"Why your security team should be excited about containers" - John Downey, Security Lead at Braintree
Twitter: @jtdowney
AWS Chicago user group on Jan 17, 2018 on Evaluating and using ECS, Docker, and Kubernetes
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckBlack Duck by Synopsys
Presented August 11, 2016 by Michael Right, Senior Product Manager, HPE Security Fortify; Mike Pittenger, VP of Security Strategy, Black Duck.
Open source software is an integral part of today’s technology ecosystem, powering everything from enterprise and mobile applications to cloud computing, containers and the Internet of Things.
While open source offers attractive economic and productivity benefits for application development, it also presents organizations with significant security challenges. Every year, thousands of new open source security vulnerabilities – such as Heartbleed, Venom and Shellshock – are reported. Unfortunately, many organizations lack visibility into and control of their open source. Addressing this challenge is vital for ensuring security in applications and containers.
Whether you’re building software for customers or for internal use, the majority of the code is likely open source and securing it is no easy task. In this session, you’ll learn about:
• The evolving DevOps and software security assurance lifecycle in the age of open source
• The software security considerations CISOs, security, and development teams must address when using open source
• An automated approach to identifying vulnerabilities and managing software security assurance for custom and open source code.
Inspec: Turn your compliance, security, and other policy requirements into au...Kangaroot
Inspec: Turn your compliance, security, and other policy requirements into automated tests at #OPEN18 by Mandi Walls, Technical Community Manager at Chef EMEA
InSpec is an open source testing framework for infrastructure with a human- & machine-readable language for specifying compliance, security, and policy requirements. Using a combination of command-line and remote-execution tools, InSpec can help you keep your infrastructure aligned with security and compliance guidelines on an ongoing basis, rather than waiting for and then remediating from arduous annual audits.
This talk covers the basics of working with InSpec 2.0, writing tests to reflect your organisation’s security guidelines, and managing InSpec as part of a high-velocity workflow.
Black Duck's Integration Manager, Kaj Kandler, gave a talk at the 2015 Jenkins User Conference on the four enterprise-ready plugins for the automotive, banking, and telecommunications/OEM industries that he's helped to create at Black Duck. Learn about how to develop these types of plugins for the enterprise and how you can start using Black Duck's new free vulnerability Jenkins plugin!
Software Security Assurance for DevOps - Hewlett Packard Enterprise + Black DuckBlack Duck by Synopsys
Presented August 11, 2016 by Michael Right, Senior Product Manager, HPE Security Fortify; Mike Pittenger, VP of Security Strategy, Black Duck.
Open source software is an integral part of today’s technology ecosystem, powering everything from enterprise and mobile applications to cloud computing, containers and the Internet of Things.
While open source offers attractive economic and productivity benefits for application development, it also presents organizations with significant security challenges. Every year, thousands of new open source security vulnerabilities – such as Heartbleed, Venom and Shellshock – are reported. Unfortunately, many organizations lack visibility into and control of their open source. Addressing this challenge is vital for ensuring security in applications and containers.
Whether you’re building software for customers or for internal use, the majority of the code is likely open source and securing it is no easy task. In this session, you’ll learn about:
• The evolving DevOps and software security assurance lifecycle in the age of open source
• The software security considerations CISOs, security, and development teams must address when using open source
• An automated approach to identifying vulnerabilities and managing software security assurance for custom and open source code.
Inspec: Turn your compliance, security, and other policy requirements into au...Kangaroot
Inspec: Turn your compliance, security, and other policy requirements into automated tests at #OPEN18 by Mandi Walls, Technical Community Manager at Chef EMEA
InSpec is an open source testing framework for infrastructure with a human- & machine-readable language for specifying compliance, security, and policy requirements. Using a combination of command-line and remote-execution tools, InSpec can help you keep your infrastructure aligned with security and compliance guidelines on an ongoing basis, rather than waiting for and then remediating from arduous annual audits.
This talk covers the basics of working with InSpec 2.0, writing tests to reflect your organisation’s security guidelines, and managing InSpec as part of a high-velocity workflow.
Black Duck's Integration Manager, Kaj Kandler, gave a talk at the 2015 Jenkins User Conference on the four enterprise-ready plugins for the automotive, banking, and telecommunications/OEM industries that he's helped to create at Black Duck. Learn about how to develop these types of plugins for the enterprise and how you can start using Black Duck's new free vulnerability Jenkins plugin!
Contain your risk: Deploy secure containers with trust and confidenceBlack Duck by Synopsys
Presented on September 22, 2016 by Brent Baude, Principle Software Engineer, Atomic and Docker Development, Red Hat; Randy Kilmon, VP, Engineering, Black Duck
Organizations are increasingly turning to container environments to meet the demand for faster, more agile software development. But a 2015 study conducted by Forrester Consulting on behalf of Red Hat revealed that 53% of IT operations and development decision makers at global enterprises reported container security concerns as a barrier to adoption.
The challenges of managing security risk increase in scope and complexity when hundreds or even thousands of different open source software components and licenses are part of your application code base. Since 2014, more than 6,000 new open source security vulnerabilities have been reported, making it essential to have good visibility into and control over the open source in use in order to understand if any known vulnerabilities are present.
In this webinar, experts from Red Hat and Black Duck will share the latest insights and recommendations for securing the open source in your containers, including protecting them from vulnerabilities like Heartbleed, Shellshock and Venom. You’ll learn:
• Why container environments present new application security challenges, including those posed by ever-increasing open source use.
• How to scan applications running in containers to identify open source in use and map known open source security vulnerabilities.
• Best practices and methodologies for deploying secure containers with trust and confidence.
Presented by Tim Mackey, Senior Technology Evangelist, Black Duck Software on August 17.
To use containers safely, you need to be aware of potential security issues and the tools you need for securing container-based systems. Secure production use of containers requires an understanding of how attackers might seek to compromise the container, and what you should be aware of to minimize that potential risk.
Tim Mackey, Senior Technical Evangelist at Black Duck Software, provides guidance for developing container security policies and procedures around threats such as:
1. Network security
2. Access control
3. Tamper management and trust
4. Denial of service and SLAs
5. Vulnerabilities
Register today to learn about the biggest security challenges you face when deploying containers, and how you can effectively deal with those threats.
Watch the webinar on BrightTalk: http://bit.ly/2bpdswg
This "mini" version of my CSA Congress talk about building a secure cloud was given at the San Francisco Cloud Security Meetup in November, 2011.
I got some great feedback while giving this talk, and will be applying it to an updated version of this deck which will be released during the CSA Congress, November 15th and 16th 2011.
kali operating system LINUX UNIX MAC Window presentation ubanto MAC KAli features compare of kali and unix in hindi easy present ppt slideshare tolls hacking penetration ethical hacking KALI top ten feature best hacking tool
You need to establish clear operational and security processes around your app and container usage. Join this session to see how enterprise IT can use accelerate business agility, implement DevOps processes, and achieve greater security and control.
Python Web Conference 2022 - Why should devs care about container security.pdfEric Smalling
https://2022.pythonwebconf.com/presentations/why-should-developers-care-about-container-security
Container scanning tools, industry publications, and application security experts are constantly telling us about best practices for how to build our images and run our containers. Often these non-functional requirements seem abstract and are not described well enough for those of us that don't have an appsec background to fully understand why they are important.
In this session, we will:
go over several of the most common practices to best containerize Python applications
show examples of how your application can be exploited in a container
and most importantly, how to easily spot issues and fix your Dockerfiles and deployment manifests before you commit your code
Practical Approaches to Container SecurityShea Stewart
This presentation was a discussion on how bringing container technology should be addressed with regards to security. It is focused on setting expectations that can achieve success when rolling out a new platform in enterprise environments.
As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
Docker is revolutionizing the way organizations build and deploy applications. But while containers make it easier to development teams to package applications with all their dependencies, they make it harder for operations teams to control what software is deployed into production. In this session you will see how Black Duck Hub helps development and operations teams maintain complete visibility and control of the open source in their containers.
Data Theorem is Proud to Be Named a DevSecOps Leader for the Second Year in a Row.
DevSecOps was the only category listed as providing transformational benefits among the Application Security categories listed. DevSecOps approaches enable security teams to keep pace with development and operations teams in modern development and deliver deep integration and automation of security tools.
## Talk delivered at artintoscience.com ##
One of the primary data sources we use on the Splunk Security Research Team is attack data collected from various corners of the globe. We often obtain this data in the wild using honeypots, with the goal of uncovering new or unusual attack techniques and other malicious activities for research purposes. The nirvana state is a honeypot tailored to mimic the kind of attack/attacker you are hoping to study. To do this effectively, the honeypot must very closely resemble a legitimate system. As a principal security research at Splunk, co-founder of Zenedge (Now part of Oracle), and Security Architect at Akamai I have spent many years protecting organizations from targeted as well as internet-wide attacks, and honeypots has been extremely useful (at times better than threat intel) tool at capturing and studying active malicious actors.
In this talk, I aim to provide an introduction to honeypots, explain some of the experiences and lessons learned we have had running Cowrie a medium interaction SSH honeypot base on Kippo. How we modified cowrie to make it more realistic and mimic the systems and attack we are trying to capture as well as our approach for the next generation of honeypots we plan to use in our research work. The audience in this talk will learn how to deploy and use cowrie honeypot as a defense mechanism in their organization. Also, we will share techniques on how to modify cowrie in order to masquerade different systems and vulnerabilities mimicking the asset(s) being defended. Finally, share example data produced by the honeypot and analytic techniques that can be used as feedback to improve the deployed honeypot. We will close off the talk by sharing thoughts on how we are evolving our approach for capturing attack data using honeypots and why.
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...Black Duck by Synopsys
Utsav Sanghani, Product Manager, Integrations and Alliance at Synopsys presented on how to "Black Duck your Code Faster with Black Duck Integrations." For more information, please visit www.blackducksoftware.com
Contain your risk: Deploy secure containers with trust and confidenceBlack Duck by Synopsys
Presented on September 22, 2016 by Brent Baude, Principle Software Engineer, Atomic and Docker Development, Red Hat; Randy Kilmon, VP, Engineering, Black Duck
Organizations are increasingly turning to container environments to meet the demand for faster, more agile software development. But a 2015 study conducted by Forrester Consulting on behalf of Red Hat revealed that 53% of IT operations and development decision makers at global enterprises reported container security concerns as a barrier to adoption.
The challenges of managing security risk increase in scope and complexity when hundreds or even thousands of different open source software components and licenses are part of your application code base. Since 2014, more than 6,000 new open source security vulnerabilities have been reported, making it essential to have good visibility into and control over the open source in use in order to understand if any known vulnerabilities are present.
In this webinar, experts from Red Hat and Black Duck will share the latest insights and recommendations for securing the open source in your containers, including protecting them from vulnerabilities like Heartbleed, Shellshock and Venom. You’ll learn:
• Why container environments present new application security challenges, including those posed by ever-increasing open source use.
• How to scan applications running in containers to identify open source in use and map known open source security vulnerabilities.
• Best practices and methodologies for deploying secure containers with trust and confidence.
Presented by Tim Mackey, Senior Technology Evangelist, Black Duck Software on August 17.
To use containers safely, you need to be aware of potential security issues and the tools you need for securing container-based systems. Secure production use of containers requires an understanding of how attackers might seek to compromise the container, and what you should be aware of to minimize that potential risk.
Tim Mackey, Senior Technical Evangelist at Black Duck Software, provides guidance for developing container security policies and procedures around threats such as:
1. Network security
2. Access control
3. Tamper management and trust
4. Denial of service and SLAs
5. Vulnerabilities
Register today to learn about the biggest security challenges you face when deploying containers, and how you can effectively deal with those threats.
Watch the webinar on BrightTalk: http://bit.ly/2bpdswg
This "mini" version of my CSA Congress talk about building a secure cloud was given at the San Francisco Cloud Security Meetup in November, 2011.
I got some great feedback while giving this talk, and will be applying it to an updated version of this deck which will be released during the CSA Congress, November 15th and 16th 2011.
kali operating system LINUX UNIX MAC Window presentation ubanto MAC KAli features compare of kali and unix in hindi easy present ppt slideshare tolls hacking penetration ethical hacking KALI top ten feature best hacking tool
You need to establish clear operational and security processes around your app and container usage. Join this session to see how enterprise IT can use accelerate business agility, implement DevOps processes, and achieve greater security and control.
Python Web Conference 2022 - Why should devs care about container security.pdfEric Smalling
https://2022.pythonwebconf.com/presentations/why-should-developers-care-about-container-security
Container scanning tools, industry publications, and application security experts are constantly telling us about best practices for how to build our images and run our containers. Often these non-functional requirements seem abstract and are not described well enough for those of us that don't have an appsec background to fully understand why they are important.
In this session, we will:
go over several of the most common practices to best containerize Python applications
show examples of how your application can be exploited in a container
and most importantly, how to easily spot issues and fix your Dockerfiles and deployment manifests before you commit your code
Practical Approaches to Container SecurityShea Stewart
This presentation was a discussion on how bringing container technology should be addressed with regards to security. It is focused on setting expectations that can achieve success when rolling out a new platform in enterprise environments.
As delivered by Tim Mackey, Senior Technical Evangelist - Black Duck Software, at LinuxCon and ContainerCon in Berlin 2016.
Traditionally, when datacenter operators talk about application security, they've tended to focus on issues related to key management, firewalls and data access. By contrast, application developers have a security focus which is more aligned with code analysis and fuzzing techniques.
The reality is, secure application deployment principles extend from the infrastructure layer through the application and include how the application is deployed. With the prevalence of continuous deployment of micro-services, it’s imperative to focus efforts on what attackers’ view as vulnerable; particularly in an environment where new exploits are being disclosed almost daily.
In this session we’ll present:
• How known vulnerabilities can make their way into production deployments
• How deployment of vulnerable code can be minimized
• How to determine the vulnerability status of a container
• How to determine the risk associated with a specific package
Docker is revolutionizing the way organizations build and deploy applications. But while containers make it easier to development teams to package applications with all their dependencies, they make it harder for operations teams to control what software is deployed into production. In this session you will see how Black Duck Hub helps development and operations teams maintain complete visibility and control of the open source in their containers.
Data Theorem is Proud to Be Named a DevSecOps Leader for the Second Year in a Row.
DevSecOps was the only category listed as providing transformational benefits among the Application Security categories listed. DevSecOps approaches enable security teams to keep pace with development and operations teams in modern development and deliver deep integration and automation of security tools.
## Talk delivered at artintoscience.com ##
One of the primary data sources we use on the Splunk Security Research Team is attack data collected from various corners of the globe. We often obtain this data in the wild using honeypots, with the goal of uncovering new or unusual attack techniques and other malicious activities for research purposes. The nirvana state is a honeypot tailored to mimic the kind of attack/attacker you are hoping to study. To do this effectively, the honeypot must very closely resemble a legitimate system. As a principal security research at Splunk, co-founder of Zenedge (Now part of Oracle), and Security Architect at Akamai I have spent many years protecting organizations from targeted as well as internet-wide attacks, and honeypots has been extremely useful (at times better than threat intel) tool at capturing and studying active malicious actors.
In this talk, I aim to provide an introduction to honeypots, explain some of the experiences and lessons learned we have had running Cowrie a medium interaction SSH honeypot base on Kippo. How we modified cowrie to make it more realistic and mimic the systems and attack we are trying to capture as well as our approach for the next generation of honeypots we plan to use in our research work. The audience in this talk will learn how to deploy and use cowrie honeypot as a defense mechanism in their organization. Also, we will share techniques on how to modify cowrie in order to masquerade different systems and vulnerabilities mimicking the asset(s) being defended. Finally, share example data produced by the honeypot and analytic techniques that can be used as feedback to improve the deployed honeypot. We will close off the talk by sharing thoughts on how we are evolving our approach for capturing attack data using honeypots and why.
FLIGHT WEST 2018 Presentation - Integrating Security into Your Development an...Black Duck by Synopsys
Utsav Sanghani, Product Manager, Integrations and Alliance at Synopsys presented on how to "Black Duck your Code Faster with Black Duck Integrations." For more information, please visit www.blackducksoftware.com
### Delivered at grrcon.com ###
One of the primary data sources we use on the Splunk Security Research Team is attack data collected from various corners of the globe. We often obtain this data in the wild using honeypots, with the goal of uncovering new or unusual attack techniques and other malicious activities for research purposes. The nirvana state is a honeypot tailored to mimic the kind of attack/attacker you are hoping to study. To do this effectively, the honeypot must very closely resemble a legitimate system. As a principal security research at Splunk, co-founder of Zenedge (Now part of Oracle), and Security Architect at Akamai I have spent many years protecting organizations from targeted as well as internet-wide attacks, and honeypots has been extremely useful (at times better than threat intel) tool at capturing and studying active malicious actors.
In this talk, I aim to provide an introduction to honeypots, explain some of the experiences and lessons learned we have had running Cowrie a medium interaction SSH honeypot base on Kippo. How we modified cowrie to make it more realistic and mimic the systems and attack we are trying to capture as well as our approach for the next generation of honeypots we plan to use in our research work. The audience in this talk will learn how to deploy and use cowrie honeypot as a defense mechanism in their organization. Also, we will share techniques on how to modify cowrie in order to masquerade different systems and vulnerabilities mimicking the asset(s) being defended. Finally, share example data produced by the honeypot and analytic techniques that can be used as feedback to improve the deployed honeypot. We will close off the talk by sharing thoughts on how we are evolving our approach for capturing attack data using honeypots and why.
Pro Tips for Power Users – Palo Alto Networks Live Community and Fuel User Gr...PaloAltoNetworks
Palo Alto Networks Live Community Senior Engineers Tom and Joe present best security practices at the Fuel Spark event in London. For more details, please visit: https://live.paloaltonetworks.com/t5/Community-Blog/Live-Community-team-at-Spark-User-Summit-London/ba-p/153182
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Join Black Duck and our customer experts on best practices for application security in DevOps.
You’ll learn:
-New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments
-Best practices for designing and incorporating an automated approach to application security into your existing development environment
-Future development and application security challenges organizations will face and what they can do to prepare
Take a step forward from user to maintainer or developer in open source secur...SZ Lin
There are a variety of high-quality open source security-related tools available in penetration testing tools, forensics tools, hardening tools, fuzz tools, and network monitoring tools. These tools could be used freely; however, we might face some issues while using it. Therefore, it is essential to have the ability to maintain or develop these tools. In this slide, SZ Lin introduces Security Tools Packaging Team in Debian; this team aims to maintain collaboratively many security tools and merge back tools packaged by security-oriented Debian derivatives (e.g., Kali). Also, SZ shares the experience in discussing and collaborating with open source maintainers and developers in open source security-related tools.
How do organizations build secure applications, given today's rapidly moving and evolving DevOps practices? Join Black Duck and our customer experts on best practices for application security in DevOps.
You’ll learn:
-New security challenges facing today’s popular DevOps and Continuous Integration (CI) practices, including managing custom code and open source risks with containers and traditional environments
-Best practices for designing and incorporating an automated approach to application security into your existing development environment
-Future development and application security challenges organizations will face and what they can do to prepare
Truly Secure: The Steps a Security Practitioner Took to Build a Secure Public...John Kinsella
My CSA 2011 talk - gives an overview of what one needs to do to review the security if a commercial or open-source cloud stack and feel confident in providing secure cloud services.
Implementing Secure DevOps on Public Cloud PlatformsGaurav "GP" Pal
Businesses are looking to accelerate the delivery of production quality software with fewer defects, and better security. Continuous Integration/Continuous Deployment (CI/CD) also known as DevOps is a rapidly maturing practice for reducing the time and effort it takes to test and deploy code into production. The rapid automation of the integration and deployment activities is common especially on cloud-based platforms. Adding security testing into the DevOps pipeline can help address the needs of regulated, compliance and public sector focused organizations. This white paper describes the use of open source technologies and commercial packages to design and deploy a Secure DevOps pipeline. Tools such as Yasca, SonarQube, and OpenSCAP amongst others when integrated with vulnerability scanners such as Tenable Nessus, HP Fortify and others provide a robust SecDevOps implementation. This white paper by stackArmor provides an overview on how an organization can implement a Secure DevOps pipeline and its key elements.
CNS440 – Lab Assignment Week 2
Complete Lab 1: Performing Reconnaissance and Probing using Common Tools
Typically, attackers, malicious users, and/or hackers follow these steps in waging attacks:
1. Reconnaissance / Scanning
2. Vulnerability Analysis (enumeration)
3. Exploitation (the actual attack)
4. Post attack clean-up (anti-forensics)
In Lab 1, you will reconnaissance and scan a local network to identify the local hosts, open ports,
and services enabled on the local servers. You will use Wireshark to capture and analyze traffic,
Nessus to scan the network; review a sample of collection of data using the NetWitness
Investigator, connect to a remote Windows machine and explore two file transfer applications –
FileZilla and Tftpd64. You will use PuTTY to connect a Linux machine and run several Cisco
commands to display statistics for the network interfaces. You will use Zenmap (the graphical
version of the popular reconnaissance tool nmap) to scan the network and create a network
topology chart.
Section 1 is a hands-on demonstration – a lot of the steps are repeated in the Section 2 where you
have to actually experiment as part of your applied learning. You can go over Section 1 to get a
grip; keep the focus on Section 2. Upon Completion of Lab 1, you are required to provide the
following deliverables in the submission folder in D2L for this lab:
1. One .docx or .pdf document that contains:
1.1. A summary what you find most interesting and/or most challenging in the lab
1.2. All the screenshots as indicated in the Lab Manual for the lab in the online platform
2. All the remaining files, if there any, as indicated in the Lab Manual for the lab in the
online platform.
CNS440 – Lab Assignment Week 6
Complete Lab 10: Implementing an Information Systems Security Policy
In this lab, you will act as a member of the network security team. You have been given an
assignment to implement two security standards that have been accepted by the organization.
First you will enforce a newly adopted corporate password policy using the Group Policy
Management Console. Additionally, the new policy dictates that all servers on a given subnet
must be members of the Active Directory domain, but your organization has a Linux workstation
that is currently a standalone system. You will join the Linux machine to the Active Directory
domain using an open source tool, PowerBroker Identity Services Open.
Section 1 is a hands-on demonstration – a lot of the steps are repeated in the Section 2 where you
have to actually experiment as part of your applied learning. You can go over Section 1 to get a
grip; keep the focus on Section 2. Upon Completion of Lab 6, you are required to provide the
following deliverables in the Dropbox folder in D2L for this lab:
1. One .docx or .pdf document that contains:
1.1. A summary what you find most interesting and/or most challenging in the lab
1.2. All the scr.
Similar to AWS Chicago talk from John Downey - Containers and security (20)
AWS reInvent 2023 recaps from Chicago AWS user groupAWS Chicago
Chicago AWS Solutions Architect Scott Hewitt recaps the non-GenAI updates from AWS re:Invent 2023. Updates range from storage, networking, compute and developer tools.
MARK GAMBLE_ASC For Really Remote Edge Computing - AWS Community Day Chicago ...AWS Chicago
Mark Gamble
AWS Communtity Day Midwest 2023
ASC For Really Remote Edge Computing: How AWS Snowball + SpaceX Starlink + Couchbase Capella = more uptime, lower latency and better bandwidth usage for apps at the edge
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Elevating Tactical DDD Patterns Through Object CalisthenicsDorra BARTAGUIZ
After immersing yourself in the blue book and its red counterpart, attending DDD-focused conferences, and applying tactical patterns, you're left with a crucial question: How do I ensure my design is effective? Tactical patterns within Domain-Driven Design (DDD) serve as guiding principles for creating clear and manageable domain models. However, achieving success with these patterns requires additional guidance. Interestingly, we've observed that a set of constraints initially designed for training purposes remarkably aligns with effective pattern implementation, offering a more ‘mechanical’ approach. Let's explore together how Object Calisthenics can elevate the design of your tactical DDD patterns, offering concrete help for those venturing into DDD for the first time!
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
AWS Chicago talk from John Downey - Containers and security
1. Why your security team
should be excited about
containers
John Downey | @jtdowney
2. The views expressed in this
presentation are my own, and not
those of PayPal or any of its affiliates.
3.
4.
5. My tl;dr for security
1. Patch your stuff (language, libraries, OS, etc)
4 requires knowing what you run
2. Use strong unique passwords and turn on two-factor
4 requires a password manager
6. My tl;dr for security
1. Patch your stuff (language, libraries, OS, etc)
4 requires knowing what you run
2. Use strong unique passwords and turn on two-factor
4 requires a password manager
8. Docker will do to apt what apt did to tar. --Bryan Cantrill
4 All software dependencies in one spot
4 Images can change independent of each other
4 Nothing else on the system cares what is in the image
9. Common headaches
4 Your management tools are using the same
environment as your deploy code
4 Other software on the system uses the environment
4 You have to match the version used by a different
team
14. Where it breaks down
4 Monitoring: Teams don't know something is even
vulnerable
4 Discoverability: Teams don't even know they running
something at all
15.
16.
17. Explicit dependencies
4 If it is a dependency, you're putting it into the image
somehow
4 Creates a good checkpoint to take a look at that
dependency
23. 4 Have a clear demarcation of what is the apps
environment
4 Enable extra protections just for the app
4 SELinux, AppArmor, seccomp-bpf
4 Start containers with read-only filesystems
24. 4 Use tools to analyze what the app is doing
4 auditd
4 eBPF
4 sysdig
27. Mysterious configurations
4 Why does this work on server02.us-west2 but not
server05.us-east2?
4 Why is this package this version
4 Did someone manually apt-get installed the
package?
34. 4 Adds a layer of indirection
4 You can use that indirection for access control
4 Previously needed access to the whole box
4 Now you just need API access