Speaking about how to go about taking security seriously in a digital company. Be it from scratch, or fixing a legacy codebase, learn from Canada Revenue Agency's Heartbleed mess-up and advice from a white-hat hacker.
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
Brucon 2016
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us.
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
The document discusses cybersecurity risks and how developers can help address them. It notes that cybercriminals target developers because they have privileged access and knowledge of systems. Developers are often too trusting and ignore security, installing software without checking for malware or disabling certificate validation. The talk urges developers to take security more seriously by keeping systems updated, using strong authentication, and being wary of suspicious network connections and downloads from untrusted sources. Developers must help address the growing problem of cybercrime by promoting secure development best practices.
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
JavaOne 2016 Talk
In the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cybercriminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
A lecture given during a 2 hours workshop with journalism students to introduce them to Digital Security and OPSEC. The goal of this lecture is not to train them in using these tools but simply to raise awareness on the dangers and potential solutions.
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
By A.K. Vishwanathan, Senior Director – Enterprise Risk Services, Deloitte India
Vis is a Chartered Accountant, has a Certified in Risk and Information System Control (CRISC) and a member of the Information Systems Audit and Controls Association (ISACA).
He has advised large organisations in their endeavour in information security and controls, and led risk consulting in complex environments and regulated industries; specifically banking and financial services, telecom, manufacturing, oil and gas, pharma and life sciences and government sector.
Building a Successful Internal Adversarial Simulation Team - Chris Gates & Ch...Chris Gates
Brucon 2016
The evolution chain in security testing is fundamentally broken due to a lack of understanding, reduction of scope, and a reliance on vulnerability “whack a mole.” To help break the barriers of the common security program we are going to have to divorce ourselves from the metrics of vulnerability statistics and Pavlovian risk color charts and really get to work on how our security programs perform during a REAL event. To do so, we must create an entirely new set of metrics, tests, procedures, implementations and repeatable process. It is extremely rare that a vulnerability causes a direct risk to an environment, it is usually what the attacker DOES with the access gained that matters. In this talk we will discuss the way that Internal and external teams have been created to simulate a REAL WORLD attack and work hand in hand with the Defensive teams to measure the environments resistance to the attacks. We will demonstrate attacks, capabilities, TTP’s tracking, trending, positive metrics, hunt integration and most of all we will lay out a road map to STOP this nonsense of Red vs BLUE and realize that we are all on the same team. Sparring and training every day to be ready for the fight when it comes to us.
Cybercrime and the Developer Java2Days 2016 SofiaSteve Poole
The document discusses cybersecurity risks and how developers can help address them. It notes that cybercriminals target developers because they have privileged access and knowledge of systems. Developers are often too trusting and ignore security, installing software without checking for malware or disabling certificate validation. The talk urges developers to take security more seriously by keeping systems updated, using strong authentication, and being wary of suspicious network connections and downloads from untrusted sources. Developers must help address the growing problem of cybercrime by promoting secure development best practices.
Cybercrime and the Developer: How to Start Defending Against the Darker Side...Steve Poole
JavaOne 2016 Talk
In the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cybercriminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
A lecture given during a 2 hours workshop with journalism students to introduce them to Digital Security and OPSEC. The goal of this lecture is not to train them in using these tools but simply to raise awareness on the dangers and potential solutions.
Cyber Security Awareness introduction. Why is Cyber Security important? What do I have to do to protect me from Cyber attacks? How to create a IT Security Awareness Plan ?
Global Cyber Security Outlook - Deloitte (Hotel_Digital_Security_Seminar_Sept...XEventsHospitality
By A.K. Vishwanathan, Senior Director – Enterprise Risk Services, Deloitte India
Vis is a Chartered Accountant, has a Certified in Risk and Information System Control (CRISC) and a member of the Information Systems Audit and Controls Association (ISACA).
He has advised large organisations in their endeavour in information security and controls, and led risk consulting in complex environments and regulated industries; specifically banking and financial services, telecom, manufacturing, oil and gas, pharma and life sciences and government sector.
The document discusses various risks facing organizations with a web presence and provides recommendations to address those risks. It identifies issues such as security vulnerabilities, privacy concerns, social media risks, and analytics inaccuracies. It recommends that organizations conduct security audits, monitor their websites for hackability, disclose any required information, and stay aware of their site's performance, uptime, and what search engines are indexing about them.
11 Commandments of Cyber Security for the Homezaimorkai
The document provides 11 commandments of cyber security for home users. The commandments are: 1) pay attention, 2) use anti-malware software, 3) use firewalls, 4) update all software and systems regularly, 5) use strong passwords and multi-factor authentication, 6) backup data regularly, 7) trust but verify suspicious messages and links, 8) secure your home network, 9) use a VPN for public WiFi, 10) be wary of things that seem too good to be true, and 11) the attacker will likely move on to easier targets if you follow cyber security best practices. Examples and explanations are provided for each commandment.
Jax london2016 cybercrime-and-the-developerSteve Poole
In the emerging world of DevOps and the Cloud, most developers are trying to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resiliency and scaling to an application. Still, one critical item consistently overlooked is security.
The world of the Cyber Criminal is closer than you realize. Watch a real man-in-the-middle demonstration and learn just how simple it can be for others to steal your secrets. In this talk you’ll learn about other practical examples of how you can inadvertently leave the doors open and what you can do to keep your system secure. In the end, security is everyone’s concern and this talk will teach you a few of simple actions you can take (and some behaviours you must change) to create a more secure application in the Cloud.
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library. There's a focus on practical ways to secure yourself, browsers and other things. Also some dicussion on privacy
Delivered by Patrick Laverty and his daughter, this is about how kids can stay safe online. Various tips, suggestions and recommendations are given to keep children safe when they go on the internet.
Cybercrime and the Developer: How to Start Defending Against the Darker SideSteve Poole
In the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviours you must change) to create a more secure Java application for the cloud. The world of the cybercriminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
My Parents Configured Their Living RoomMichael Goetz
All of us here have some idea of what we mean when speaking about "Configuration Management". Unfortunately, we are rarely alone in the world carrying out great deeds. There is a massive population on the planet that simply looks with a deadened gaze when we talk about what we do, yet they manage to “manage” configurations all the time. What if it didn't have to be that way? What if we learned how to speak in the different technical "languages" to help others understand the value being provided? Let’s take a look at some different approaches to help coworkers understand (and maybe even participate) in the work that we do.
Keeping you and your library safe and secureLYRASIS
This document discusses the importance of library security and provides tips for keeping libraries secure. It begins by noting that security is both a feeling and a reality. It then discusses how libraries are targets and how easy it is for attackers to succeed. The document provides tips for securing laptops, email, web browsers, and public access computers. It emphasizes updating software, using strong and unique passwords, backing up data, and preparing security policies and training staff and patrons. The overall message is that libraries must take security seriously and apply layers of protection through preparation and an ongoing commitment to maintaining security.
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
This document summarizes the key points from a security presentation given by John "geekspeed" Stauffacher and Matthew "mattrix" Hoy. The presentation discusses how relying too heavily on automated detection tools has weakened many organizations' security posture and response capabilities. It advocates adopting a "Cleaner" approach that goes beyond just reimaging systems to identify threats, attackers' capabilities, and actions to stop attackers. Key areas that need improvement are outlined such as inadequate preparation, treating security as an afterthought, and failing to understand attackers' motives and methods in order to better defend against future incidents. Specific tools and techniques are also provided that can help with tasks like identifying attackers, containing compromises, and learning lessons to strengthen defenses going
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
Data breaches and digital theft are now so frequent in the daily news cycle we have almost become numb to it. Information Security professionals often get asked by friends and family if large companies and government agencies are not able to stop attackers, what chance does an individual or a small business have?
This presentation was made to serve as a guide for Information Security professionals to reference when they are asked “What can the little guy do to be secure?” and for the non-technical to get started with improving their own personal digital security.
Protecting Your IP: Data Security for Software TechnologyShawn Tuma
Cybersecurity attorney Shawn Tuma presented on Protecting Your IP: Data Security for Software Technology at Texas Bar CLE's Intellectual Property Law 101 Course for 2017 on February 22, 2017 in Austin, Texas.
From Beer City Code Conference, Grand Rapids, MI - 2017
OWASP, SANS, Threat Modeling, Static Code Analysis, DevSkim, Burp Suite, WireShark, Fiddler, Agile, Use Cases, Code Review, Pull Request, Git, GitFlow, Red Team, Blue Team, Metasploit, NIST, TLS, Kali Linux,
This document discusses strategies for taking a more proactive "blitzing" approach to network defense. It recommends gathering intelligence on attackers through monitoring social media, pastebins, Google alerts and more. It also suggests deceiving attackers through honeypots and misinformation while closely monitoring systems. The goal is to shorten attackers' time on the network through increased detection, delay and disruption techniques.
This document provides an overview and guidelines for a talk given by Sean Satterlee on various security topics. It begins with disclaimers and introduces the speaker. The main section provides a "howto" or "readme" for the talk, noting that it will jump around topics and chase rabbits. It encourages questions from friends in the audience. Later sections discuss reconnaissance techniques like physical surveillance, social engineering, and open source intelligence gathering. OSINT tools are listed and using inadvertent data exposures are explained. The document concludes by acknowledging the need to qualify statements and asking if there are any relevant questions.
Software runs today’s business; however, security implications are often misunderstood, creating significant organizational risk. Poorly configured servers, 3rd-party software, and continuous release cycles put additional pressure on already stressed teams.
Hackers no longer just exploit vulnerabilities in code -- faulty cloud deployments, weak database structures, and business logic problems are also easy targets for attackers. To reduce risk, you’ve got to audit your system in the same way an attacker would.
This presentation demonstrates how attackers compromise the modern enterprise. For each attack demonstrated, mitigation practices will be discussed. WARNING: software will be harmed during this presentation. Viewer discretion advised.
An Introduction To IT Security And Privacy In LibrariesBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library
50
مبادرة
#تواصل_تطوير
المحاضرة الخمسون من المبادرة مع
المهندس / أشرف صلاح الدين إبراهيم
استشاري أمن المعلومات والتحول الرقمي
بعنوان
كيف تبقى آمنا وتحمي معلوماتك في العصر الرقمي
(التحديات -الأساليب-المخاطر)
How to stay secured online
( challenges - Risks - Tools )
التاسعة مساء توقيت مكة المكرمةالإثنين31أغسطس2020
وذلك عبر تطبيق زووم من خلال الرابط
https://us02web.zoom.us/meeting/register/tZMtdeCtpj0pGtdEDxCUQAp7hw760rmy719g
علما ان هناك بث مباشر للمحاضرة على وقناة يوتيوب
https://www.youtube.com/user/EEAchannal
للتواصل مع إدارة المبادرة عبر قناة تيليجرام
الرابط
https://t.me/EEAKSA
رابط اللينكدان والمكتبة الالكترونية
www.linkedin.com/company/eeaksa-egyptian-engineers-association/
رابط التسجيل العام للمحاضرات
https://forms.gle/vVmw7L187tiATRPw9
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
More Related Content
Similar to Basic Security for Digital Companies - #MarketersUnbound (2014)
The document discusses various risks facing organizations with a web presence and provides recommendations to address those risks. It identifies issues such as security vulnerabilities, privacy concerns, social media risks, and analytics inaccuracies. It recommends that organizations conduct security audits, monitor their websites for hackability, disclose any required information, and stay aware of their site's performance, uptime, and what search engines are indexing about them.
11 Commandments of Cyber Security for the Homezaimorkai
The document provides 11 commandments of cyber security for home users. The commandments are: 1) pay attention, 2) use anti-malware software, 3) use firewalls, 4) update all software and systems regularly, 5) use strong passwords and multi-factor authentication, 6) backup data regularly, 7) trust but verify suspicious messages and links, 8) secure your home network, 9) use a VPN for public WiFi, 10) be wary of things that seem too good to be true, and 11) the attacker will likely move on to easier targets if you follow cyber security best practices. Examples and explanations are provided for each commandment.
Jax london2016 cybercrime-and-the-developerSteve Poole
In the emerging world of DevOps and the Cloud, most developers are trying to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resiliency and scaling to an application. Still, one critical item consistently overlooked is security.
The world of the Cyber Criminal is closer than you realize. Watch a real man-in-the-middle demonstration and learn just how simple it can be for others to steal your secrets. In this talk you’ll learn about other practical examples of how you can inadvertently leave the doors open and what you can do to keep your system secure. In the end, security is everyone’s concern and this talk will teach you a few of simple actions you can take (and some behaviours you must change) to create a more secure application in the Cloud.
An Introduction To IT Security And Privacy In Libraries & AnywhereBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library. There's a focus on practical ways to secure yourself, browsers and other things. Also some dicussion on privacy
Delivered by Patrick Laverty and his daughter, this is about how kids can stay safe online. Various tips, suggestions and recommendations are given to keep children safe when they go on the internet.
Cybercrime and the Developer: How to Start Defending Against the Darker SideSteve Poole
In the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security. In this session, learn about a few of the simple actions you can take (and some behaviours you must change) to create a more secure Java application for the cloud. The world of the cybercriminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
My Parents Configured Their Living RoomMichael Goetz
All of us here have some idea of what we mean when speaking about "Configuration Management". Unfortunately, we are rarely alone in the world carrying out great deeds. There is a massive population on the planet that simply looks with a deadened gaze when we talk about what we do, yet they manage to “manage” configurations all the time. What if it didn't have to be that way? What if we learned how to speak in the different technical "languages" to help others understand the value being provided? Let’s take a look at some different approaches to help coworkers understand (and maybe even participate) in the work that we do.
Keeping you and your library safe and secureLYRASIS
This document discusses the importance of library security and provides tips for keeping libraries secure. It begins by noting that security is both a feeling and a reality. It then discusses how libraries are targets and how easy it is for attackers to succeed. The document provides tips for securing laptops, email, web browsers, and public access computers. It emphasizes updating software, using strong and unique passwords, backing up data, and preparing security policies and training staff and patrons. The overall message is that libraries must take security seriously and apply layers of protection through preparation and an ongoing commitment to maintaining security.
n the world of DevOps and the cloud, most developers have to learn new technologies and methodologies. The focus tends to be on adding capabilities such as resilience and scaling to an application. One critical aspect consistently overlooked is security.
In this session, learn about a few of the simple actions you can take (and some behaviors you must change) to create a more secure Java application for the cloud. The world of the cyber criminal is closer than you realize. Hear how at risk your application may be, see practical examples of how you can inadvertently leave the doors open, and understand what you can do to make your Java solution more secure.
Threat hunting - Every day is hunting seasonBen Boyd
Breakout Presentation by Ben Boyd during the 2018 Nebraska Cybersecurity Conference.
Introduction to Threat Hunting and helpful steps for building a Threat Hunting Program of any size, from small to massive.
This document summarizes the key points from a security presentation given by John "geekspeed" Stauffacher and Matthew "mattrix" Hoy. The presentation discusses how relying too heavily on automated detection tools has weakened many organizations' security posture and response capabilities. It advocates adopting a "Cleaner" approach that goes beyond just reimaging systems to identify threats, attackers' capabilities, and actions to stop attackers. Key areas that need improvement are outlined such as inadequate preparation, treating security as an afterthought, and failing to understand attackers' motives and methods in order to better defend against future incidents. Specific tools and techniques are also provided that can help with tasks like identifying attackers, containing compromises, and learning lessons to strengthen defenses going
Devnexus 2017 Cybercrime and the Developer: How do you make a difference?Steve Poole
Cybercrime how bad can it be? Organised attacks around the world in 2016 have shown how unprepared we are to deal with the growth of Cybercrime. In this talk learn a little about the scale of the challenge developers face from assaults on our systems. Be prepared to be appalled and scared. Fainting is not allowed. Discover how to fight back and see how you can change your behaviour and your code to defend against these attacks.
Your destiny is clear - it’s time to be come a Cyber Defender
Data breaches and digital theft are now so frequent in the daily news cycle we have almost become numb to it. Information Security professionals often get asked by friends and family if large companies and government agencies are not able to stop attackers, what chance does an individual or a small business have?
This presentation was made to serve as a guide for Information Security professionals to reference when they are asked “What can the little guy do to be secure?” and for the non-technical to get started with improving their own personal digital security.
Protecting Your IP: Data Security for Software TechnologyShawn Tuma
Cybersecurity attorney Shawn Tuma presented on Protecting Your IP: Data Security for Software Technology at Texas Bar CLE's Intellectual Property Law 101 Course for 2017 on February 22, 2017 in Austin, Texas.
From Beer City Code Conference, Grand Rapids, MI - 2017
OWASP, SANS, Threat Modeling, Static Code Analysis, DevSkim, Burp Suite, WireShark, Fiddler, Agile, Use Cases, Code Review, Pull Request, Git, GitFlow, Red Team, Blue Team, Metasploit, NIST, TLS, Kali Linux,
This document discusses strategies for taking a more proactive "blitzing" approach to network defense. It recommends gathering intelligence on attackers through monitoring social media, pastebins, Google alerts and more. It also suggests deceiving attackers through honeypots and misinformation while closely monitoring systems. The goal is to shorten attackers' time on the network through increased detection, delay and disruption techniques.
This document provides an overview and guidelines for a talk given by Sean Satterlee on various security topics. It begins with disclaimers and introduces the speaker. The main section provides a "howto" or "readme" for the talk, noting that it will jump around topics and chase rabbits. It encourages questions from friends in the audience. Later sections discuss reconnaissance techniques like physical surveillance, social engineering, and open source intelligence gathering. OSINT tools are listed and using inadvertent data exposures are explained. The document concludes by acknowledging the need to qualify statements and asking if there are any relevant questions.
Software runs today’s business; however, security implications are often misunderstood, creating significant organizational risk. Poorly configured servers, 3rd-party software, and continuous release cycles put additional pressure on already stressed teams.
Hackers no longer just exploit vulnerabilities in code -- faulty cloud deployments, weak database structures, and business logic problems are also easy targets for attackers. To reduce risk, you’ve got to audit your system in the same way an attacker would.
This presentation demonstrates how attackers compromise the modern enterprise. For each attack demonstrated, mitigation practices will be discussed. WARNING: software will be harmed during this presentation. Viewer discretion advised.
An Introduction To IT Security And Privacy In LibrariesBlake Carver
An hour long presentation I gave for LYRASIS. It introduces many topics in security and privacy on the internet and computers and any other type of device with an ip address. IOT Internet of things, browsers, portable devices and more. In this hour I focused on things to train in libraries, security awareness training and other things relevant to people in libraries. Librarians and anyone else in a library
50
مبادرة
#تواصل_تطوير
المحاضرة الخمسون من المبادرة مع
المهندس / أشرف صلاح الدين إبراهيم
استشاري أمن المعلومات والتحول الرقمي
بعنوان
كيف تبقى آمنا وتحمي معلوماتك في العصر الرقمي
(التحديات -الأساليب-المخاطر)
How to stay secured online
( challenges - Risks - Tools )
التاسعة مساء توقيت مكة المكرمةالإثنين31أغسطس2020
وذلك عبر تطبيق زووم من خلال الرابط
https://us02web.zoom.us/meeting/register/tZMtdeCtpj0pGtdEDxCUQAp7hw760rmy719g
علما ان هناك بث مباشر للمحاضرة على وقناة يوتيوب
https://www.youtube.com/user/EEAchannal
للتواصل مع إدارة المبادرة عبر قناة تيليجرام
الرابط
https://t.me/EEAKSA
رابط اللينكدان والمكتبة الالكترونية
www.linkedin.com/company/eeaksa-egyptian-engineers-association/
رابط التسجيل العام للمحاضرات
https://forms.gle/vVmw7L187tiATRPw9
Similar to Basic Security for Digital Companies - #MarketersUnbound (2014) (20)
Hand Rolled Applicative User ValidationCode KataPhilip Schwarz
Could you use a simple piece of Scala validation code (granted, a very simplistic one too!) that you can rewrite, now and again, to refresh your basic understanding of Applicative operators <*>, <*, *>?
The goal is not to write perfect code showcasing validation, but rather, to provide a small, rough-and ready exercise to reinforce your muscle-memory.
Despite its grandiose-sounding title, this deck consists of just three slides showing the Scala 3 code to be rewritten whenever the details of the operators begin to fade away.
The code is my rough and ready translation of a Haskell user-validation program found in a book called Finding Success (and Failure) in Haskell - Fall in love with applicative functors.
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
Odoo ERP software
Odoo ERP software, a leading open-source software for Enterprise Resource Planning (ERP) and business management, has recently launched its latest version, Odoo 17 Community Edition. This update introduces a range of new features and enhancements designed to streamline business operations and support growth.
The Odoo Community serves as a cost-free edition within the Odoo suite of ERP systems. Tailored to accommodate the standard needs of business operations, it provides a robust platform suitable for organisations of different sizes and business sectors. Within the Odoo Community Edition, users can access a variety of essential features and services essential for managing day-to-day tasks efficiently.
This blog presents a detailed overview of the features available within the Odoo 17 Community edition, and the differences between Odoo 17 community and enterprise editions, aiming to equip you with the necessary information to make an informed decision about its suitability for your business.
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
A Study of Variable-Role-based Feature Enrichment in Neural Models of CodeAftab Hussain
Understanding variable roles in code has been found to be helpful by students
in learning programming -- could variable roles help deep neural models in
performing coding tasks? We do an exploratory study.
- These are slides of the talk given at InteNSE'23: The 1st International Workshop on Interpretability and Robustness in Neural Software Engineering, co-located with the 45th International Conference on Software Engineering, ICSE 2023, Melbourne Australia
Flutter is a popular open source, cross-platform framework developed by Google. In this webinar we'll explore Flutter and its architecture, delve into the Flutter Embedder and Flutter’s Dart language, discover how to leverage Flutter for embedded device development, learn about Automotive Grade Linux (AGL) and its consortium and understand the rationale behind AGL's choice of Flutter for next-gen IVI systems. Don’t miss this opportunity to discover whether Flutter is right for your project.
Transform Your Communication with Cloud-Based IVR SolutionsTheSMSPoint
Discover the power of Cloud-Based IVR Solutions to streamline communication processes. Embrace scalability and cost-efficiency while enhancing customer experiences with features like automated call routing and voice recognition. Accessible from anywhere, these solutions integrate seamlessly with existing systems, providing real-time analytics for continuous improvement. Revolutionize your communication strategy today with Cloud-Based IVR Solutions. Learn more at: https://thesmspoint.com/channel/cloud-telephony
Do you want Software for your Business? Visit Deuglo
Deuglo has top Software Developers in India. They are experts in software development and help design and create custom Software solutions.
Deuglo follows seven steps methods for delivering their services to their customers. They called it the Software development life cycle process (SDLC).
Requirement — Collecting the Requirements is the first Phase in the SSLC process.
Feasibility Study — after completing the requirement process they move to the design phase.
Design — in this phase, they start designing the software.
Coding — when designing is completed, the developers start coding for the software.
Testing — in this phase when the coding of the software is done the testing team will start testing.
Installation — after completion of testing, the application opens to the live server and launches!
Maintenance — after completing the software development, customers start using the software.
Why Mobile App Regression Testing is Critical for Sustained Success_ A Detail...kalichargn70th171
A dynamic process unfolds in the intricate realm of software development, dedicated to crafting and sustaining products that effortlessly address user needs. Amidst vital stages like market analysis and requirement assessments, the heart of software development lies in the meticulous creation and upkeep of source code. Code alterations are inherent, challenging code quality, particularly under stringent deadlines.
Mobile App Development Company In Noida | Drona InfotechDrona Infotech
Looking for a reliable mobile app development company in Noida? Look no further than Drona Infotech. We specialize in creating customized apps for your business needs.
Visit Us For : https://www.dronainfotech.com/mobile-application-development/
Utilocate offers a comprehensive solution for locate ticket management by automating and streamlining the entire process. By integrating with Geospatial Information Systems (GIS), it provides accurate mapping and visualization of utility locations, enhancing decision-making and reducing the risk of errors. The system's advanced data analytics tools help identify trends, predict potential issues, and optimize resource allocation, making the locate ticket management process smarter and more efficient. Additionally, automated ticket management ensures consistency and reduces human error, while real-time notifications keep all relevant personnel informed and ready to respond promptly.
The system's ability to streamline workflows and automate ticket routing significantly reduces the time taken to process each ticket, making the process faster and more efficient. Mobile access allows field technicians to update ticket information on the go, ensuring that the latest information is always available and accelerating the locate process. Overall, Utilocate not only enhances the efficiency and accuracy of locate ticket management but also improves safety by minimizing the risk of utility damage through precise and timely locates.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Neo4j - Product Vision and Knowledge Graphs - GraphSummit ParisNeo4j
Dr. Jesús Barrasa, Head of Solutions Architecture for EMEA, Neo4j
Découvrez les dernières innovations de Neo4j, et notamment les dernières intégrations cloud et les améliorations produits qui font de Neo4j un choix essentiel pour les développeurs qui créent des applications avec des données interconnectées et de l’IA générative.
What is Augmented Reality Image Trackingpavan998932
Augmented Reality (AR) Image Tracking is a technology that enables AR applications to recognize and track images in the real world, overlaying digital content onto them. This enhances the user's interaction with their environment by providing additional information and interactive elements directly tied to physical images.
43. What could CRA have
done?
• Have a competent security officer or sysadmin
44. What could CRA have
done?
• Have a competent security officer or sysadmin
• Inter-department cooperation with CSEC
(they knew 1 day before Heartbleed went public)
45. What could CRA have
done?
• Have a competent security officer or sysadmin
• Inter-department cooperation with CSEC
(they knew 1 day before Heartbleed went public)
• A way for people to tell them security issues
46. What could CRA have
done?
• Have a competent security officer or sysadmin
• Inter-department cooperation with CSEC
(they knew 1 day before Heartbleed went public)
• A way for people to tell them security issues
• Be quick!
47. “We don’t have time or money to think about
security right now.”
–Almost any company
49. Responsible Disclosure
• Officially allows users/hackers/researchers to
contact you about security issues
• Basically just a webpage
• Cheapest security investment you can make*
*depending who you talk you
50. Who has a RD policy?
•
• Microsoft
• GitHub
• Apple
• Tesla Motors… Yes, really
54. Lessons learned
• It’s pesky and time consuming if you have security
debt
55. Lessons learned
• It’s pesky and time consuming if you have security
debt
• Expect a lot of bullshit, entitlement, and comedy
(See @CluelessSec)
56. Lessons learned
• It’s pesky and time consuming if you have security
debt
• Expect a lot of bullshit, entitlement, and comedy
(See @CluelessSec)
• Expect to be humbled
59. Responsible Disclosure:
you should have it
The bare minimum:
• Offer no reward or swag
• Tell people what’s acceptable, what’s not
60. Responsible Disclosure:
you should have it
The bare minimum:
• Offer no reward or swag
• Tell people what’s acceptable, what’s not
• Provide a special email or a direct phone number
61. Security 101 for Digital Companies
aka “How to not get hacked within a year”*
68. Encrypt your passwords!
The consequences
• Domino effect with other customer’s accounts
• Permanent black mark on your company record
69. Encrypt your passwords!
The consequences
• Domino effect with other customer’s accounts
• Permanent black mark on your company record
• You could be sued. Maybe even class-action
70. Encrypt your passwords!
The consequences
• Domino effect with other customer’s accounts
• Permanent black mark on your company record
• You could be sued. Maybe even class-action
• It’s so cheap and easy to do now. Why not?
72. Encrypt your passwords!
But, don’t roll your own crypto
• MD5, SHA1, etc. were not designed for passwords
73. Encrypt your passwords!
But, don’t roll your own crypto
• MD5, SHA1, etc. were not designed for passwords
• Use a password hashing library for your language
74. Encrypt your passwords!
But, don’t roll your own crypto
• MD5, SHA1, etc. were not designed for passwords
• Use a password hashing library for your language
• It should use bcrypt, scrypt, PBKDF2, or an
algorithm designed for passwords
75. Encrypt your passwords!
But, don’t roll your own crypto
• MD5, SHA1, etc. were not designed for passwords
• Use a password hashing library for your language
• It should use bcrypt, scrypt, PBKDF2, or an
algorithm designed for passwords
• You want it to be slow to hash, maybe 1 second
91. • Foreign & domestic governments
• Them nasty hackers
92. • Foreign & domestic governments
• Them nasty hackers
• Even that “innocent” person at the café
93. • Foreign & domestic governments
• Them nasty hackers
• Even that “innocent” person at the café
• Your competitor?
94. • Foreign & domestic governments
• Them nasty hackers
• Even that “innocent” person at the café
• Your competitor?
• Users find comfort in green padlocks…
96. Get Auth & Auth Right!
• Research latest Authorization & Authentication
practices or libraries
97. Get Auth & Auth Right!
• Research latest Authorization & Authentication
practices or libraries
• The most common languages or frameworks
already have libraries available
98. Get Auth & Auth Right!
• Research latest Authorization & Authentication
practices or libraries
• The most common languages or frameworks
already have libraries available
• A rock solid login mechanism is your foundation
107. Top 10
• Get every dev into it, until they dream about it
108. Top 10
• Get every dev into it, until they dream about it
• Covers most common & most dangerous web app
security issues
(XSS, CSRF, SQLi, etc.)
109. Top 10
• Get every dev into it, until they dream about it
• Covers most common & most dangerous web app
security issues
(XSS, CSRF, SQLi, etc.)
• Print out OWASP’s guide books too.
(They’re tomes, but good desk references)
122. C Credits
• “Anonymous Hacker” by Brian Klug (CC BY-NC 2.0) (Slide 1, 43)
• “Heartbleed” by Leena Snidate/Codenomicon (CC0 1.0) (Slide 9)
• “The Secret” by Cedward Brice (CC BY-NC 2.0) (Slide 24)
• “Pure Mathematics” by Ed Brambley (CC BY-SA 2.0) (Slide 31)
• “Widget, confused as ever” by Anna Pickard (CC BY-NC-SA 2.0) (Slide 36, 37)
• “The Big E Day 2 2011” by RustyClark (CC BY 2.0) (Slide 40)
• “EFF version of NSA logo” by EFF (CC BY 2.0) (Slide 43)
• “Bryant Park, Nov 2009 - 52” by Ed Yourdon (CC BY 2.0) (Slide 43)
• “Owasp logo” by OWASP (CC BY-SA 3.0) (Slide 47, 48)
• “Day 342 - Hacker” by Christophe Verdier (CC BY-NC 2.0) (Slide 54)
• “Question Box” by Raymond Bryson (CC BY 2.0) (Slide 55)