Anuradha Raman who is a QA Lead at Encore Software Services took a Session on "Security Testing for RESTful APIs" at Global Testing Retreat #ATAGTR2018
please refer our linkedin post for session details
https://www.linkedin.com/pulse/security-testing-restful-apis-anuradha-raman-agile-testing-alliance/
Session on Testing Activities in Continuous Integration and Delivery as an Ex...Agile Testing Alliance
Srinivas Kadiyala presented on testing activities in continuous integration and continuous delivery as an exploratory tester. The presentation covered DevOps and CI/CD practices, testing activities in CI/CD including exploratory testing, automation in testing, how exploratory testing is more than just clicking around, incorporating exploratory testing with automation, and tools used in exploratory testing. The overall goal of the presentation was to discuss exploratory testing approaches that focus on learning requirements and systems under test through exploration to identify risks.
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...Agile Testing Alliance
Meghashyam Varanasi and Venkat Moncompu conducted a session on "Decoding Security in DevSecOps" at #ATAGTR2018.
please refer our linkedin post for session details
https://www.linkedin.com/pulse/session-decoding-security-devsecops-atagtr2018-agile-testing-alliance/
#ATAGTR2020 Presentation - The Splunk Integration for Futuristic NFT in DevOp...Agile Testing Alliance
Jaisudhan Selvaraj & Anil Abraham delivered a session on "The Splunk Integration for Futuristic NFT in DevOps Culture" at ATAGTR2020
ATAGTR2020 was the 5th Edition of Global Testing Retreat.
Jaisudhan has 9+ years of work experience in IT Industry focusing on Performance testing & Engineering with excellent working experience of End-to-End process and its methodology.
Anil has about 13 years of experience in Information Technology and expertise in performance testing/ performance engineering software products & delivering the required applications in a very systematic way.
The video recording of the session is now available on the following link: https://youtu.be/WKZ0AEfbHMc
To know more about #ATAGTR2020, please visit: https://gtr.agiletestingalliance.org/
Lavanya Kalaiselvan and Arnab Majumdar delivered a session on "Redefining DevOps for seamless performance testing" at ATAGTR2020
ATAGTR2020 was the 5th Edition of Global Testing Retreat.
Lavanya has over decade experience in software industry. She assure quality applications and always delighted about sharing the acquired knowledge.
Arnab has nearly 11 years of experience of Software Quality Assurance in IT services primarily working as a Non-Functional Test Analyst.
The video recording of the session is now available on the following link: https://youtu.be/PpUrU65i7xw
To know more about #ATAGTR2020, please visit: https://gtr.agiletestingalliance.org/
Sanket Mali & Sowjanya Asapu delivered a Lightning Talk on "Multiplatform Test Automation Framework Solution with CI/CD model" at ATAGTR2020
ATAGTR2020 was the 5th Edition of Global Testing Retreat.
Sanket has 7+ years of experience in Software Quality Assurance specializing in Test Automation.
Sowjanya is a Test Automation Lead with 10 years of QA experience in the IT industry.
The video recording of the session is now available on the following link: https://youtu.be/yyKz8nVF-j8
To know more about #ATAGTR2020, please visit: https://gtr.agiletestingalliance.org/
The document discusses architecting applications for DevOps. It begins by describing traditional monolithic architectures and their limitations in scaling. It then introduces microservices as an alternative architecture that is more modular, independent, and scalable. The key advantages of microservices like ease of deployment, reliability, and scalability are discussed. The document provides guidance on designing microservices to be independent, have separate data stores, and use containers. It argues that microservices and DevOps principles like continuous integration/delivery work well together by simplifying deployment and maintenance. The document concludes by discussing how microservice architectures can better handle sudden traffic surges using DevOps tools and cloud platforms.
DevOps In Mobility World With Microsoft Technology by "Shrinathacharya L M" and "Nandini G V" from "All Scripts". The presentation was done at #doppa17 DevOps++ Global Summit 2017. All the copyrights are reserved with the author
Session on Testing Activities in Continuous Integration and Delivery as an Ex...Agile Testing Alliance
Srinivas Kadiyala presented on testing activities in continuous integration and continuous delivery as an exploratory tester. The presentation covered DevOps and CI/CD practices, testing activities in CI/CD including exploratory testing, automation in testing, how exploratory testing is more than just clicking around, incorporating exploratory testing with automation, and tools used in exploratory testing. The overall goal of the presentation was to discuss exploratory testing approaches that focus on learning requirements and systems under test through exploration to identify risks.
#ATAGTR2018 Presentation "Decoding Security in DevSecOps" by Meghashyam Varan...Agile Testing Alliance
Meghashyam Varanasi and Venkat Moncompu conducted a session on "Decoding Security in DevSecOps" at #ATAGTR2018.
please refer our linkedin post for session details
https://www.linkedin.com/pulse/session-decoding-security-devsecops-atagtr2018-agile-testing-alliance/
#ATAGTR2020 Presentation - The Splunk Integration for Futuristic NFT in DevOp...Agile Testing Alliance
Jaisudhan Selvaraj & Anil Abraham delivered a session on "The Splunk Integration for Futuristic NFT in DevOps Culture" at ATAGTR2020
ATAGTR2020 was the 5th Edition of Global Testing Retreat.
Jaisudhan has 9+ years of work experience in IT Industry focusing on Performance testing & Engineering with excellent working experience of End-to-End process and its methodology.
Anil has about 13 years of experience in Information Technology and expertise in performance testing/ performance engineering software products & delivering the required applications in a very systematic way.
The video recording of the session is now available on the following link: https://youtu.be/WKZ0AEfbHMc
To know more about #ATAGTR2020, please visit: https://gtr.agiletestingalliance.org/
Lavanya Kalaiselvan and Arnab Majumdar delivered a session on "Redefining DevOps for seamless performance testing" at ATAGTR2020
ATAGTR2020 was the 5th Edition of Global Testing Retreat.
Lavanya has over decade experience in software industry. She assure quality applications and always delighted about sharing the acquired knowledge.
Arnab has nearly 11 years of experience of Software Quality Assurance in IT services primarily working as a Non-Functional Test Analyst.
The video recording of the session is now available on the following link: https://youtu.be/PpUrU65i7xw
To know more about #ATAGTR2020, please visit: https://gtr.agiletestingalliance.org/
Sanket Mali & Sowjanya Asapu delivered a Lightning Talk on "Multiplatform Test Automation Framework Solution with CI/CD model" at ATAGTR2020
ATAGTR2020 was the 5th Edition of Global Testing Retreat.
Sanket has 7+ years of experience in Software Quality Assurance specializing in Test Automation.
Sowjanya is a Test Automation Lead with 10 years of QA experience in the IT industry.
The video recording of the session is now available on the following link: https://youtu.be/yyKz8nVF-j8
To know more about #ATAGTR2020, please visit: https://gtr.agiletestingalliance.org/
The document discusses architecting applications for DevOps. It begins by describing traditional monolithic architectures and their limitations in scaling. It then introduces microservices as an alternative architecture that is more modular, independent, and scalable. The key advantages of microservices like ease of deployment, reliability, and scalability are discussed. The document provides guidance on designing microservices to be independent, have separate data stores, and use containers. It argues that microservices and DevOps principles like continuous integration/delivery work well together by simplifying deployment and maintenance. The document concludes by discussing how microservice architectures can better handle sudden traffic surges using DevOps tools and cloud platforms.
DevOps In Mobility World With Microsoft Technology by "Shrinathacharya L M" and "Nandini G V" from "All Scripts". The presentation was done at #doppa17 DevOps++ Global Summit 2017. All the copyrights are reserved with the author
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...DevSecCon
The document summarizes Peter Chestna's presentation on common application security (AppSec) anti-patterns and practical solutions. It discusses how InfoSec differs from AppSec in terms of maturity. It then outlines several common AppSec anti-patterns such as only focusing on critical applications, not properly managing open source components, and having a security mandate without relationships. For each anti-pattern, it provides strategies for practical solutions such as comprehensive security policies, mapping all applications to a maturity model, selecting appropriate security metrics, and establishing an open source incident response plan.
Prometheus: Monitoring by "Pravin Magdum" from "Crevise". The presentation was done at #doppa17 DevOps++ Global Summit 2017. All the copyrights are reserved with the author
Security as Code: A DevSecOps ApproachVMware Tanzu
SpringOne 2021
Session Title: Security as Code: A DevSecOps Approach
Speakers: Alvaro Muñoz, Staff Security Researcher at GitHub; Tony Torralba, Software Engineer at GitHub
Linuxkit and Moby - A Sneek Peek into The Future of Container EcosystemAgile Testing Alliance
Linuxkit and Moby aim to advance the container ecosystem. Linuxkit is a toolkit for building secure, portable, and lean operating systems for containers. Moby provides backend components and frameworks for assembling container platforms. It includes projects like containerd, runc, and linuxkit. The presentation demonstrated Redis OS, a containerized Linux distribution built using these tools.
How GitLab and HackerOne help organizations innovate faster without compromis...HackerOne
In this webinar, GitLab’s Product Manager, Victor Wu, dives into how GitLab helps you ship secure code, the tools they use, and a few industry best practices they follow to protect data and secrets. Then, GitLab Security Lead, Brian Neel, will explain how they leverage their community using HackerOne to spot and prioritize security issues quickly.
Static Analysis For Security and DevOps Happiness w/ Justin CollinsSonatype
Justin Collins, Brakeman Security
It is not enough to have fast, automated code deployment. We also need some level of assurance the code being deployed is stable and secure. Static analysis tools that operate on source code can be an efficient and reliable method for ensuring properties about the code - such as meeting basic security requirements. Automated static analysis security tools help prevent vulnerabilities from ever reaching production, while avoiding slow, fallible manual code reviews.
This talk will cover the benefits of static analysis and strategies for integrating tools with the development workflow.
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer LeviDevSecCon
This document summarizes a presentation about security testing for containerized applications. It discusses performing static analysis on code, dependencies, and Docker images using open source tools like Bandit, Brakeman, Find Security Bugs, TSLint, OWASP Dependency Track, and Clair. It also covers dynamic analysis using passive and active scanning with OWASP Zap. The presentation demonstrates running these security tests on a sample Lolcode application and integrating the tests into a CI/CD pipeline using OWASP Glue. It provides resources for learning more about security testing of containerized apps.
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceAbdessamad TEMMAR
DevOps and Continuous Delivery has changed how technology operates and how business is run, but security continues to struggle to catch-up with the velocity of change in this new world : it’s almost a cat-and-mouse game when it comes to spot security holes into code before delivering to production, and traditional manual security assessment just continue to be untenable as a way of working with modern agile teams.
The concept of DevSecOps can be the ultimate answer, but unfortunately most articles and vendor pitches about this subject are incredibly superficial, and it’s all about dumping existing/traditional security tools on developers, which adds more complexity and frustration without solving the real problem.
“Modern problems require modern solutions” : this talk explains the evolution of security tooling over the last years, and how they must change (or has changed) to match the macro trends and keep up with the shifting threat.
As an example, this talk demonstrates how modern “lightweight” code analysis techniques, when combined with secure-by-default frameworks/patterns, can be used to easily detect potential holes within a code base, and provide accurate/fast feedbacks to developers.
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi DouglenDevSecCon
This document discusses value-driven threat modeling, a lightweight approach to threat modeling that prioritizes security based on business value. It advocates for developers to integrate threat modeling into their workflow by focusing on the core questions of what is being built, what could go wrong, how to address issues, and ensuring quality. Specific techniques discussed include using acceptance criteria, security unit tests, abuser stories, and a threat pyramid. The approach aims to make threat modeling quicker and more natural for developers while still addressing important security risks. Some limitations are that it may miss threats and relies on developer experience, requiring an embedded security champion for complex systems.
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya JancaDevSecCon
Tanya Janca gives a presentation on how to integrate security practices into a developer's sprint cycle to push security left. She recommends automating security tools and processes as much as possible, tuning tools to reduce false positives, and breaking security activities into smaller pieces. She also emphasizes inviting developers and operations teams to participate in security activities and providing them feedback and training on security tools and best practices. The goal is to enable dev and ops teams to develop securely as part of their standard work.
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
Henrique Dantas - API fuzzing using SwaggerDevSecCon
The document discusses API security testing using Swagger specifications. It notes that APIs are good targets for security testing due to their closeness to databases and ubiquity. The solution presented involves automating security testing of APIs by leveraging existing Swagger specifications in a Python library, which allows for extensive and extendible fuzzing of APIs while integrating results and providing reports. The library uses the popular Swagger and Sulley tools for fuzzing.
How to get the best out of DevSecOps - an operations perspectiveColin Domoney
This document discusses DevSecOps and the impact on operations. It describes how DevSecOps utilizes collaboration, flexibility, and automation through practices like infrastructure as code. This allows operations to focus on critical tasks rather than manual changes. Best practices for securing operations in a DevSecOps model include controlling source code repositories, protecting deployment pipelines, integrating security testing into the pipeline, and using security telemetry in applications and environments. Automated dashboards can measure security metrics.
TDD and the Terminator: An Introduction to Test-Driven DevelopmentVMware Tanzu
SpringOne 2021
Session Title: TDD and the Terminator: An Introduction to Test-Driven Development
Speaker: Layla Porter, Developer Advocate, .NET communities at VMware
If you thought it was difficult bringing the Ops and Dev teams to the same table, let’s talk about security! Often housed in a separate team, security experts have no incentive to ship software, with a mission solely to minimise risk.
This talk is a detailed case study of bringing security into DevOps. We’ll look at the challenges and tactics, from the suboptimal starting point of a highly regulated system with a history of negative media attention. It follows an Agile-aspiring Government IT team from the time when a deployable product was "finished" to when the application was first deployed many months later.
This talk is about humans and systems - in particular how groups often need to flex beyond the bounds of what either side considers reasonable, in order to get a job done. We’ll talk about structural challenges, human challenges, and ultimately how we managed to break through them.
There are no villains - everybody in this story is a hero, working relentlessly through obstacles of structure, time, law, and history. Come hear what finally made the difference, filling in the missing middle of DevSecOps.
DevSecOps for Developers: How To StartPatricia Aas
How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture?
Often the culture clash between Security and Development is even more prominent than between Development and Operations. Understanding the differences in how these functions work, and leveraging their similarities, will reveal processes already in place that can be used to improve security. This fine tuning of tools and processes can give you DevSecOps on a shoestring."
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napocajerryhargrove
Whether you’re building an application in a DevOps + Security culture, or have already bridged the gap with DevSecOps, the task remains the same: How do you ensure that security best practices are understood, architected for and integrated into your application from day 1 AND remain relevant year 1. During this talk I’ll focus on how to achieve these goals amidst the ever changing landscape of people, process, and technology in the cloud, in the context of various compute environments like instances, containers and serverless functions. and how to do so using off-the-shelf AWS services and features. I’ll complete the story by accompanying this discussion with a reference application architecture and examples. Attendees of this talk will receive actionable best practices and guidance, with specific implementation details for AWS
The presentation on Test the REST was done during #ATAGTR2017, one of the largest global testing conference. All copyright belongs to the author.
Author and presenter : Varun Deshpande
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
In this Practical DevSecOps's DevSecOps Live online meetup, you’ll learn DevSecOps Challenges and Opportunities.
Join Mohan Yelnadu, head of application security at Prudential Insurance on his DevSecOps Journey.
He will cover DevSecOps challenges he has faced and how he converted them into opportunities.
He will cover the following as part of the session.
DevSecOps Challenges.
DevSecOps Opportunities.
Converting Challenges into Opportunities.
Quick wins and lessons learned.
… and more useful takeaways!
Avik and Gautam delivered a Lightning Talk on Non-Functional Testing of Chatbots at #ATAGTR2020
ATAGTR2020 was the 5th Edition of Global Testing Retreat.
Avik has 10 years of experience as a Non-Functional Testing (NFT) enthusiast and is associated with Cognizant’s NFT CoE.
Gautam has 10+ years in performance testing & engineering. He is an agile enthusiast & passionate learner who is always on the lookout to learn & implement new technologies & tools.
The video recording of the session is now uploaded on the following link: https://youtu.be/yHJ53hTP1Qo
To know more about #ATAGTR2020, please visit: https://gtr.agiletestingalliance.org/
#ATAGTR2019 Presentation "Blockchain and Continuous Testing" By Rutvikkumar MrugAgile Testing Alliance
Rutvikkumar Mrug who is a Associate Director at Cognizant Technology Solutions took a Session on "Blockchain and Continuous Testing" at Global Testing Retreat #ATAGTR2019
Please refer our following post for session details:
https://atablogs.agiletestingalliance.org/2019/12/04/global-testing-retreat-atagtr2019-welcomes-rutvikkumar-mrug-as-our-esteemed-speaker/
DevSecCon Singapore 2018 - Maginot Line – 6 Common AppSec Anti-Patterns Preve...DevSecCon
The document summarizes Peter Chestna's presentation on common application security (AppSec) anti-patterns and practical solutions. It discusses how InfoSec differs from AppSec in terms of maturity. It then outlines several common AppSec anti-patterns such as only focusing on critical applications, not properly managing open source components, and having a security mandate without relationships. For each anti-pattern, it provides strategies for practical solutions such as comprehensive security policies, mapping all applications to a maturity model, selecting appropriate security metrics, and establishing an open source incident response plan.
Prometheus: Monitoring by "Pravin Magdum" from "Crevise". The presentation was done at #doppa17 DevOps++ Global Summit 2017. All the copyrights are reserved with the author
Security as Code: A DevSecOps ApproachVMware Tanzu
SpringOne 2021
Session Title: Security as Code: A DevSecOps Approach
Speakers: Alvaro Muñoz, Staff Security Researcher at GitHub; Tony Torralba, Software Engineer at GitHub
Linuxkit and Moby - A Sneek Peek into The Future of Container EcosystemAgile Testing Alliance
Linuxkit and Moby aim to advance the container ecosystem. Linuxkit is a toolkit for building secure, portable, and lean operating systems for containers. Moby provides backend components and frameworks for assembling container platforms. It includes projects like containerd, runc, and linuxkit. The presentation demonstrated Redis OS, a containerized Linux distribution built using these tools.
How GitLab and HackerOne help organizations innovate faster without compromis...HackerOne
In this webinar, GitLab’s Product Manager, Victor Wu, dives into how GitLab helps you ship secure code, the tools they use, and a few industry best practices they follow to protect data and secrets. Then, GitLab Security Lead, Brian Neel, will explain how they leverage their community using HackerOne to spot and prioritize security issues quickly.
Static Analysis For Security and DevOps Happiness w/ Justin CollinsSonatype
Justin Collins, Brakeman Security
It is not enough to have fast, automated code deployment. We also need some level of assurance the code being deployed is stable and secure. Static analysis tools that operate on source code can be an efficient and reliable method for ensuring properties about the code - such as meeting basic security requirements. Automated static analysis security tools help prevent vulnerabilities from ever reaching production, while avoiding slow, fallible manual code reviews.
This talk will cover the benefits of static analysis and strategies for integrating tools with the development workflow.
DevSecCon Tel Aviv 2018 - Security Testing for Containerised Apps by Omer LeviDevSecCon
This document summarizes a presentation about security testing for containerized applications. It discusses performing static analysis on code, dependencies, and Docker images using open source tools like Bandit, Brakeman, Find Security Bugs, TSLint, OWASP Dependency Track, and Clair. It also covers dynamic analysis using passive and active scanning with OWASP Zap. The presentation demonstrates running these security tests on a sample Lolcode application and integrating the tests into a CI/CD pipeline using OWASP Glue. It provides resources for learning more about security testing of containerized apps.
Sec4dev 2021 - Catch Me If You can : Continuous Delivery vs. Security AssuranceAbdessamad TEMMAR
DevOps and Continuous Delivery has changed how technology operates and how business is run, but security continues to struggle to catch-up with the velocity of change in this new world : it’s almost a cat-and-mouse game when it comes to spot security holes into code before delivering to production, and traditional manual security assessment just continue to be untenable as a way of working with modern agile teams.
The concept of DevSecOps can be the ultimate answer, but unfortunately most articles and vendor pitches about this subject are incredibly superficial, and it’s all about dumping existing/traditional security tools on developers, which adds more complexity and frustration without solving the real problem.
“Modern problems require modern solutions” : this talk explains the evolution of security tooling over the last years, and how they must change (or has changed) to match the macro trends and keep up with the shifting threat.
As an example, this talk demonstrates how modern “lightweight” code analysis techniques, when combined with secure-by-default frameworks/patterns, can be used to easily detect potential holes within a code base, and provide accurate/fast feedbacks to developers.
DevSecCon Tel Aviv 2018 - Value driven threat modeling by Avi DouglenDevSecCon
This document discusses value-driven threat modeling, a lightweight approach to threat modeling that prioritizes security based on business value. It advocates for developers to integrate threat modeling into their workflow by focusing on the core questions of what is being built, what could go wrong, how to address issues, and ensuring quality. Specific techniques discussed include using acceptance criteria, security unit tests, abuser stories, and a threat pyramid. The approach aims to make threat modeling quicker and more natural for developers while still addressing important security risks. Some limitations are that it may miss threats and relies on developer experience, requiring an embedded security champion for complex systems.
DevSecCon Tel Aviv 2018 - Security learns to sprint by Tanya JancaDevSecCon
Tanya Janca gives a presentation on how to integrate security practices into a developer's sprint cycle to push security left. She recommends automating security tools and processes as much as possible, tuning tools to reduce false positives, and breaking security activities into smaller pieces. She also emphasizes inviting developers and operations teams to participate in security activities and providing them feedback and training on security tools and best practices. The goal is to enable dev and ops teams to develop securely as part of their standard work.
Security teams are often seen as roadblocks to rapid development or operations implementations, slowing down production code pushes. As a result, security organizations will likely have to change so they can fully support and facilitate cloud operations.
This presentation will explain how DevOps and information security can co-exist through the application of a new approach referred to as DevSecOps.
Henrique Dantas - API fuzzing using SwaggerDevSecCon
The document discusses API security testing using Swagger specifications. It notes that APIs are good targets for security testing due to their closeness to databases and ubiquity. The solution presented involves automating security testing of APIs by leveraging existing Swagger specifications in a Python library, which allows for extensive and extendible fuzzing of APIs while integrating results and providing reports. The library uses the popular Swagger and Sulley tools for fuzzing.
How to get the best out of DevSecOps - an operations perspectiveColin Domoney
This document discusses DevSecOps and the impact on operations. It describes how DevSecOps utilizes collaboration, flexibility, and automation through practices like infrastructure as code. This allows operations to focus on critical tasks rather than manual changes. Best practices for securing operations in a DevSecOps model include controlling source code repositories, protecting deployment pipelines, integrating security testing into the pipeline, and using security telemetry in applications and environments. Automated dashboards can measure security metrics.
TDD and the Terminator: An Introduction to Test-Driven DevelopmentVMware Tanzu
SpringOne 2021
Session Title: TDD and the Terminator: An Introduction to Test-Driven Development
Speaker: Layla Porter, Developer Advocate, .NET communities at VMware
If you thought it was difficult bringing the Ops and Dev teams to the same table, let’s talk about security! Often housed in a separate team, security experts have no incentive to ship software, with a mission solely to minimise risk.
This talk is a detailed case study of bringing security into DevOps. We’ll look at the challenges and tactics, from the suboptimal starting point of a highly regulated system with a history of negative media attention. It follows an Agile-aspiring Government IT team from the time when a deployable product was "finished" to when the application was first deployed many months later.
This talk is about humans and systems - in particular how groups often need to flex beyond the bounds of what either side considers reasonable, in order to get a job done. We’ll talk about structural challenges, human challenges, and ultimately how we managed to break through them.
There are no villains - everybody in this story is a hero, working relentlessly through obstacles of structure, time, law, and history. Come hear what finally made the difference, filling in the missing middle of DevSecOps.
DevSecOps for Developers: How To StartPatricia Aas
How can you squeeze Security into DevOps? Security is often an understaffed function, so how can you leverage what you have in DevOps to improve your security posture?
Often the culture clash between Security and Development is even more prominent than between Development and Operations. Understanding the differences in how these functions work, and leveraging their similarities, will reveal processes already in place that can be used to improve security. This fine tuning of tools and processes can give you DevSecOps on a shoestring."
From Zero to DevSecOps in 60 Minutes - DevTalks Romania - Cluj-Napocajerryhargrove
Whether you’re building an application in a DevOps + Security culture, or have already bridged the gap with DevSecOps, the task remains the same: How do you ensure that security best practices are understood, architected for and integrated into your application from day 1 AND remain relevant year 1. During this talk I’ll focus on how to achieve these goals amidst the ever changing landscape of people, process, and technology in the cloud, in the context of various compute environments like instances, containers and serverless functions. and how to do so using off-the-shelf AWS services and features. I’ll complete the story by accompanying this discussion with a reference application architecture and examples. Attendees of this talk will receive actionable best practices and guidance, with specific implementation details for AWS
The presentation on Test the REST was done during #ATAGTR2017, one of the largest global testing conference. All copyright belongs to the author.
Author and presenter : Varun Deshpande
[DevSecOps Live] DevSecOps: Challenges and OpportunitiesMohammed A. Imran
In this Practical DevSecOps's DevSecOps Live online meetup, you’ll learn DevSecOps Challenges and Opportunities.
Join Mohan Yelnadu, head of application security at Prudential Insurance on his DevSecOps Journey.
He will cover DevSecOps challenges he has faced and how he converted them into opportunities.
He will cover the following as part of the session.
DevSecOps Challenges.
DevSecOps Opportunities.
Converting Challenges into Opportunities.
Quick wins and lessons learned.
… and more useful takeaways!
Avik and Gautam delivered a Lightning Talk on Non-Functional Testing of Chatbots at #ATAGTR2020
ATAGTR2020 was the 5th Edition of Global Testing Retreat.
Avik has 10 years of experience as a Non-Functional Testing (NFT) enthusiast and is associated with Cognizant’s NFT CoE.
Gautam has 10+ years in performance testing & engineering. He is an agile enthusiast & passionate learner who is always on the lookout to learn & implement new technologies & tools.
The video recording of the session is now uploaded on the following link: https://youtu.be/yHJ53hTP1Qo
To know more about #ATAGTR2020, please visit: https://gtr.agiletestingalliance.org/
#ATAGTR2019 Presentation "Blockchain and Continuous Testing" By Rutvikkumar MrugAgile Testing Alliance
Rutvikkumar Mrug who is a Associate Director at Cognizant Technology Solutions took a Session on "Blockchain and Continuous Testing" at Global Testing Retreat #ATAGTR2019
Please refer our following post for session details:
https://atablogs.agiletestingalliance.org/2019/12/04/global-testing-retreat-atagtr2019-welcomes-rutvikkumar-mrug-as-our-esteemed-speaker/
#ATAGTR2019 Presentation "Digital Assurance for Connected World" By Supriya B...Agile Testing Alliance
Supriya Bhosale who is a Project Management Consultant at Cognizant Technology Solutions along with Nilesh Kherdikar who is a Sr. Consultant at Cognizant Technology Solutions took a Session on "Digital Assurance for Connected World" at Global Testing Retreat #ATAGTR2019
Please refer our following post for session details:
https://atablogs.agiletestingalliance.org/2019/12/05/global-testing-retreat-atagtr2019-welcomes-supriya-bhosale-nilesh-kherdikar-as-our-esteemed-speaker/
#ATAGTR2018 Presentation "Design Patterns in Test Automation" By Shrinathacha...Agile Testing Alliance
Shrinathacharya L.M who is a Principal Engineer at Allscripts, conducted a Session on "Design Patterns in Test Automation" at Global Testing Retreat #ATAGTR2018
please refer our linkedin post for session details
https://www.linkedin.com/pulse/design-patterns-test-automation-shrinathacharya-lm-alliance/
#ATAGTR2019 Presentation "Delivering Cx through Continuous Performance Assura...Agile Testing Alliance
Sijo Joy who is a AVP – Performance Assurance Group at QualityKiosk Technologies along with Bulu Sahu who is a Senior Test Analyst at QualityKiosk Technologies took a Session on "Delivering Cx through Continuous Performance Assurance using ElasticSearch etc." at Global Testing Retreat #ATAGTR2019
Please refer our following post for session details:
https://atablogs.agiletestingalliance.org/2019/12/06/global-testing-retreat-atagtr2019-welcomes-sijo-joy-as-our-esteemed-speaker/
https://atablogs.agiletestingalliance.org/2019/12/06/global-testing-retreat-atagtr2019-welcomes-bulu-sahu-as-our-esteemed-speaker/
#ATAGTR2019 Presentation "Performance testing of Chatbot" By Sarah Lovely and...Agile Testing Alliance
Sarah Lovely who is a Performance Tester at Cognizant Technology Solutions along with Raja RajKaliappan who is a part of Non Functional Testing CoE at Cognizant Technology Solutions took a Session on "Performance testing of Chatbot" at Global Testing Retreat #ATAGTR2019
Please refer our following post for session details:
https://atablogs.agiletestingalliance.org/2019/12/04/global-testing-retreat-atagtr2019-welcomes-sarah-lovely-as-our-esteemed-speaker/
https://atablogs.agiletestingalliance.org/2019/12/04/global-testing-retreat-atagtr2019-welcomes-raja-rajkaliappan-as-our-esteemed-speaker/
Addressing the challenges of delivering Microservice applications in the ente...Agile Testing Alliance
Addressing the challenges of delivering Microservice applications in the enterprise by "Sathishkanth Swarna" from "BMC". The presentation was done at #doppa17 DevOps++ Global Summit 2017. All the copyrights are reserved with the author
API stands for Application Programming Interface and allows communication between different software applications or services. It acts as a messenger that takes orders from clients and returns responses. API testing is important as it validates APIs and their integration with services, and missed cases in API testing can cause major problems in production. Common HTTP methods used in APIs include GET, POST, PUT, PATCH, DELETE, and OPTIONS. Tools like Postman can be used to test APIs by sending requests and validating responses.
APIsecure 2023 - API First Hacking, Corey Ball, Author of Hacking APIsapidays
APIsecure 2023 - The world's first and only API security conference
March 14 & 15, 2023
Closing Keynote: API First Hacking
Corey Ball, Chief Hacking Officer APIsec University| Author of Hacking APIs
------
Check out our conferences at https://www.apidays.global/
Do you want to sponsor or talk at one of our conferences?
https://apidays.typeform.com/to/ILJeAaV8
Learn more on APIscene, the global media made by the community for the community:
https://www.apiscene.io
Explore the API ecosystem with the API Landscape:
https://apilandscape.apiscene.io/
#ATAGTR2020 Presentation - Case study for holistic approach to IoT testingAgile Testing Alliance
Dhananjay Buva & Pradnya Patil delivered a Lightning Talk on "Case study for holistic approach to IoT testing" at ATAGTR2020
ATAGTR2020 was the 5th Edition of Global Testing Retreat.
Dhananjay has experience leading and coaching functional, performance, security and automation testing teams and DevOps.
Pradnya is a software engineering lead at Arezzosky India, Pune. Passionate about testing, and an enthusiastic scrum master, who believes in learning through experimenting.
The video recording of the session is now available on the following link: https://youtu.be/6qseOICdCxo
To know more about #ATAGTR2020, please visit: https://gtr.agiletestingalliance.org/
Api economy and why effective security is important (1)IndusfacePvtLtd
With the rapid explosion of APIs and the huge exchange of information through APIs, every organization should be concerned about API security. Download this whitepaper to understand API threats and how to mitigate them.
Web application scanners crawl a web application to locate vulnerabilities by simulating attacks. They work by supporting various protocols, crawling and parsing content, testing for vulnerabilities, and generating reports. While scanners help find issues, developers should focus on learning secure coding practices to build applications securely from the start.
#ATAGTR2018 Presentation "Machine Learning as a decision support system for Q...Agile Testing Alliance
Kaushik Raghavan who is a Project Advisor @ RISE Group at Indian Institute of Technology, conducted a Session on "Machine Learning as a decision support system for QA Professionals." at Global Testing Retreat #ATAGTR2018
please refer our linkedin post for session details
https://www.linkedin.com/pulse/machine-learning-decision-support-system-qa-kaushik-alliance/
#ATAGTR2020 Presentation - Relish your journey to Software Testing MasterchefAgile Testing Alliance
The document discusses a presentation about the journey to becoming a software testing master chef. It provides an overview of IBM Cloud Paks for Integration and Data, including the components included. It then discusses a use case of using these products to analyze customer spending history and behaviors. It outlines the testing methodology and challenges encountered with the products, and how they were resolved to delight stakeholders. Finally, it discusses best practices for testing and collaboration to improve quality.
Top 20 API Testing Interview Questions.pdfAnanthReddy38
Magnitia’s Web services Testing Training will provide you complete knowledge on Web services, API and their functionality. This API Testing course enables you to develop robust automation Framework for API’s test cases and how to test Web services and REST API using SoapUI& Rest Assured.
The document discusses techniques for securing REST (REpresentational State Transfer) services and APIs. It begins by explaining that REST services are vulnerable to the same attacks as traditional web applications, such as injection attacks and authentication issues. It then describes how REST security differs from SOAP security in that REST messages can be more easily identified by analyzing the HTTP commands, unlike SOAP messages which require inspecting envelopes. The document outlines challenges for REST APIs like input validation, broken authentication, and risks of emerging protocols. It concludes by recommending best practices for REST security such as consistent security checks across access points and use of proven security frameworks and libraries.
#ATAGTR2019 Presentation "Assuring Quality for AI based applications" By Vino...Agile Testing Alliance
Vinod Sundararaju Antony who is Director at Cognizant Technology Solutions along with Senthilkumar Thirumalaisamy who is a Manager Automation Architect at Cognizant Technology Solutions and Santhosh Kumar Vasudevan who is a Lead System Architect at Cognizant Technology Solutions took a Session on "Assuring Quality for AI based applications" at Global Testing Retreat #ATAGTR2019
Please refer our following post for session details:
https://atablogs.agiletestingalliance.org/2019/12/04/global-testing-retreat-atagtr2019-welcomes-vinod-antony-sundaraju-as-our-esteemed-speaker/
https://atablogs.agiletestingalliance.org/2019/12/04/global-testing-retreat-atagtr2019-welcomes-senthilkumar-thirumalaisamy-as-our-esteemed-speaker/
Unlock the Unbeatable: Proven Best Practices for Crafting an Exceptional API.
From creating endpoints to understanding the importance of documentation, these time-tested tips will help you build an API that will stand the test of time. Delve into the details behind crafting a superior user experience and discover what makes a truly great API.
Securing APIs with Open Standards provides tips for securing APIs from the Synack Red Team. It discusses using OpenAPI definitions to document APIs, embracing open box testing, and balancing security and adoption through developer relations. It also demonstrates how insecure user input validation can allow access to private data stored in AWS S3 buckets and how Salesforce record IDs can be brute forced to enable unauthorized access if not properly secured. The presentation emphasizes designing APIs with security in mind, adopting standards like OpenAPI, and balancing security testing with developer onboarding.
Understanding and Mitigating Common Security Risks in API Testing.pdfAmeliaJonas2
APIs (Application Programming Interfaces) play a vital role in facilitating smooth communication and integration between various software systems. Nevertheless, they also introduce potential security vulnerabilities that malicious actors can exploit. In this blog, we will explore common security risks in API Testing Service and discuss effective strategies to mitigate them.
Similar to #ATAGTR2018 Presentation " Security Testing for RESTful APIs" By Anuradha Raman (20)
#Interactive Session by Anindita Rath and Mahathee Dandibhotla, "From Good to...Agile Testing Alliance
#Interactive Session by Anindita Rath and Mahathee Dandibhotla, "From Good to Great: Enhancing Testability in Software Testing " at ATAGTR2023
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Ajay Balamurugadas, "Where Are The Real Testers In T...Agile Testing Alliance
#Interactive Session by Ajay Balamurugadas, "Where Are The Real Testers In The Age of AI? " at ATAGTR2023
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Jishnu Nambiar and Mayur Ovhal, "Monitoring Web Per...Agile Testing Alliance
#Interactive Session by Jishnu Nambiar and Mayur Ovhal, "Monitoring Web Performance: Leveraging Grafana and Selenium for Real-Time Issue Alerts" at ATAGTR2023
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Pradipta Biswas and Sucheta Saurabh Chitale, "Navigat...Agile Testing Alliance
#Interactive Session by Pradipta Biswas and Sucheta Saurabh Chitale, "Navigating the IoT Performance Testing Landscape" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Apoorva Ram, "The Art of Storytelling for Testers" at...Agile Testing Alliance
#Interactive Session by Apoorva Ram, "The Art of Storytelling for Testers" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Nikhil Jain, "Catch All Mail With Graph" at #ATAGTR2023.Agile Testing Alliance
#Interactive Session by Nikhil Jain, "Catch All Mail With Graph" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Ashok Kumar S, "Test Data the key to robust test cove...Agile Testing Alliance
#Interactive Session by Ashok Kumar S, "Test Data the key to robust test coverage" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Seema Kohli, "Test Leadership in the Era of Artificia...Agile Testing Alliance
#Interactive Session by Seema Kohli, "Test Leadership in the Era of Artificial Intelligence" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Ashwini Lalit, RRR of Test Automation Maintenance" at...Agile Testing Alliance
#Interactive Session by Ashwini Lalit, RRR of Test Automation Maintenance" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Srithanga Aishvarya T, "Machine Learning Model to aut...Agile Testing Alliance
#Interactive Session by Srithanga Aishvarya T, "Machine Learning Model to automate performance test script development using Jmeter" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Qu...Agile Testing Alliance
#Interactive Session by Kirti Ranjan Satapathy and Nandini K, "Elements of Quality Engineering in Remote IoT System" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Sudhir Upadhyay and Ashish Kumar, "Strengthening Test...Agile Testing Alliance
#Interactive Session by Sudhir Upadhyay and Ashish Kumar, "Strengthening Testing Oversight Using Environment Automation" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Sayan Deb Kundu, "Testing Gen AI Applications" at #AT...Agile Testing Alliance
#Interactive Session by Sayan Deb Kundu, "Testing Gen AI Applications" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Dinesh Boravke, "Zero Defects – Myth or Reality" at #...Agile Testing Alliance
#Interactive Session by Dinesh Boravke, "Zero Defects – Myth or Reality" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Saby Saurabh Bhardwaj, "Redefine Quality Assurance – Journey from Centralized to Decentralized, Distributed Blockchain/Web3 testing" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Keynote Session by Sanjay Kumar, "Innovation Inspired Testing!!" at #ATAGTR2...Agile Testing Alliance
#Keynote Session by Sanjay Kumar, "Innovation Inspired Testing!!" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Keynote Session by Schalk Cronje, "Don’t Containerize me" at #ATAGTR2023.Agile Testing Alliance
#Keynote Session by Schalk Cronje, "Don’t Containerize me" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Chidambaram Vetrivel and Venkatesh Belde, "Revolution...Agile Testing Alliance
#Interactive Session by Chidambaram Vetrivel and Venkatesh Belde, "Revolutionizing Security Testing with AI" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Aniket Diwakar Kadukar and Padimiti Vaidik Eswar Dat...Agile Testing Alliance
#Interactive Session by Aniket Diwakar Kadukar and Padimiti Vaidik Eswar Datta, "A Holistic Testing Methodology for Immersive Experience in AR, VR, and the Metaverse" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functiona...Agile Testing Alliance
#Interactive Session by Vivek Patle and Jahnavi Umarji, "Empowering Functional Testing with Support Vector Machines: An Experimental Journey" at #ATAGTR2023.
#ATAGTR2023 was the 8th Edition of Global Testing Retreat.
To know more about #ATAGTR2023, please visit: https://gtr.agiletestingalliance.org/
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Ukraine
Під час доповіді відповімо на питання, навіщо потрібно підвищувати продуктивність аплікації і які є найефективніші способи для цього. А також поговоримо про те, що таке кеш, які його види бувають та, основне — як знайти performance bottleneck?
Відео та деталі заходу: https://bit.ly/45tILxj
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
This talk will cover ScyllaDB Architecture from the cluster-level view and zoom in on data distribution and internal node architecture. In the process, we will learn the secret sauce used to get ScyllaDB's high availability and superior performance. We will also touch on the upcoming changes to ScyllaDB architecture, moving to strongly consistent metadata and tablets.
ScyllaDB is making a major architecture shift. We’re moving from vNode replication to tablets – fragments of tables that are distributed independently, enabling dynamic data distribution and extreme elasticity. In this keynote, ScyllaDB co-founder and CTO Avi Kivity explains the reason for this shift, provides a look at the implementation and roadmap, and shares how this shift benefits ScyllaDB users.
Connector Corner: Seamlessly power UiPath Apps, GenAI with prebuilt connectorsDianaGray10
Join us to learn how UiPath Apps can directly and easily interact with prebuilt connectors via Integration Service--including Salesforce, ServiceNow, Open GenAI, and more.
The best part is you can achieve this without building a custom workflow! Say goodbye to the hassle of using separate automations to call APIs. By seamlessly integrating within App Studio, you can now easily streamline your workflow, while gaining direct access to our Connector Catalog of popular applications.
We’ll discuss and demo the benefits of UiPath Apps and connectors including:
Creating a compelling user experience for any software, without the limitations of APIs.
Accelerating the app creation process, saving time and effort
Enjoying high-performance CRUD (create, read, update, delete) operations, for
seamless data management.
Speakers:
Russell Alfeche, Technology Leader, RPA at qBotic and UiPath MVP
Charlie Greenberg, host
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxSunil Jagani
Discover how AI is transforming the workplace and learn strategies for reskilling and upskilling employees to stay ahead. This comprehensive guide covers the impact of AI on jobs, essential skills for the future, and successful case studies from industry leaders. Embrace AI-driven changes, foster continuous learning, and build a future-ready workforce.
Read More - https://bit.ly/3VKly70
LF Energy Webinar: Carbon Data Specifications: Mechanisms to Improve Data Acc...DanBrown980551
This LF Energy webinar took place June 20, 2024. It featured:
-Alex Thornton, LF Energy
-Hallie Cramer, Google
-Daniel Roesler, UtilityAPI
-Henry Richardson, WattTime
In response to the urgency and scale required to effectively address climate change, open source solutions offer significant potential for driving innovation and progress. Currently, there is a growing demand for standardization and interoperability in energy data and modeling. Open source standards and specifications within the energy sector can also alleviate challenges associated with data fragmentation, transparency, and accessibility. At the same time, it is crucial to consider privacy and security concerns throughout the development of open source platforms.
This webinar will delve into the motivations behind establishing LF Energy’s Carbon Data Specification Consortium. It will provide an overview of the draft specifications and the ongoing progress made by the respective working groups.
Three primary specifications will be discussed:
-Discovery and client registration, emphasizing transparent processes and secure and private access
-Customer data, centering around customer tariffs, bills, energy usage, and full consumption disclosure
-Power systems data, focusing on grid data, inclusive of transmission and distribution networks, generation, intergrid power flows, and market settlement data
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
Getting the Most Out of ScyllaDB Monitoring: ShareChat's TipsScyllaDB
ScyllaDB monitoring provides a lot of useful information. But sometimes it’s not easy to find the root of the problem if something is wrong or even estimate the remaining capacity by the load on the cluster. This talk shares our team's practical tips on: 1) How to find the root of the problem by metrics if ScyllaDB is slow 2) How to interpret the load and plan capacity for the future 3) Compaction strategies and how to choose the right one 4) Important metrics which aren’t available in the default monitoring setup.
Session 1 - Intro to Robotic Process Automation.pdfUiPathCommunity
👉 Check out our full 'Africa Series - Automation Student Developers (EN)' page to register for the full program:
https://bit.ly/Automation_Student_Kickstart
In this session, we shall introduce you to the world of automation, the UiPath Platform, and guide you on how to install and setup UiPath Studio on your Windows PC.
📕 Detailed agenda:
What is RPA? Benefits of RPA?
RPA Applications
The UiPath End-to-End Automation Platform
UiPath Studio CE Installation and Setup
💻 Extra training through UiPath Academy:
Introduction to Automation
UiPath Business Automation Platform
Explore automation development with UiPath Studio
👉 Register here for our upcoming Session 2 on June 20: Introduction to UiPath Studio Fundamentals: https://community.uipath.com/events/details/uipath-lagos-presents-session-2-introduction-to-uipath-studio-fundamentals/
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...AlexanderRichford
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation Functions to Prevent Interaction with Malicious QR Codes.
Aim of the Study: The goal of this research was to develop a robust hybrid approach for identifying malicious and insecure URLs derived from QR codes, ensuring safe interactions.
This is achieved through:
Machine Learning Model: Predicts the likelihood of a URL being malicious.
Security Validation Functions: Ensures the derived URL has a valid certificate and proper URL format.
This innovative blend of technology aims to enhance cybersecurity measures and protect users from potential threats hidden within QR codes 🖥 🔒
This study was my first introduction to using ML which has shown me the immense potential of ML in creating more secure digital environments!
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
QA or the Highway - Component Testing: Bridging the gap between frontend appl...zjhamm304
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
Essentials of Automations: Exploring Attributes & Automation ParametersSafe Software
Building automations in FME Flow can save time, money, and help businesses scale by eliminating data silos and providing data to stakeholders in real-time. One essential component to orchestrating complex automations is the use of attributes & automation parameters (both formerly known as “keys”). In fact, it’s unlikely you’ll ever build an Automation without using these components, but what exactly are they?
Attributes & automation parameters enable the automation author to pass data values from one automation component to the next. During this webinar, our FME Flow Specialists will cover leveraging the three types of these output attributes & parameters in FME Flow: Event, Custom, and Automation. As a bonus, they’ll also be making use of the Split-Merge Block functionality.
You’ll leave this webinar with a better understanding of how to maximize the potential of automations by making use of attributes & automation parameters, with the ultimate goal of setting your enterprise integration workflows up on autopilot.
2. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Introduction
Most attacks that are possible with a web applications are possible with APIs as well. In
this digital world, most applications make liberal use of APIs as they provide rich user
experiences. APIs connect the billions of IoT devices to the cloud where the data they
collect is processed, crunched and made useful. While “API strategy” is becoming an
important business mantra, there is a gaping hole in API security. Just as an API can boost
business; an API breach can bring it crashing down. Even if security was built into the
internal services it is often made obsolete by new threats.
The three pillars of today’s application system are:
1. Web applications and Web services
2. IoT
3. Connected applications (connected by RESTful APIs)
3. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Security Challenges in using REST APIs:
1. Use of Hyper Text Transfer Protocol Secure (HTTP/S):
REST uses simple HTTP for communication between machines. Some
APIs supports HTTPS only. Thus, RESTful services are subjected to all
the application layer security vulnerabilities as that of web applications
[OWASP Top 10 critical web application Security Risks]
2. Using HTTP Methods POST, PUT, DELETE(CRUD):
REST services use HTTP methods for CRUD operations. These methods
are limited to a resource by design, but does not get implemented
correctly.
4. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Security Challenges in using REST APIs:
3. Action Based Authentication and Access control:
Some REST frameworks intend to implement Action based authentication, wherein
different access constraints are bound to different HTTP actions (methods). Like
Create (POST) is restricted to users with admin access. But most such
implementations turn out to be insecure.
Actions
DELETE
POST
PUT
GET
5. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Security Challenges in using REST APIs:
4. Data Exchange (XML and JSON):
REST services use XML or JSON for input(request) and output(response) parameters
to exchange information. These parameters are consumed by the backend services or
UI. These consumers should ensure special parsers for handling these formats, that
has secure technology to protect these formats from malicious inputs.
5. URL Paths:
HTTP passes input parameters in URL, REST passes parameters in different ways in
URL or as JSON in the POST request body.
Consider the following requests, to get details of a resource:
The first is from a REST/JSON service, and the second is a Simple Object Access
Protocol (SOAP) service. The resource id parameter is highlighted in red. Observe the
lightness of the JSON request when compared to SOAP request. REST has no standard
security mechanism like SOAP Web services.
6. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Security testing methodologies for REST APIs:
Black box testing:
Black-box security testing refers to a method of software security testing in which
the security controls, defences, and design of an application are tested from the
outside-in, with little or no prior knowledge of the application’s internal workings.
Essentially, black-box security testing takes an approach like that of a real attacker.
Black-box security testing does not assume or have knowledge of the target being
tested, it is a technology independent method of testing. This makes black-box
security testing ideal for a variety of situations, particularly, when testing for
vulnerabilities that arise from deployment issues and server misconfigurations.
A black-box security test would start by collecting information about the target.
This is typically accomplished by crawling the API using tools like REST crawler.
7. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Penetration Testing
Penetration Testing is practiced to find out the vulnerabilities that an attacker could
exploit.
Pen testing Prerequisites:
Documentation(WADL)
Formal Service Description
Application source/configuration
Sample request response/Postman collection
Request Headers if any
Access Token, API key
Specific Workflows that are dependent on other endpoints
Test Approach for Pen Testing of a RESTful web service:
o Attack surface Detection
o Collect Requests
o Analyse Requests
8. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Attack Surface Detection:
Determining the attack surface through documentation. Unfortunately,
an API has no UI to show the attack surface. As a Pen tester, we need to
know as much as possible about an API’s endpoints, messages,
parameters and behaviour. Attack surface Detection can be done using
1. API metadata
2. Record traffic via proxy or network sniffer to record and learn an API
9. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
10. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Tests for API attack methods:
API Attack Method What is it? How to test?
API Fuzzing Sending random content as
input parameters to the API.
Fuzzing with all possible input
values is recursive fuzzing
This can be achieved by creating
automated fuzz tests that validate
response messages to
not to conceal system information
Return correct error
messages/response codes
Injection Attacks Using SQL, XML,
XPATH, JSON,
JavaScript etc., attempt to
inject code that is executed
where it should not be.
Understanding how the API works: SQL?
NoSQL? Other APIs
Invalid input attacks Sending known invalid input
(can be auto generated using
API metadata) like invalid
dates, invalid data types
Validate for system information and
error messages/status codes.
Cross Site
Request
Forgery(CSRF):
Include an unpredictable
token with each request
Functional testing of the API will validate
the API
Call without token and reused tokens.
Insecure Direct
Object
References
For Parameters like IDs and
which seem to be sequential,
trying to submit IDs to get
access
-Validate Authorisation enforcement
-Combine fuzzing or boundry tests with
invalid
IDs
Insufficient SSL
configurations
-Eavesdropping on
API traffic
-APIs should always use SSL
-Create simple tests that fail if HTTPS is
not enforced. -Create simple tests that
will
fail if certificates are selfsigned
11. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Pen Testing using Wireshark (in Windows):
Wireshark is one of the most popular open source network protocol analysis tool.
It is used for troubleshooting, analysis, and software and communications protocol
development
Application vulnerabilities such as parameter pollution, SQL injection, lack of input
validation, as well as buffer overflow can be easily detected and exploited using
Wireshark
12. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Pen Testing with Wireshark can be done in three phases, namely:
I. Capturing the packets
II. Filtering the packets
III. Analysing the packets
I. Capturing the Packets:
Launch the Wireshark from start menu.
Set your browser to load the webpage on test.
To capture packets, the capturing interface needs to be set up. Hence, go to
the Menu bar and click Capture -> Interfaces and choose the device that has
an active IP address. Click on start to so that Wireshark is ready to capture
any packets sent through the interface.
13. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Analysing the packets:
There are different sections to examine, as seen above. Wireshark segregates the
relevant data following the transmission control protocol (TCP) stack principle for
better understanding.
Frame: This tells users the frame number, time related information regarding
the packet, frame length, protocols within the frame, and the coloring rule.
Ethernet II: Indicates the packet’s source and destination. o Internet
Protocol: Contains the source and destination information along with version,
header details, and lifetime. You will find source and destination IP addresses
here.
TCP: Captures information about source and destination ports involved in the
communication, next sequence number to look out for, and different flags
(along with their values).
HTTP: Contains information on the HTTP version, server info, timeout value,
connection status, content type, and character set used in the
communication.
Line-based text data: This contains HTML source code (for analysing the HTTP
protocol).
14. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
How to grab passwords using Wireshark:
This section deals with how to capture username and password from transferred
packets. If the username and password are not in clear text format, you might have to
use few descriptors to get a readable username and password. The following
screenshot presents a clear text form of packing data. Hence, there is no need of
decryption tools. This technique can be used for FTP, HTTP, and other protocols, since
they are in clear text form
15. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
How to export selected bytes from captured packets:
1) Open any website that has few images of type .jpeg or .gif
2) Ensure that Wireshark’s Capture mode is active and navigate through the
pages with images. o Stop the capture of packets and search for a packet
with HTTP filter. Traverse through the filtered packets to find out the
HTTP call in which the image was retrieved by a GET call.
3) Select the packet and observe the second section. Select the .gif and right
click and select “Export Selected Bytes”. The images can be exported to
the local system successfully.
16. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Detecting Cross Site scripting Vulnerability:
1) Download BTS Pentesting lab from Sourcefoge.net
2) Install XAMPP or WAMPP in your machine
3) Extract the zip file htdocs folder.
4) Open http://localhost/btslab/setup.php url in browser
5) Click setup
17. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Detecting Cross Site scripting Vulnerability:
18. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Detecting Cross Site scripting Vulnerability:
19. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Xenotix – Cross site scripting (XSS)
20. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Xenotix – Cross site scripting (XSS)
21. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Other Tools for Securing REST API:
Fiddler:
Fiddler is an open source tool that lets you monitor, manipulate and reuse HTTP
requests. It can be used for troubleshooting issues with web application and
debugging web traffic from most devices. It can act as an HTTP proxy. It is the easiest
tool to begin testing APIs.
Appspider:
Appspider is a DAST (Dynamic Application Security Testing) tool capable of testing
swagger enabled APIs. Ability to test Swagger enabled APIs saves huge time for
application security testers. AppSpider has two major innovations that enable it to
fully test Swagger APIs. The first is AppSpider’s Universal Translator and the second is
the ability to analyse these Swagger files. The Universal Translator was built to enable
AppSpider to analyse the parts of the application that can’t be crawled, like APIs. The
Universal Translator analyses traffic, normalizes an attacks the application.
22. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Challenges in securing REST:
I. Inspecting the application does not reveal application attack surface: REST APIs
expose resources and transactional operations on them and applications only use
a subset of them. Thus, determining the URL space and attack surface is not easy.
II. Fuzzing standard parameters are not sufficient anymore
III. Guidelines for fuzzing are not defined
IV. Custom authentication and session management breaks common cookie sharing
practices
V. URLS are generated dynamically in REST based services
References: https://www.owasp.org/index.php/REST_Security_Cheat_S heet
23. #ATAGTR2018
As a author of this presentation I/we own the copyright and confirm the originality of the content. I/we allow Agile testing alliance to use the content for social media
marketing, publishing it on ATA Blog or ATA social medial channels(Provided due credit is given to me/us)
Xenotix – Cross site scripting (XSS)