Codemotion ES 2014: Love Always Takes Care & HumilityChema Alonso
Talk delivered by Chema Alonso in Codemotion 2014 ES {Madrid}. It is about passwords, second factor authentication and Second Factor Authorization using Latch... with a Breaking Bad touch.
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Will Tran
UAA, as a core component of Cloud Foundry, is responsible for authenticating and authorizing requests between platform users (e.g. those that push apps) and platform components (e.g. the cloud controller). But when it came to doing auth for the apps you push and the end users of those apps, using the built-in UAA wasn't the best fit, and you could easily end up shooting yourself in the foot. Until now. This talk will guide you though UAA's new multi-tenancy features, and show you how to use the built-in UAA to create arbitrary authorization scenarios for your products without the danger of affecting the security of the core platform. With this level of freedom, you'll have complete and fine-grained control over who is allowed to access your product's components, and how those components are allowed to interact with one another.
RootedCON 2014: Playing and Hacking with Digital LatchesChema Alonso
Talk about Latch (https://latch.elevenpaths.com) delivered by Chema Alonso in RootedCON 2014. Charla sobre Latch (https://latch.elevenpaths.com) y los distintos escenarios de uso de la tecnología realizada durante la RootedCON 2014
Lemonldap::NG, open-source Web-SSO of the french administrationsxguimard
Lemonldap::NG is an open-source single sign-on system used by the French Gendarmerie to authenticate over 105,000 users across 4300 agencies. It consists of well-tested open source libraries assembled into a system that centrally manages authentication, user attributes, and access control. The Gendarmerie has been using Lemonldap::NG since 2005 to secure nearly 100 applications across its private network, with performance of authenticating over 40,000 simultaneous users and 3000 queries per minute.
This document discusses security approaches for microservices architectures. It begins by defining microservices as an application that calls API endpoints which then call other API endpoints. It then discusses four options for securing communication between microservices: 1) passing cleartext headers, 2) transmitting tokens, 3) using OAuth scopes, and 4) token exchange. Each option has advantages and disadvantages for security and complexity. The document also provides examples of microservices security architectures for three different companies. It concludes that the main challenge is implementing microservices security without mistakes by balancing requirements, capabilities, and choosing appropriate solutions.
"Bypassing two factor authentication", Shahmeer AmirHackIT Ukraine
This research provides an insight to bypassing two factor authentication mechanisms in multiple ways. The goal is to demonstrate theoretically as to how common two factor authentication protected systems can be bypassed using simple techniques. This has been done by examining many systems and a practical approach has been utilized in order to dig out realistic methodologies which can be used to bypass two factor authentication systems in web based systems. By proving that the author aims to provide a basis of research to future researchers for bypassing 2fa in other such techniques.
The document discusses an overview of PayPal's new Android SDK for making payments. It describes how to implement PayPal payments in an Android app using the SDK in just 10 minutes. Developers can allow users to pay with PayPal or accept credit cards directly in the app using card.io scanning technology. The steps covered include configuring the Android manifest, starting the PayPal service, creating payment objects, launching the payment process, and verifying payments on the server.
Codemotion ES 2014: Love Always Takes Care & HumilityChema Alonso
Talk delivered by Chema Alonso in Codemotion 2014 ES {Madrid}. It is about passwords, second factor authentication and Second Factor Authorization using Latch... with a Breaking Bad touch.
Enabling Cloud Native Security with OAuth2 and Multi-Tenant UAA Will Tran
UAA, as a core component of Cloud Foundry, is responsible for authenticating and authorizing requests between platform users (e.g. those that push apps) and platform components (e.g. the cloud controller). But when it came to doing auth for the apps you push and the end users of those apps, using the built-in UAA wasn't the best fit, and you could easily end up shooting yourself in the foot. Until now. This talk will guide you though UAA's new multi-tenancy features, and show you how to use the built-in UAA to create arbitrary authorization scenarios for your products without the danger of affecting the security of the core platform. With this level of freedom, you'll have complete and fine-grained control over who is allowed to access your product's components, and how those components are allowed to interact with one another.
RootedCON 2014: Playing and Hacking with Digital LatchesChema Alonso
Talk about Latch (https://latch.elevenpaths.com) delivered by Chema Alonso in RootedCON 2014. Charla sobre Latch (https://latch.elevenpaths.com) y los distintos escenarios de uso de la tecnología realizada durante la RootedCON 2014
Lemonldap::NG, open-source Web-SSO of the french administrationsxguimard
Lemonldap::NG is an open-source single sign-on system used by the French Gendarmerie to authenticate over 105,000 users across 4300 agencies. It consists of well-tested open source libraries assembled into a system that centrally manages authentication, user attributes, and access control. The Gendarmerie has been using Lemonldap::NG since 2005 to secure nearly 100 applications across its private network, with performance of authenticating over 40,000 simultaneous users and 3000 queries per minute.
This document discusses security approaches for microservices architectures. It begins by defining microservices as an application that calls API endpoints which then call other API endpoints. It then discusses four options for securing communication between microservices: 1) passing cleartext headers, 2) transmitting tokens, 3) using OAuth scopes, and 4) token exchange. Each option has advantages and disadvantages for security and complexity. The document also provides examples of microservices security architectures for three different companies. It concludes that the main challenge is implementing microservices security without mistakes by balancing requirements, capabilities, and choosing appropriate solutions.
"Bypassing two factor authentication", Shahmeer AmirHackIT Ukraine
This research provides an insight to bypassing two factor authentication mechanisms in multiple ways. The goal is to demonstrate theoretically as to how common two factor authentication protected systems can be bypassed using simple techniques. This has been done by examining many systems and a practical approach has been utilized in order to dig out realistic methodologies which can be used to bypass two factor authentication systems in web based systems. By proving that the author aims to provide a basis of research to future researchers for bypassing 2fa in other such techniques.
The document discusses an overview of PayPal's new Android SDK for making payments. It describes how to implement PayPal payments in an Android app using the SDK in just 10 minutes. Developers can allow users to pay with PayPal or accept credit cards directly in the app using card.io scanning technology. The steps covered include configuring the Android manifest, starting the PayPal service, creating payment objects, launching the payment process, and verifying payments on the server.
cPanel & WHM Server’s System User AccountsHTS Hosting
cPanel & WHM server has various system user accounts which perform different functions. Additional user accounts might be created by third-party plugins and software.
A Non Banking Financial Company (NBFC) is[1] a company registered under the Companies Act, 1956 of India, engaged in the business of loans and advances, acquisition of shares, stock, bonds, hire-purchase insurance business or chit-fund business but does not include any institution whose principal business includes agriculture, industrial activity or the sale, purchase or construction of immovable propert
Examining today's biggest API breaches to mitigate API security vulnerabilities
Data breaches have become the top news story. And APIs are quickly becoming the hacker's new favorite attack vector. They offer a direct path to critical information and business services that can be easily stolen or disrupted. And your private APIs can be exploited just as easily as a public API. So what measures can you take to strengthen your security position?
This webinar explores recent API data breaches, the top API security vulnerabilities that are most impactful to today's enterprise and the protective measures that need to be taken to mitigate API and business exposure.
You Will Learn
-Recent breaches in the news involving APIs
-Top attacks that compromise your business
-Mitigating steps to protect your business from attacks and unauthorized access
-API Management solutions that both enable and protect your business
Learn about API Security at http://www.ca.com/api
The document discusses stateless authentication using OAuth 2.0 and JSON Web Tokens (JWT). It begins with an introduction to OAuth 2.0, including its roles, common grant types like authorization code and implicit grants. It then discusses how JWT can be used to achieve statelessness by encoding claims in the token that are signed and can be verified without storing state on the authorization server. The document provides examples of what a JWT looks like and considerations for using JWT in applications.
Stateless authentication for microservices applications - JavaLand 2015Alvaro Sanchez-Mariscal
This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider.
In this session Alvaro will explore standards like OAuth or JWT to achieve a stateless, token-based authentication using frameworks like Angular JS on the front-end and Spring Security on the backend.
Presentation describes different authentication ways to protect web application. It shows difference between custom approach and authentication with OAuth1 and OAuth2.
Maximising the security of your cloud infrastructureOVHcloud
If you have a public IP, maximising security is vital if you’re to avoid any threats. In this workshop, Sebastien Meriot and Romain Beeckman provide hands-on demonstrations of how to avoid the attentions of the Abuse service, and also look at how we protect customers in the event of such complaints.
Slides used to spread awareness between mobile developers and back-end developers on how to follow best practices to secure back-end HTTP services and avoid common pitfall and leaky APIs, OAuth 2.0 used to as solution for securing the HTTP Services.
This talk was held during the Magento Developers Paradise 2012. It describes the possibilities of PayPal's Adaptive Payments and how to use them in combination with Magento.
Today, most mobile connectivity issues are quickly attributed to “bad Wi-Fi”. Very often it may not be a wireless or RF related issue at all. With Aruba Clarity, IT organisations now have visibility into non-RF metrics not only giving them end-to-end visibility into a wireless user experience, but also the ability to foresee connectivity issues before users are even impacted. Check out the webinar recording where this presentation was used. https://attendee.gotowebinar.com/register/224478872155652612
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
EMV chip cards employ hardware-based cryptography to secure payments and restore security lost with magnetic stripe cards. Implementing EMV requires coordination across many areas like card design, terminal capabilities, payment network rules, and consumer education. EMV defines transaction processing flows between the card and terminal that provide authentication of the card and issuer control over authorization.
The document provides troubleshooting steps for issues with clients connecting to Aruba wireless access points. It outlines commands to check client association status, authentication details, and signal quality. It also describes how to capture wireless traffic between clients and access points using air capture packet sniffing tools to help diagnose connectivity problems. Best practices are suggested such as limiting SSIDs and broadcast traffic, setting transmit power levels, and ensuring gigabit wired networking is used.
This document discusses APNIC's plan to transition to a single Trust Anchor (TA) model for its RPKI system. Currently, APNIC relies on five separate TAs from each RIR. This complex model poses validity risks when address resources are transferred between RIRs. APNIC will expand its TA to cover all address space and ASNs, issue an intermediate certificate signed by this TA, and re-sign existing online certificates with the intermediate. This eliminates the risk of mass invalidity from overclaiming during transfers and reduces operational complexity. The transition is expected to be completed by end of October with unused TAs withdrawn in 2018. Members do not need to take action except to update relying party software after announcement.
APNIC Network Engineer, Brenda Buwu, gives an overview of APNIC's RPKI service and transition to an 'all resources' trust anchor at the 2017 MyIX/MyNOG conference in Kuala Lumpur, Malaysia, on 26 October 2017.
CxM in the IoT: the case for service verticals integrationAlfeo Pareschi
A provocative view in the the domain of Internet of Things.
An attempt to address the fragmentation as a key element endangering the diffusion of an IoT ecosystem and disrupting the Customer Experience.
A stimulus for the discussion to link technology elements currently not in the mainstream ( not covered in the presentation but: shall ontologies be the key element for context definition ) ?
How to build Simple yet powerful API.pptxChanna Ly
How to build simple yet powerful API from novice to professional. API for beginners, API for gurus, Enterprise level API, REST API, JWT API, Deep dive.
This document lists websites that offer clone scripts for various online platforms and applications, such as Airbnb, Uber, Fiverr, and others. The clones allow users to build similar platforms and applications. Some websites also offer demo access and tutorials to help understand the clone scripts.
Strong Authentication Open Id & AxsionicsSylvain Maret
This document summarizes how to use Axsionics biometric authentication with OpenID identity provider Clavid. It describes connecting a Plaxo account to Clavid using OpenID, authenticating with a fingerprint scan on an Axsionics device to generate a one-time passcode, and submitting that passcode to the identity provider. The authentication provides strong security without software installation through biometric verification of identity on the hardware token.
The interest in SAP security is growing exponentially, and not only among whitehats. Unfortunately, SAP users still pay little attention to SAP security.
Obtained findings were presented at RSA APAC Conference 2013.
This research focuses on statistics of SAP Vulnerabilities, threats from the Internet, known incidents and future trends.
Calabrio and 2Ring have joined forces to significantly boost agent and supervisor experiences in Cisco contact centers by integrating selected features from Calabrio Quality Management (Call Recording) and Calabrio Workforce Management (WFM) into Cisco Finesse via the use of 2Ring Gadgets for Cisco Finesse.
Finesse is a web-based agent and supervisor desktop application used in Cisco Contact Centers that can be enhanced by embedding various third-party gadgets, such as those offered by 2Ring.
Carlos Garcia, ICC - Fe de vida con biometria y blockchainCOIICV
El documento describe una solución propuesta para transformar el proceso actual de verificación anual de beneficiarios de pensiones de 24 organizaciones de la ONU, reemplazando el envío por correo de documentos firmados con una aplicación móvil que utiliza biometría facial y almacenamiento de transacciones en blockchain. Actualmente el proceso es lento y propenso a errores, pero la nueva solución proporcionaría verificación más segura y flexible al capturar la biometría facial del beneficiario y almacenar de forma segura la emisión del certificado en
cPanel & WHM Server’s System User AccountsHTS Hosting
cPanel & WHM server has various system user accounts which perform different functions. Additional user accounts might be created by third-party plugins and software.
A Non Banking Financial Company (NBFC) is[1] a company registered under the Companies Act, 1956 of India, engaged in the business of loans and advances, acquisition of shares, stock, bonds, hire-purchase insurance business or chit-fund business but does not include any institution whose principal business includes agriculture, industrial activity or the sale, purchase or construction of immovable propert
Examining today's biggest API breaches to mitigate API security vulnerabilities
Data breaches have become the top news story. And APIs are quickly becoming the hacker's new favorite attack vector. They offer a direct path to critical information and business services that can be easily stolen or disrupted. And your private APIs can be exploited just as easily as a public API. So what measures can you take to strengthen your security position?
This webinar explores recent API data breaches, the top API security vulnerabilities that are most impactful to today's enterprise and the protective measures that need to be taken to mitigate API and business exposure.
You Will Learn
-Recent breaches in the news involving APIs
-Top attacks that compromise your business
-Mitigating steps to protect your business from attacks and unauthorized access
-API Management solutions that both enable and protect your business
Learn about API Security at http://www.ca.com/api
The document discusses stateless authentication using OAuth 2.0 and JSON Web Tokens (JWT). It begins with an introduction to OAuth 2.0, including its roles, common grant types like authorization code and implicit grants. It then discusses how JWT can be used to achieve statelessness by encoding claims in the token that are signed and can be verified without storing state on the authorization server. The document provides examples of what a JWT looks like and considerations for using JWT in applications.
Stateless authentication for microservices applications - JavaLand 2015Alvaro Sanchez-Mariscal
This talk is about how to secure your front-end + backend applications using a RESTful approach. As opposed to traditional and monolithic server-side applications (where the HTTP session is used), when your front-end application is running on a browser and not securely from the server, there are few things you need to consider.
In this session Alvaro will explore standards like OAuth or JWT to achieve a stateless, token-based authentication using frameworks like Angular JS on the front-end and Spring Security on the backend.
Presentation describes different authentication ways to protect web application. It shows difference between custom approach and authentication with OAuth1 and OAuth2.
Maximising the security of your cloud infrastructureOVHcloud
If you have a public IP, maximising security is vital if you’re to avoid any threats. In this workshop, Sebastien Meriot and Romain Beeckman provide hands-on demonstrations of how to avoid the attentions of the Abuse service, and also look at how we protect customers in the event of such complaints.
Slides used to spread awareness between mobile developers and back-end developers on how to follow best practices to secure back-end HTTP services and avoid common pitfall and leaky APIs, OAuth 2.0 used to as solution for securing the HTTP Services.
This talk was held during the Magento Developers Paradise 2012. It describes the possibilities of PayPal's Adaptive Payments and how to use them in combination with Magento.
Today, most mobile connectivity issues are quickly attributed to “bad Wi-Fi”. Very often it may not be a wireless or RF related issue at all. With Aruba Clarity, IT organisations now have visibility into non-RF metrics not only giving them end-to-end visibility into a wireless user experience, but also the ability to foresee connectivity issues before users are even impacted. Check out the webinar recording where this presentation was used. https://attendee.gotowebinar.com/register/224478872155652612
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
EMV chip cards employ hardware-based cryptography to secure payments and restore security lost with magnetic stripe cards. Implementing EMV requires coordination across many areas like card design, terminal capabilities, payment network rules, and consumer education. EMV defines transaction processing flows between the card and terminal that provide authentication of the card and issuer control over authorization.
The document provides troubleshooting steps for issues with clients connecting to Aruba wireless access points. It outlines commands to check client association status, authentication details, and signal quality. It also describes how to capture wireless traffic between clients and access points using air capture packet sniffing tools to help diagnose connectivity problems. Best practices are suggested such as limiting SSIDs and broadcast traffic, setting transmit power levels, and ensuring gigabit wired networking is used.
This document discusses APNIC's plan to transition to a single Trust Anchor (TA) model for its RPKI system. Currently, APNIC relies on five separate TAs from each RIR. This complex model poses validity risks when address resources are transferred between RIRs. APNIC will expand its TA to cover all address space and ASNs, issue an intermediate certificate signed by this TA, and re-sign existing online certificates with the intermediate. This eliminates the risk of mass invalidity from overclaiming during transfers and reduces operational complexity. The transition is expected to be completed by end of October with unused TAs withdrawn in 2018. Members do not need to take action except to update relying party software after announcement.
APNIC Network Engineer, Brenda Buwu, gives an overview of APNIC's RPKI service and transition to an 'all resources' trust anchor at the 2017 MyIX/MyNOG conference in Kuala Lumpur, Malaysia, on 26 October 2017.
CxM in the IoT: the case for service verticals integrationAlfeo Pareschi
A provocative view in the the domain of Internet of Things.
An attempt to address the fragmentation as a key element endangering the diffusion of an IoT ecosystem and disrupting the Customer Experience.
A stimulus for the discussion to link technology elements currently not in the mainstream ( not covered in the presentation but: shall ontologies be the key element for context definition ) ?
How to build Simple yet powerful API.pptxChanna Ly
How to build simple yet powerful API from novice to professional. API for beginners, API for gurus, Enterprise level API, REST API, JWT API, Deep dive.
This document lists websites that offer clone scripts for various online platforms and applications, such as Airbnb, Uber, Fiverr, and others. The clones allow users to build similar platforms and applications. Some websites also offer demo access and tutorials to help understand the clone scripts.
Strong Authentication Open Id & AxsionicsSylvain Maret
This document summarizes how to use Axsionics biometric authentication with OpenID identity provider Clavid. It describes connecting a Plaxo account to Clavid using OpenID, authenticating with a fingerprint scan on an Axsionics device to generate a one-time passcode, and submitting that passcode to the identity provider. The authentication provides strong security without software installation through biometric verification of identity on the hardware token.
The interest in SAP security is growing exponentially, and not only among whitehats. Unfortunately, SAP users still pay little attention to SAP security.
Obtained findings were presented at RSA APAC Conference 2013.
This research focuses on statistics of SAP Vulnerabilities, threats from the Internet, known incidents and future trends.
Calabrio and 2Ring have joined forces to significantly boost agent and supervisor experiences in Cisco contact centers by integrating selected features from Calabrio Quality Management (Call Recording) and Calabrio Workforce Management (WFM) into Cisco Finesse via the use of 2Ring Gadgets for Cisco Finesse.
Finesse is a web-based agent and supervisor desktop application used in Cisco Contact Centers that can be enhanced by embedding various third-party gadgets, such as those offered by 2Ring.
Similar to C. Alonso_Seguridad Informática: Digital Latches for your Digital Life_Semanainformatica.com 2014 (20)
Carlos Garcia, ICC - Fe de vida con biometria y blockchainCOIICV
El documento describe una solución propuesta para transformar el proceso actual de verificación anual de beneficiarios de pensiones de 24 organizaciones de la ONU, reemplazando el envío por correo de documentos firmados con una aplicación móvil que utiliza biometría facial y almacenamiento de transacciones en blockchain. Actualmente el proceso es lento y propenso a errores, pero la nueva solución proporcionaría verificación más segura y flexible al capturar la biometría facial del beneficiario y almacenar de forma segura la emisión del certificado en
Rafa Vidal, Nunsys - Seguridad as a service: Como proteger el activo más crít...COIICV
Ponencia: Seguridad as a service: Como proteger el activo más crítico, la información - XV Congreso de Ingeniería Informática de la Comunitat Valenciana – #SI2020
Silvia Rueda, ETSE-UV - Falta de diversidad en estudios TIC ¿Elección libre o...COIICV
El documento describe la falta de diversidad de género en los estudios de tecnología de la información y la comunicación (TIC). Señala que solo el 7% de los estudiantes cursan una carrera tecnológica, de los cuales solo el 28% son mujeres. Analiza los factores que influyen en la participación de niñas y mujeres en las carreras STEM, como los estereotipos de género. También explora las consecuencias de este sesgo de género y propone líneas de acción como la difusión
Sebastian Borreani, Jeff Customer Product - Creando el primer ecosistema omni...COIICV
Jeff aims to create the first omnichannel ecosystem of services to help customers live good, look good, and feel good. This ecosystem will deliver a unique, customized experience for each customer across all channels in a consistent brand with seamless integration. The ecosystem is supported by controlled suppliers to provide services and experiences that improve quality of life, such as physical, mental, and social well-being. An example journey shows how a customer named Olivia interacts with various Jeff services in an integrated, customized way through different channels over days.
Ruben Ruiz, UPV - Mesa: El valor del CIO PúblicoCOIICV
El documento describe el proyecto de virtualización de escritorios e implementación de una plataforma de administración as a service en la Universitat Politècnica de València. Anteriormente, la UPV tenía miles de equipos informáticos descentralizados que requerían altos costos de mantenimiento. El nuevo sistema virtualiza los escritorios y aplicaciones en servidores centralizados, logrando ahorros del 80% en hardware y reduciendo drásticamente los costos de mantenimiento, a la vez que mejora la seguridad, flexibilidad y disponibil
Amparo Cabo - Mesa: El valor del CIO PúblicoCOIICV
El documento describe el valor que aporta un Director de Tecnologías de la Información (CIO) en las administraciones locales. Un CIO es responsable de la gestión completa de los sistemas de información para garantizar que funcionen correctamente y se alineen con las estrategias de la organización para lograr sus objetivos. Sin embargo, muchas administraciones locales carecen de planes estratégicos a largo plazo más allá del presupuesto anual y tienen dificultades para incorporar perfiles de CIO.
Manuel Lora - Internet of Things (IoT): el arte de conectar cualquier cosa a ...COIICV
Ponencia: Internet of Things (IoT): el arte de conectar cualquier cosa a Internet - XIV Congreso de Ingeniería Informática de la Comunitat Valenciana – SI2019
Silvia Rueda - Impulsando la presencia de mujeres en titulaciones TICCOIICV
Presentación de Silvia Rueda en la mesa: Cómo superar la brecha de género en el sector tecnológico - XIV Congreso de Ingeniería Informática de la Comunitat Valenciana – SI2019
Rubén Antón - Como ser ágil sin enterrarse en deuda técnicaCOIICV
Este documento describe cómo las organizaciones pueden adoptar un enfoque ágil para el desarrollo de software sin acumular deuda técnica. Recomienda tres prácticas clave: 1) implementar pruebas automatizadas, 2) utilizar un diseño incremental y 3) lograr la integración y entrega continua. Estas prácticas eliminan cuellos de botella, mantienen una velocidad de desarrollo estable y recuperan la confianza perdida al automatizar las pruebas y entregar código de forma continua.
Juan Carlos Egido - Estructuras de gestión de las TI en un contexto de Gobier...COIICV
Ponencia: Estructuras de gestión de las TI en un contexto de Gobierno Digital - Jornada "Herramientas útiles para el desarrollo TI de empresas y organizaciones" – SI2019
Cayetano Sánchez - Las nuevas tecnologías en el ámbito profesional de la abog...COIICV
El documento describe 10 tecnologías disruptivas que cambiarán la abogacía, incluyendo la inteligencia artificial, robótica, criptomonedas, impresión 3D, vehículos autónomos, drones, realidad virtual, biotecnología, internet de las cosas, y ciberdelitos. Estas tecnologías generarán nuevos retos y desafíos jurídicos que requerirán regulaciones, y abogados especializados para garantizar la transparencia, seguridad y legalidad en estas áreas emergentes. Los primeros en adaptarse a
Joaquín Garrido - Tecnologías emergentes aplicadas al entorno empresarial ali...COIICV
Ponencia de Joaquín Garrido en la mesa: Tecnologías emergentes aplicadas al entorno empresarial alicantino - Jornada "Herramientas útiles para el desarrollo TI de empresas y organizaciones" – SI2019
Ponencia de Borja Izquierdo en la mesa: Líneas de financiación para proyectos empresariales innovadores - Jornada "Herramientas útiles para el desarrollo TI de empresas y organizaciones" – SI2019
Javier Mínguez - Medidas del IVACE para impulsar la I+D, la innovación y la d...COIICV
Ponencia de Javier Mínguez en la mesa: Líneas de financiación para proyectos empresariales innovadores - Jornada "Herramientas útiles para el desarrollo TI de empresas y organizaciones" – SI2019
The Department of Veteran Affairs (VA) invited Taylor Paschal, Knowledge & Information Management Consultant at Enterprise Knowledge, to speak at a Knowledge Management Lunch and Learn hosted on June 12, 2024. All Office of Administration staff were invited to attend and received professional development credit for participating in the voluntary event.
The objectives of the Lunch and Learn presentation were to:
- Review what KM ‘is’ and ‘isn’t’
- Understand the value of KM and the benefits of engaging
- Define and reflect on your “what’s in it for me?”
- Share actionable ways you can participate in Knowledge - - Capture & Transfer
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
Lee Barnes - Path to Becoming an Effective Test Automation Engineer.pdfleebarnesutopia
So… you want to become a Test Automation Engineer (or hire and develop one)? While there’s quite a bit of information available about important technical and tool skills to master, there’s not enough discussion around the path to becoming an effective Test Automation Engineer that knows how to add VALUE. In my experience this had led to a proliferation of engineers who are proficient with tools and building frameworks but have skill and knowledge gaps, especially in software testing, that reduce the value they deliver with test automation.
In this talk, Lee will share his lessons learned from over 30 years of working with, and mentoring, hundreds of Test Automation Engineers. Whether you’re looking to get started in test automation or just want to improve your trade, this talk will give you a solid foundation and roadmap for ensuring your test automation efforts continuously add value. This talk is equally valuable for both aspiring Test Automation Engineers and those managing them! All attendees will take away a set of key foundational knowledge and a high-level learning path for leveling up test automation skills and ensuring they add value to their organizations.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Dandelion Hashtable: beyond billion requests per second on a commodity serverAntonios Katsarakis
This slide deck presents DLHT, a concurrent in-memory hashtable. Despite efforts to optimize hashtables, that go as far as sacrificing core functionality, state-of-the-art designs still incur multiple memory accesses per request and block request processing in three cases. First, most hashtables block while waiting for data to be retrieved from memory. Second, open-addressing designs, which represent the current state-of-the-art, either cannot free index slots on deletes or must block all requests to do so. Third, index resizes block every request until all objects are copied to the new index. Defying folklore wisdom, DLHT forgoes open-addressing and adopts a fully-featured and memory-aware closed-addressing design based on bounded cache-line-chaining. This design offers lock-free index operations and deletes that free slots instantly, (2) completes most requests with a single memory access, (3) utilizes software prefetching to hide memory latencies, and (4) employs a novel non-blocking and parallel resizing. In a commodity server and a memory-resident workload, DLHT surpasses 1.6B requests per second and provides 3.5x (12x) the throughput of the state-of-the-art closed-addressing (open-addressing) resizable hashtable on Gets (Deletes).
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
The Microsoft 365 Migration Tutorial For Beginner.pptxoperationspcvita
This presentation will help you understand the power of Microsoft 365. However, we have mentioned every productivity app included in Office 365. Additionally, we have suggested the migration situation related to Office 365 and how we can help you.
You can also read: https://www.systoolsgroup.com/updates/office-365-tenant-to-tenant-migration-step-by-step-complete-guide/
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...AlexanderRichford
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation Functions to Prevent Interaction with Malicious QR Codes.
Aim of the Study: The goal of this research was to develop a robust hybrid approach for identifying malicious and insecure URLs derived from QR codes, ensuring safe interactions.
This is achieved through:
Machine Learning Model: Predicts the likelihood of a URL being malicious.
Security Validation Functions: Ensures the derived URL has a valid certificate and proper URL format.
This innovative blend of technology aims to enhance cybersecurity measures and protect users from potential threats hidden within QR codes 🖥 🔒
This study was my first introduction to using ML which has shown me the immense potential of ML in creating more secure digital environments!
"Choosing proper type of scaling", Olena SyrotaFwdays
Imagine an IoT processing system that is already quite mature and production-ready and for which client coverage is growing and scaling and performance aspects are life and death questions. The system has Redis, MongoDB, and stream processing based on ksqldb. In this talk, firstly, we will analyze scaling approaches and then select the proper ones for our system.
In the realm of cybersecurity, offensive security practices act as a critical shield. By simulating real-world attacks in a controlled environment, these techniques expose vulnerabilities before malicious actors can exploit them. This proactive approach allows manufacturers to identify and fix weaknesses, significantly enhancing system security.
This presentation delves into the development of a system designed to mimic Galileo's Open Service signal using software-defined radio (SDR) technology. We'll begin with a foundational overview of both Global Navigation Satellite Systems (GNSS) and the intricacies of digital signal processing.
The presentation culminates in a live demonstration. We'll showcase the manipulation of Galileo's Open Service pilot signal, simulating an attack on various software and hardware systems. This practical demonstration serves to highlight the potential consequences of unaddressed vulnerabilities, emphasizing the importance of offensive security practices in safeguarding critical infrastructure.
Conversational agents, or chatbots, are increasingly used to access all sorts of services using natural language. While open-domain chatbots - like ChatGPT - can converse on any topic, task-oriented chatbots - the focus of this paper - are designed for specific tasks, like booking a flight, obtaining customer support, or setting an appointment. Like any other software, task-oriented chatbots need to be properly tested, usually by defining and executing test scenarios (i.e., sequences of user-chatbot interactions). However, there is currently a lack of methods to quantify the completeness and strength of such test scenarios, which can lead to low-quality tests, and hence to buggy chatbots.
To fill this gap, we propose adapting mutation testing (MuT) for task-oriented chatbots. To this end, we introduce a set of mutation operators that emulate faults in chatbot designs, an architecture that enables MuT on chatbots built using heterogeneous technologies, and a practical realisation as an Eclipse plugin. Moreover, we evaluate the applicability, effectiveness and efficiency of our approach on open-source chatbots, with promising results.
Introducing BoxLang : A new JVM language for productivity and modularity!Ortus Solutions, Corp
Just like life, our code must adapt to the ever changing world we live in. From one day coding for the web, to the next for our tablets or APIs or for running serverless applications. Multi-runtime development is the future of coding, the future is to be dynamic. Let us introduce you to BoxLang.
Dynamic. Modular. Productive.
BoxLang redefines development with its dynamic nature, empowering developers to craft expressive and functional code effortlessly. Its modular architecture prioritizes flexibility, allowing for seamless integration into existing ecosystems.
Interoperability at its Core
With 100% interoperability with Java, BoxLang seamlessly bridges the gap between traditional and modern development paradigms, unlocking new possibilities for innovation and collaboration.
Multi-Runtime
From the tiny 2m operating system binary to running on our pure Java web server, CommandBox, Jakarta EE, AWS Lambda, Microsoft Functions, Web Assembly, Android and more. BoxLang has been designed to enhance and adapt according to it's runnable runtime.
The Fusion of Modernity and Tradition
Experience the fusion of modern features inspired by CFML, Node, Ruby, Kotlin, Java, and Clojure, combined with the familiarity of Java bytecode compilation, making BoxLang a language of choice for forward-thinking developers.
Empowering Transition with Transpiler Support
Transitioning from CFML to BoxLang is seamless with our JIT transpiler, facilitating smooth migration and preserving existing code investments.
Unlocking Creativity with IDE Tools
Unleash your creativity with powerful IDE tools tailored for BoxLang, providing an intuitive development experience and streamlining your workflow. Join us as we embark on a journey to redefine JVM development. Welcome to the era of BoxLang.
From Natural Language to Structured Solr Queries using LLMsSease
This talk draws on experimentation to enable AI applications with Solr. One important use case is to use AI for better accessibility and discoverability of the data: while User eXperience techniques, lexical search improvements, and data harmonization can take organizations to a good level of accessibility, a structural (or “cognitive” gap) remains between the data user needs and the data producer constraints.
That is where AI – and most importantly, Natural Language Processing and Large Language Model techniques – could make a difference. This natural language, conversational engine could facilitate access and usage of the data leveraging the semantics of any data source.
The objective of the presentation is to propose a technical approach and a way forward to achieve this goal.
The key concept is to enable users to express their search queries in natural language, which the LLM then enriches, interprets, and translates into structured queries based on the Solr index’s metadata.
This approach leverages the LLM’s ability to understand the nuances of natural language and the structure of documents within Apache Solr.
The LLM acts as an intermediary agent, offering a transparent experience to users automatically and potentially uncovering relevant documents that conventional search methods might overlook. The presentation will include the results of this experimental work, lessons learned, best practices, and the scope of future work that should improve the approach and make it production-ready.
6. Valencia 2014 – Chema Alonso
Superficie de exposición
• Los servicios están
activos 24 x 7 x 365
• Solo usamos nuestras
identidades un breve
espacio de tiempo
• Las cuentas deberían
poder apagarse
8. Valencia 2014 – Chema Alonso
2FA “classics”
• Usuario necesita introducir un código
• Despliege de SMS
• Matriz de coordenadas es estática
• Hardware tokens son caros
• Usuario necesita introducir un código
• Usuario no le gusta introducir un código
9. Valencia 2014 – Chema Alonso
A la gente le gusta dormir la
siesta (con el mando de la tele)
12. Valencia 2014 – Chema Alonso
At the airport
Anna has just started a new job and she is on a business trip. As usual,
she checks the weather, prepares her suitcase and defines her online
security levels using Latch.
13. Valencia 2014 – Chema Alonso
Taking a cab
To make her trip easier she decides to pay everything using a service, on her way to
the office at the destination point she switches service on, so she can pay the taxi
fare. Once done she switches her account off, minimizing the exposure to improper
usage.
14. Valencia 2014 – Chema Alonso
An alert of the service used!
Fortunately her account was blocked by Latch, as Anna easily
requested using the app. Alas, in the stopover someone tried to hack
her service account. The attack was under control and no misuse was
ever fulfilled.
16. Valencia 2014 – Chema Alonso
“Latch” de una cuenta
Latch
Server
1.-‐
Generate
pairing
code
2.-‐
Temporary
Pariring
token
My
Site
User
Se>ngs:
Login:
XXXX
Pass:
YYYY
Latch:
4.-‐AppID+Temp
pairing
Token
5.-‐
OK+Unique
Latch
6.-‐ID
Latch
appears
in
app
ULatch
17. Valencia 2014 – Chema Alonso
Login en una Web
Latch
Server
Latch
app
Latch1:
OFF
Latch2:ON
Latch3:OTP
Latch4:OFF
….
My
Bank
Users
DB:
Login:
XXXX
Pass:
YYYY
Latch:
Latch1
Login
Page:
Login:AAAA
Pass:BBBB
1.-‐
Client
sends
Login/password
2.-‐
Web
checks
CredenXals
with
Its
users
DB
3.-‐
asks
about
Latch1
status
4.-‐
Latch
1
is
OFF
5.-‐
Login
Error
6.-‐
Someone
try
to
get
Access
to
Latch
1
id.
2.-‐
Check
user/pass
20. Valencia 2014 – Chema Alonso
Hacer login con OTP
Latch
Server
Latch
app
Latch1:
OFF
Latch2:ON
Latch3:OTP
Latch4:OFF
….
My
Bank
Users
DB:
Login:
XXXX
Pass:
YYYY
Latch:
Latch1
Login
Page:
Login:AAAA
Pass:BBBB
1.-‐
Client
sends
Login/password
2.-‐
Web
checks
CredenXals
with
Its
users
DB
3.-‐
asks
about
Latch1
status
5.-‐
Latch
1
is
ON(OTP)
6.-‐
OTP?
7.-‐
Use
this
(OTP).
4.-‐
Latch
Server
Generates
OTP
8.-‐
User
introduces
OTP
2.-‐
Check
user/pass
25. Valencia 2014 – Chema Alonso
Operaciones latcheadas
Latch
Server
Latch
app
Latch1:
ON
Op1:OFF
Op2:ON
OP3:OTP
Latch
2:
OFF
….
My
Bank
Login:
XXXX
Pass:
YYYY
Latch:
Latch1
Int_Trnas:
Op1
Online
Banking
Send
Money:
1231124343
1.-‐
Client
orders
InternaXonal
TransacXons
3.-‐
asks
Latch1:Op1
status
4.-‐
Latch
1:Op1
is
OFF
5.-‐
Denied
6.-‐
Someone
try
to
do
a
Latch
1:Op1
OperaXon
26. Valencia 2014 – Chema Alonso
User
Pass
Login: User
Pass: Pass
Latch: Latch
Op1:Unlock
Op2: OTP
Supervision
Why?
Answer
OTP
27. Valencia 2014 – Chema Alonso
Latch
Users
Developers
Corporates
Control
all
digital
idenXXes
in
one
single
point.
ON/OFF.
Integrate
Plugins
and
develop
soluXons
with
SDKs
to
adapt
Latch
technology
to
their
needs
SDKs:
PHP,
Java,
.NET,
C,
Ruby,
Python
&
WebService
API
Plugins:
WordPress,
PrestaShop,
RedMine,
Cpanel,
Moodle,
OpenVPN,
SSH,
Drupal,
DotNetNuke,
Joomla!,
…
-‐ Deploy
2FAuth
-‐ Opt-‐in/mandatory
-‐ Detect
idenXty
theg
-‐ Granularity
-‐ Reduce
Fraud
-‐ Parental
Control
-‐ 4
Eyes
verificaXon
Tools
-‐ Control
Dashboard
-‐ Usage
StaXsXcs
-‐ Internal
appliance
(beta)
!
28. Valencia 2014 – Chema Alonso
Monitoring Switch
• With one latch
– As many granularity as needed
– Two status
– OTP
– User confs
• Schedulle
• AutoLock
• Possible to re-act at status
If Lock then {}
Else {}
Goto fail;
Goto fail:
30. Valencia 2014 – Chema Alonso
Windows pGina
hip://unstableequilibrium.com/2014/02/07/using-‐pgina-‐and-‐latch-‐to-‐protect-‐your-‐windows-‐login/
36. Valencia 2014 – Chema Alonso
Sobre Latch
• Privacidad:
– AppIDs conoce los UniqueLatches pero no los
UserLatches.
– Latch Server conoce Latchets y AppID, pero
no los usuarios/passwords
• Robustez:
– Si el servidor de Latch es comprometido la
seguridad del sitio protegido sigue intacta.
– No se guarda ningún dato sensible en Latch
Server.