats. He has released public analyses on various vulnerabilities and malware. Prior to joining IOActive, Stephan was the head security researcher at Websense for 6 years and a security software engineer for 4 years working in research and product development at eEye Digital Security.
Open Source Libraries - Managing Risk in Cloud Suman Sourav
In recent months we have seen several critical security threat because of third party libraries used in software products and services, Heartbleed, POODLE is a great example of it but things are not limited here since we have large threat landscape because of huge consumption of external third party components in cloud application development. Security threat will not stop ever since new attack vectors will keep coming in these open/external sources components but what is important here is how we handle risks due to these third party libraries.
Remediation Statistics: What Does Fixing Application Vulnerabilities Cost?Denim Group
For the security industry to mature more data needs to be available about the true cost of security vulnerabilities. Data and statistics are starting to be released, but most of this currently focuses on the prevalence of different types of vulnerabilities and incidents rather than the costs of addressing the underlying issues. This session presents statistics from the remediation of 15 web-based applications in order to provide insight into the actual cost of remediating application-level vulnerabilities.
The presentation begins by setting out a structured model for software security remediation projects so that time spent on tasks can be consistently tracked. It lays out possible sources of bias in the underlying data to allow for better-informed consumption of the final analysis. Also it discusses different approaches to remediating vulnerabilities such as fixing easy vulnerabilities first versus fixing serious vulnerabilities first.
Next, historical data from the fifteen remediation projects is presented. This data consists of the average cost to remediate specific classes of vulnerabilities – cross-site scripting, SQL injection and so on – as well as the overall project composition to demonstrate the percentage of time spent on actual fixes as well as the percentages of time spent on other supporting activities such as environment setup, testing and verification and deployment. The data on the remediation of specific vulnerabilities allows for a comparison of the relative difficulty of remediating different vulnerability types. The data on the overall project composition can be used to determine the relative “efficiency” of different projects.
Finally, analysis of the data is used to create a model for estimating remediation projects so that organizations can create realistic estimates in order to make informed remediate/do not remediate decisions. In addition, characteristics of the analyzed projects are mapped to project composition to demonstrate best practices that can be used to decrease the cost of future remediation efforts.
2013 Toorcon San Diego Building Custom Android Malware for Penetration TestingStephan Chenette
In this presentation Stephan will discuss some recent research that emerged he was asked to build malicious applications that bypassed custom security controls. He will walk through some of the basics of reversing malicious apps for android as well as common android malware techniques and methodologies. From the analysis of the wild android malware, he will discuss techniques and functionality to include when penetration testing against 3rd-party android security controls.
BIO
Stephan Chenette is the Director of Security Research and Development at IOActive where he conducts ongoing research to support internal and external security initiatives within the IOActive Labs. Stephan has been in involved in security research for the last 10 years and has presented at numerous conferences including: Blackhat, CanSecWest, RSA, EkoParty, RECon, AusCERT, ToorCon, SecTor, SOURCE, OWASP, B-Sides and PacSec. His specialty is in writing research tools for both the offensive and defensive front as well as investigating next generation emerging threats. He has released public analyses on various vulnerabilities and malware. Prior to joining IOActive, Stephan was the head security researcher at Websense for 6 years and a security software engineer for 4 years working in research and product development at eEye Digital Security.
Open Source Libraries - Managing Risk in Cloud Suman Sourav
In recent months we have seen several critical security threat because of third party libraries used in software products and services, Heartbleed, POODLE is a great example of it but things are not limited here since we have large threat landscape because of huge consumption of external third party components in cloud application development. Security threat will not stop ever since new attack vectors will keep coming in these open/external sources components but what is important here is how we handle risks due to these third party libraries.
Agile Secure Software Development in a Large Software Development Organisatio...Achim D. Brucker
Security testing is an important part of any (agile) secure software development lifecyle. Still, security testing is often understood as an activity done by security testers in the time between "end of development" and "offering the product to customers."
Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, we believe that security testing should be integrated into the daily development activities. To achieve this, we developed a security testing strategy, as part of SAP's security development lifecycle which supports the specific needs of the various software development models at SAP.
In this presentation, we will briefly presents SAP's approach to an agile secure software development process in general and, in particular, present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools.
Integrating Application Security into a Software Development ProcessAchim D. Brucker
Static Code Analysis (SCA) is an important means for detecting software vulnerabilities at an early stage in the software development lifecycle. The wide-spread introducing static code analysis at a large software vendor is challenging. Besides the technical challenges, e.g., caused by the large number of software development projects, large number of used programming languages (e.g., ABAP, C, Objective-C, ...), the use of dynamic programming models such as HTML5/JavaScript, there are also many non-technical challenges, e.g, creating security awareness among the developers, organizing trainings, integration of static code analysis into the development and maintenance processes. In this talk, we report the experiences we made while introducing static code analysis at SAP AG.
Using Third Party Components for Building an Application Might be More Danger...Achim D. Brucker
Today, nearly all developers rely on third party components for building an application. Thus, for most software vendors, third
party components in general and Free/Libre and Open Source Software (FLOSS) in particular, are an integral part of their
software supply chain.
As the security of a software offering, independently of the delivery model, depends on all components, a secure software supply
chain is of utmost importance. While this is true for both proprietary and as well as FLOSS components that are consumed,
FLOSS components impose particular challenges as well as provide unique opportunities. For example, on the one hand,
FLOSS licenses contain usually a very strong “no warranty” clause and no service-level agreement. On the other hand, FLOSS
licenses allow to modify the source code and, thus, to fix issues without depending on an (external) software vendor.
This talk is based on working on integrating securely third-party components in general, and FLOSS components in particular,
into the SAP's Security Development Lifecycle (SSDL). Thus, our experience covers a wide range of products (e.g., from small
mobile applications of a few thousands lines of code to large scale enterprise applications with more than a billion lines of code),
a wide range of software development models (ranging from traditional waterfall to agile software engineering to DevOps), as
well as a multiple deployment models (e.g., on premise products, custom hosting, or software-as-a-service).
Web Application Remediation - OWASP San Antonio March 2007Denim Group
This presentation covers best practices for organizations looking to remediate software and application security vulnerabilities they have identified in their application portfolios.
This article examines the emerging need for software assurance. As defense contractors continue to develop systems for the Department of Defense (DoD) those systems must meet stringent requirements for deployment. However as over half of the vulnerabilities are found at the application layer organizations must ensure that proper mechanisms are in place to ensure the integrity, availability, and confidentiality of the code is maintained. Download paper at https://www.researchgate.net/publication/255965523_Integrating_Software_Assurance_into_the_Software_Development_Life_Cycle_(SDLC)
Николай Бьернер «Program Analysis and Testing using Efficient Satisfiability ...Yandex
Научно-технический семинар «Microsoft Z3: Как научить компьютер доказывать теоремы и тестировать программы», 2 октября 2012 г.
Николай Бьернер, старший научный сотрудник Microsoft Research.
Benchmarking Web Application Scanners for YOUR OrganizationDenim Group
Web applications pose significant risks for organizations. The selection of an appropriate scanning product or service can be challenging because every organization develops their web applications differently and decisions made by developers can cause wide swings in the value of different scanning technologies. To make a solid, informed decision, organizations need to create development team- and organization-specific benchmarks for the effectiveness of potential scanning technologies. This involves creating a comprehensive model of false positives, false negatives and other factors prior to mandating analysis technologies and making decisions about application risk management. This presentation provides a model for evaluating application analysis technologies, introduces an open source tool for benchmarking and comparing tool effectiveness, and outlines a process for making organization-specific decisions about analysis technology selection.
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Denim Group
Threat modeling is a valuable technique for identifying potential security issues in complex applications but many teams have been slow to adopt. This presentation looks at Threat Modeling from two perspectives – from that of a system builder trying to avoid introducing security defects into a new system and from that of a system tester trying to identify security issues in an existing system. The materials include discussion of where threat modeling is best done during the development lifecycle as well as the process of creating and refining a threat model.
Follow Dan Cornell on twitter - @danielcornell
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...Achim D. Brucker
Developing mobile applications is a challenging business: de-
velopers need to support multiple platforms and, at the same time, need
to cope with limited resources, as the revenue generated by an average
app is rather small. This results in an increasing use of cross-platform
development frameworks that allow developing an app once and offering
it on multiple mobile platforms such as Android, iOS, or Windows.
Apache Cordova is a popular framework for developing multi-platform
apps. Cordova combines HTML5 and JavaScript with native applica-
tion code. Combining web and native technologies creates new security
challenges as, e. g., an XSS attacker becomes more powerful.
In this paper, we present a novel approach for statically analysing the
foreign language calls. We evaluate our approach by analysing the top
Cordova apps from Google Play. Moreover, we report on the current state
of the overall quality and security of Cordova apps.
Security as a New Metric for Your Business, Product and Development Lifecycle...IT Arena
Lviv IT Arena is a conference specially designed for programmers, designers, developers, top managers, inverstors, entrepreneur and startuppers. Annually it takes place on 2-4 of October in Lviv at the Arena Lviv stadium. In 2015 conference gathered more than 1400 participants and over 100 speakers from companies like Facebook. FitBit, Mail.ru, HP, Epson and IBM. More details about conference at itarene.lviv.ua.
Agile Secure Software Development in a Large Software Development Organisatio...Achim D. Brucker
Security testing is an important part of any (agile) secure software development lifecyle. Still, security testing is often understood as an activity done by security testers in the time between "end of development" and "offering the product to customers."
Learning from traditional testing that the fixing of bugs is the more costly the later it is done in development, we believe that security testing should be integrated into the daily development activities. To achieve this, we developed a security testing strategy, as part of SAP's security development lifecycle which supports the specific needs of the various software development models at SAP.
In this presentation, we will briefly presents SAP's approach to an agile secure software development process in general and, in particular, present SAP's Security Testing Strategy that enables developers to find security vulnerabilities early by applying a variety of different security testing methods and tools.
Integrating Application Security into a Software Development ProcessAchim D. Brucker
Static Code Analysis (SCA) is an important means for detecting software vulnerabilities at an early stage in the software development lifecycle. The wide-spread introducing static code analysis at a large software vendor is challenging. Besides the technical challenges, e.g., caused by the large number of software development projects, large number of used programming languages (e.g., ABAP, C, Objective-C, ...), the use of dynamic programming models such as HTML5/JavaScript, there are also many non-technical challenges, e.g, creating security awareness among the developers, organizing trainings, integration of static code analysis into the development and maintenance processes. In this talk, we report the experiences we made while introducing static code analysis at SAP AG.
Using Third Party Components for Building an Application Might be More Danger...Achim D. Brucker
Today, nearly all developers rely on third party components for building an application. Thus, for most software vendors, third
party components in general and Free/Libre and Open Source Software (FLOSS) in particular, are an integral part of their
software supply chain.
As the security of a software offering, independently of the delivery model, depends on all components, a secure software supply
chain is of utmost importance. While this is true for both proprietary and as well as FLOSS components that are consumed,
FLOSS components impose particular challenges as well as provide unique opportunities. For example, on the one hand,
FLOSS licenses contain usually a very strong “no warranty” clause and no service-level agreement. On the other hand, FLOSS
licenses allow to modify the source code and, thus, to fix issues without depending on an (external) software vendor.
This talk is based on working on integrating securely third-party components in general, and FLOSS components in particular,
into the SAP's Security Development Lifecycle (SSDL). Thus, our experience covers a wide range of products (e.g., from small
mobile applications of a few thousands lines of code to large scale enterprise applications with more than a billion lines of code),
a wide range of software development models (ranging from traditional waterfall to agile software engineering to DevOps), as
well as a multiple deployment models (e.g., on premise products, custom hosting, or software-as-a-service).
Web Application Remediation - OWASP San Antonio March 2007Denim Group
This presentation covers best practices for organizations looking to remediate software and application security vulnerabilities they have identified in their application portfolios.
This article examines the emerging need for software assurance. As defense contractors continue to develop systems for the Department of Defense (DoD) those systems must meet stringent requirements for deployment. However as over half of the vulnerabilities are found at the application layer organizations must ensure that proper mechanisms are in place to ensure the integrity, availability, and confidentiality of the code is maintained. Download paper at https://www.researchgate.net/publication/255965523_Integrating_Software_Assurance_into_the_Software_Development_Life_Cycle_(SDLC)
Николай Бьернер «Program Analysis and Testing using Efficient Satisfiability ...Yandex
Научно-технический семинар «Microsoft Z3: Как научить компьютер доказывать теоремы и тестировать программы», 2 октября 2012 г.
Николай Бьернер, старший научный сотрудник Microsoft Research.
Benchmarking Web Application Scanners for YOUR OrganizationDenim Group
Web applications pose significant risks for organizations. The selection of an appropriate scanning product or service can be challenging because every organization develops their web applications differently and decisions made by developers can cause wide swings in the value of different scanning technologies. To make a solid, informed decision, organizations need to create development team- and organization-specific benchmarks for the effectiveness of potential scanning technologies. This involves creating a comprehensive model of false positives, false negatives and other factors prior to mandating analysis technologies and making decisions about application risk management. This presentation provides a model for evaluating application analysis technologies, introduces an open source tool for benchmarking and comparing tool effectiveness, and outlines a process for making organization-specific decisions about analysis technology selection.
Threat Modeling for System Builders and System Breakers - Dan Cornell of Deni...Denim Group
Threat modeling is a valuable technique for identifying potential security issues in complex applications but many teams have been slow to adopt. This presentation looks at Threat Modeling from two perspectives – from that of a system builder trying to avoid introducing security defects into a new system and from that of a system tester trying to identify security issues in an existing system. The materials include discussion of where threat modeling is best done during the development lifecycle as well as the process of creating and refining a threat model.
Follow Dan Cornell on twitter - @danielcornell
On the Static Analysis of Hybrid Mobile Apps: A Report on the State of Apache...Achim D. Brucker
Developing mobile applications is a challenging business: de-
velopers need to support multiple platforms and, at the same time, need
to cope with limited resources, as the revenue generated by an average
app is rather small. This results in an increasing use of cross-platform
development frameworks that allow developing an app once and offering
it on multiple mobile platforms such as Android, iOS, or Windows.
Apache Cordova is a popular framework for developing multi-platform
apps. Cordova combines HTML5 and JavaScript with native applica-
tion code. Combining web and native technologies creates new security
challenges as, e. g., an XSS attacker becomes more powerful.
In this paper, we present a novel approach for statically analysing the
foreign language calls. We evaluate our approach by analysing the top
Cordova apps from Google Play. Moreover, we report on the current state
of the overall quality and security of Cordova apps.
Security as a New Metric for Your Business, Product and Development Lifecycle...IT Arena
Lviv IT Arena is a conference specially designed for programmers, designers, developers, top managers, inverstors, entrepreneur and startuppers. Annually it takes place on 2-4 of October in Lviv at the Arena Lviv stadium. In 2015 conference gathered more than 1400 participants and over 100 speakers from companies like Facebook. FitBit, Mail.ru, HP, Epson and IBM. More details about conference at itarene.lviv.ua.
Crafting Super-Powered Risk Assessments by Digital Defense Inc & VeracodeDigital Defense Inc
http://www.ddifrontline.com
Digital Defense Inc (DDI) and Veracode present the "Crafting Super-Powered Risk Assessments" webinar and slides. The presentation covers security assessments, application security, and how to manage risk.
Vulnerability Management In An Application Security World: AppSecDCDenim Group
Identifying application-level vulnerabilities via penetration tests and code reviews is only the first step in actually addressing the underlying risk. Managing vulnerabilities for applications is more challenging than dealing with traditional infrastructure-level vulnerabilities because they typically require the coordination of security teams with application development teams and require security managers to secure time from developers during already-cramped development and release schedules. In addition, fixes require changes to custom application code and application-specific business logic rather than the patches and configuration changes that are often sufficient to address infrastructure-level vulnerabilities.
This presentation details many of the pitfalls organizations encounter while trying to manage application-level vulnerabilities as well as outlines strategies security teams can use for communicating with development teams. Similarities and differences between security teams’ practice of vulnerability management and development teams’ practice of defect management will be addressed in order to facilitate healthy communication between these groups.
What Every Developer And Tester Should Know About Software SecurityAnne Oikarinen
Software security is best built in. This presentation introduces three essential things to help you design more secure software. In order to have a secure foundation, you can create and select security requirements for your applications using evil user stories and utilizing existing material for example from OWASP.
Another useful skill is threat modeling which helps you to assess security already in the design phase. Threat modeling helps you deliver better software, prioritize your preventive security measures, and focus penetration testing to the most risky parts of the system. The presentation covers various methods, such as the STRIDE model, for finding security and privacy threats.
You will also learn what kind of security related testing you can do without having any infosec background.
This presentation goes over core principles involved in launching secure web applications and effectively managing security in a cloud services environment.
A brief presentation on benefits obtained by introducing automated SW quality control in a IT Company and a specific implementation through CAST framework
Agenda:
- SDLC vs S-SDLC
- Mobile development security process
- What tools using for security testing?
- How to integrate into existing processes?
- What additionally you can do?
DevSecOps Best Practices-Safeguarding Your Digital Landscapestevecooper930744
DevSecOps best practices help us to understand the culture and mindset, security, measuring and collecting data, training on secure coding, and security automation.
Keeping security top of mind while creating standards for engineering teams following the DevOps culture. This talk was designed to show off how easily it is to automate security scanning and to be the developer advocate by showing the quality of development work. We will cover some high-level topics of DevSecOps and demo some examples DevOps team can implement for free.
When performing a security testing, I often sit in a room with other QA and Software testers.
During that time, it is likely I receive questions such as: "Roberto, are you hacking this? Are you breaking
this again? What exactly are you testing?"
Whi l e talking to them I realise there is an information gap between us, especially when they share
information which is essential for my testing and crucial to identify security vulnerabilities.
After a good number of security tests, I came to a conclusion that people in our industry do not realise that
software testing and security testing have a lot to share.
This talk intends to reduce that information gap and provides an introduction to security software testing,
methodologies, and most importantly offers some food for thought to stimulate synergy between security
and software testers
my django vs rails presentation for webdebs monthly meetup
presentazione django e rails a confronto per il brain pirlo webdebs
video: http://vimeo.com/31081012
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
2. Do we really need more security in
our software?
OWASP
3. Do we really need more security in
our software?
OWASP
4. Do we really need more security in
our software?
Number of security related vulnerabilities
OWASP
5. Do we really need more security in
our software?
Number of security related vulnerabilities
We need to build better software
OWASP
6. #1
What we mean with Security Framework
It is not
Authentication and authorization
Encryption
Firewall software
It could be
An enterprise security approach
A risk management framework for security related threats
Defined steps in your (Secure) development life cycle
OWASP
7. #1
What we mean with Security Framework
It is not
Authentication and authorization
Encryption
Firewall software
It could be
An enterprise security approach
A risk management framework for security related threats
Defined steps in your (Secure) development life cycle
Application security is
inside the application not
around it OWASP
8. Traditions (And other bad habits)
Security is a network problem and it can be solved
with hardware
No budget in development
Software not
developed in a
security aware life
cycle
OWASP
9. Establish security in your DL
Software engineering
Find best practice to fit your team or company
Test for abuse, not only for good use
Measure code, bug and progress
Social engineering
Make good friends
Be aware of your business compliancy
Wait... something bad will happen
OWASP
10. The ROI Problem
Security in software development brings no direct revenue
#1 Reduce costs
#2 Bring evidence of risks
#3 Sell security as a value
OWASP
11. [Static]Code analysis
Add security awareness in code reviews
Add security blue prints in automatic code analysis
Fix codebase and third party software
OWASP
12. [Static]Code analysis
The poor man so!ware security
Add security awareness in code reviews
Add security blue prints in automatic code analysis
Fix codebase and third party software
OWASP
14. Security Risk management
Gather documentation
#1 Gather information from management
Gather information from the team
Gather information from artifacts
#2 Organize everything
#3 Make the deal
OWASP
15. Hot stages of SDLC
The architectural design
User stories
The development
Test driven
The test
Iterations
The enhancement
Code review
Abuse cases
Penetration testing
Security requirements
Risk analysis
OWASP
16. Hot stages of SDLC
Traditional
The architectural design
User stories
The development
Test driven
The test
Iterations
The enhancement
Code review
Abuse cases
Penetration testing
Security requirements
Risk analysis
OWASP
17. Hot stages of SDLC
Traditional Agile
The architectural design
User stories
The development
Test driven
The test
Iterations
The enhancement
Code review
Abuse cases
Penetration testing
Security requirements
Risk analysis
OWASP
18. Hot stages of SDLC
Traditional Agile
The architectural design
User stories
The development
Test driven
The test
Iterations
The enhancement
Touchpoints
Code review
Abuse cases
Penetration testing
Security requirements
Risk analysis
OWASP