Two wheelsets that I switch between on my do-all bike depending on the terrain that i'm going to be riding in. both wheelsets came from http://sugarwheelworks.com/ in Portland Oregon.
Two wheelsets that I switch between on my do-all bike depending on the terrain that i'm going to be riding in. both wheelsets came from http://sugarwheelworks.com/ in Portland Oregon.
An overview of your responsibilities and liabilities will be presented through discussion of the WSU Pesticide Policy. Training is mandatory for those personnel who work with pesticides, with the exception of Master Gardener volunteers.
All over the world, institutions of all sizes and shapes are increasingly realizing the power, potential and promise of cloud computing in transforming themselves into agile and effective service providers. Indian government is no exception. The Government of India and the department of Technology have realized the importance of cloud computing and why the Government needs to take cloud computing seriously, and furthermore, how it can be the foundation for the success of Digital India endeavour. It has taken up a comprehensive initiative called Meghraj- GI Cloud to integrate cloud into its governance, operations and citizen service delivery. This seminar will cover
● Vision and scope of Megharaj- GI Cloud
● Key drivers and potential benefits
● Initiatives and resulting progress
Big Data Day LA 2016/ Use Case Driven track - From Clusters to Clouds, Hardwa...Data Con LA
Today’s Software Defined environments attempt to remove the weakness of computing hardware from the operational equation. There is no doubt that this is a natural progress away from overpriced, proprietary compute and storage layers. However, even at the heart of any Software Defined universe is an underlying hardware stack that must be robust, reliable and cost effective. Our 20+ years experience delivering over 2000 clusters and clouds has taught us how to properly design and engineer the right hardware solution for Big Data, Cluster and Cloud environments. This presentation will share this knowledge allowing user to make better design decisions for any deployment.
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavAbhay Bhargav
s its biggest bottleneck and security is becoming the most pervasive bottleneck in most DevOps practices. Teams are unable to come up with security practices that integrate into the DevOps lifecycle and ensure continuous and smooth delivery of applications to customers. In fact, security failures in DevOps amplify security flaws in production as they are delivered at scale. If DevOps should not be at odds with security, then we must find ways to achieve the following on priority:
- Integrate effective threat modeling into Agile development practices
- Introduce Security Automation into Continuous Integration
- Integrate Security Automation into Continuous Deployment
While there are other elements like SAST and Monitoring that are important to SecDevOps, my talk will essentially focus on these three elements with a higher level of focus on Security Automation. In my talk, I will explore the following, with reference to the topic:
- The talk will be replete with anecdotes from personal consulting and penetration testing experiences.
- I will briefly discuss Threat Modeling and its impact on DevOps. I will use examples to demonstrate practical ways that one can use threat modeling effectively to break down obstacles and create security automation that reduces the security bottleneck in the later stages of the DevOps cycle.
- I firmly believe that Automated Web Vulnerability Assessment (using scanners) no matter how tuned, can only produce 30-40% of the actual results as opposed to a manual application penetration test. I find that scanning tools fail to identify most vulnerabilities with modern Web Services (REST. I will discuss examples and demonstrate how one can leverage automated vulnerability scanners (like ZAP, through its Python API) and simulate manual testing using a custom security automation suite. In Application Penetration Testing, its impossible to have a one size-fits all, but there’s no reason why we can’t deliver custom security automation to simulate most of the manual penetration testing to combine them into a custom security automation suite that integrates with CI tools like Jenkins and Travis. I intend to demonstrate the use a custom security test suite (written in Python that integrates with Jenkins), against an intentionally vulnerable e-commerce app.
- My talk will also detail automation to identify vulnerabilities in software libraries and components, integrated with CI tools.
- Finally, I will (with the use of examples and demos) explain how one can use “Infrastructure as Code” practice to perform pre and post deployment security checks, using tools like Chef, Puppet and Ansible.
An overview of your responsibilities and liabilities will be presented through discussion of the WSU Pesticide Policy. Training is mandatory for those personnel who work with pesticides, with the exception of Master Gardener volunteers.
All over the world, institutions of all sizes and shapes are increasingly realizing the power, potential and promise of cloud computing in transforming themselves into agile and effective service providers. Indian government is no exception. The Government of India and the department of Technology have realized the importance of cloud computing and why the Government needs to take cloud computing seriously, and furthermore, how it can be the foundation for the success of Digital India endeavour. It has taken up a comprehensive initiative called Meghraj- GI Cloud to integrate cloud into its governance, operations and citizen service delivery. This seminar will cover
● Vision and scope of Megharaj- GI Cloud
● Key drivers and potential benefits
● Initiatives and resulting progress
Big Data Day LA 2016/ Use Case Driven track - From Clusters to Clouds, Hardwa...Data Con LA
Today’s Software Defined environments attempt to remove the weakness of computing hardware from the operational equation. There is no doubt that this is a natural progress away from overpriced, proprietary compute and storage layers. However, even at the heart of any Software Defined universe is an underlying hardware stack that must be robust, reliable and cost effective. Our 20+ years experience delivering over 2000 clusters and clouds has taught us how to properly design and engineer the right hardware solution for Big Data, Cluster and Cloud environments. This presentation will share this knowledge allowing user to make better design decisions for any deployment.
OWASP AppSec EU - SecDevOps, a view from the trenches - Abhay BhargavAbhay Bhargav
s its biggest bottleneck and security is becoming the most pervasive bottleneck in most DevOps practices. Teams are unable to come up with security practices that integrate into the DevOps lifecycle and ensure continuous and smooth delivery of applications to customers. In fact, security failures in DevOps amplify security flaws in production as they are delivered at scale. If DevOps should not be at odds with security, then we must find ways to achieve the following on priority:
- Integrate effective threat modeling into Agile development practices
- Introduce Security Automation into Continuous Integration
- Integrate Security Automation into Continuous Deployment
While there are other elements like SAST and Monitoring that are important to SecDevOps, my talk will essentially focus on these three elements with a higher level of focus on Security Automation. In my talk, I will explore the following, with reference to the topic:
- The talk will be replete with anecdotes from personal consulting and penetration testing experiences.
- I will briefly discuss Threat Modeling and its impact on DevOps. I will use examples to demonstrate practical ways that one can use threat modeling effectively to break down obstacles and create security automation that reduces the security bottleneck in the later stages of the DevOps cycle.
- I firmly believe that Automated Web Vulnerability Assessment (using scanners) no matter how tuned, can only produce 30-40% of the actual results as opposed to a manual application penetration test. I find that scanning tools fail to identify most vulnerabilities with modern Web Services (REST. I will discuss examples and demonstrate how one can leverage automated vulnerability scanners (like ZAP, through its Python API) and simulate manual testing using a custom security automation suite. In Application Penetration Testing, its impossible to have a one size-fits all, but there’s no reason why we can’t deliver custom security automation to simulate most of the manual penetration testing to combine them into a custom security automation suite that integrates with CI tools like Jenkins and Travis. I intend to demonstrate the use a custom security test suite (written in Python that integrates with Jenkins), against an intentionally vulnerable e-commerce app.
- My talk will also detail automation to identify vulnerabilities in software libraries and components, integrated with CI tools.
- Finally, I will (with the use of examples and demos) explain how one can use “Infrastructure as Code” practice to perform pre and post deployment security checks, using tools like Chef, Puppet and Ansible.