So long as the biometrics is backed up by a fallback password, irrespective of which are more accurate than the others, its security is lower than that of a password-only authentication. Then, we have to wonder why and how the biometrics has been touted as a security-enhancing tool for so long, with so many security professionals being silent about the fact.
It appears that we may have got some clues to this conundrum.
Deployment of Biometrics & Password - NIST63BHitoshi Kokumai
When 'a physical authenticator PLUS password' is less complicated, less costly and more secure than 'a physical authenticator PLUS <password OR biometrics>', I wonder where there is a merit of involving the problem-ridden biometrics.
Business Dimension of Expanded Password SystemHitoshi Kokumai
We are in the middle of the decades-long game of having the finalist candidates chosen for the legitimate successors not just to the decades-old character passwords but to the centuries or millennia-old seals and signatures, which will make the basic foundation for the real/cyber-fused society that may well last for more than generations or even centuries for the whole global population.
With billions of people suffering the same big headache, the problem to be addressed by our solution is huge, Substantial revenues will be expected for the business of providing the most practicable solution.
Please join us and support us for this nice exciting enterprise.
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Scott Wright
This keynote was presented by Scott Wright on June 19, 2009 to the Ottawa Centre for Research and Innovation. It provides a quick view of some of the major risks from using Social Networking Tools, and some tips for how to reduce those risks through security awareness.
Deployment of Biometrics & Password - NIST63BHitoshi Kokumai
When 'a physical authenticator PLUS password' is less complicated, less costly and more secure than 'a physical authenticator PLUS <password OR biometrics>', I wonder where there is a merit of involving the problem-ridden biometrics.
Business Dimension of Expanded Password SystemHitoshi Kokumai
We are in the middle of the decades-long game of having the finalist candidates chosen for the legitimate successors not just to the decades-old character passwords but to the centuries or millennia-old seals and signatures, which will make the basic foundation for the real/cyber-fused society that may well last for more than generations or even centuries for the whole global population.
With billions of people suffering the same big headache, the problem to be addressed by our solution is huge, Substantial revenues will be expected for the business of providing the most practicable solution.
Please join us and support us for this nice exciting enterprise.
Social Networking Security For OCRI - Scott Wright - Condensed July 9, 2009Scott Wright
This keynote was presented by Scott Wright on June 19, 2009 to the Ottawa Centre for Research and Innovation. It provides a quick view of some of the major risks from using Social Networking Tools, and some tips for how to reduce those risks through security awareness.
Why is cybersecurity important for the entertainment industry Lisa Stockley
Sharing an interesting article by Sem Ponnambalam, President at XAHIVE , a Canadian, certified woman-led cybersecurity company. www.xahive.com
www.xahive.com
Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.
Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
Why is password protection a fallacy a point of viewYury Chemerkin
MAKE your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it – never write it down. And, oh yes, change it every few months. These instructions are supposed to protect us. But they don’t.
http://hakin9.org/hakin9-extra-12011-exploiting-software/
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
Top 100 Cyber Security Interview Questions and Answers in 2022 According to the IBM Report, data breaches cost measured businesses $4.24 million per incident on average, the highest in the 17 years of history. However, the demand for cyber security professionals exceeded and created exciting job opportunities.
Case Study On Social Engineering Techniques for Persuasion Full Text graphhoc
There are plenty of security software in market; each claiming the best, still we daily face problem of viruses and other malicious activities. If we know the basic working principal of such malware then we can very easily prevent most of them even without security software. Hackers and crackers are experts in psychology to manipulate people into giving them access or the information necessary to get access. This paper discusses the inner working of such attacks. Case study of Spyware is provided. In this case study, we got 100% success using social engineering techniques for deception on Linux operating system, which is considered as the most secure operating system. Few basic principal of defend, for the individual as well as for the organization, are discussed here, which will prevent most of such attack if followed.
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
For many organizations, the human element is often the most overlooked attack vector. Ironically, people are typically one of the easiest vulnerabilities to exploit and an attacker needs little more than a smile or email to completely compromise a company. With targeted attacks on the rise, organizations must understand the risk of social engineering based attacks. The purpose of this presentation is to examine common physical, phone, and Internet based attacks. Real world case studies are included and recommendations are provided that will help mitigate this growing threat.
Praetorian's goal is to help our clients understand minimize their overall security exposure and liability. Through our services, your organization can obtain an accurate, independent security assessment.
The Internet of Things: We've Got to ChatDuo Security
BSides SF, February 2014: http://www.securitybsides.com/w/page/70849271/BSidesSF2014
Duo's Zach Lanier (@quine) & Mark Stanislav (@markstanislav) on IoT (Internet of Things) security, announcing http://BuildItSecure.ly
Here are the discussions that are mentioned in P19 of "Fend Off Cyberattack with Episodic Memory"
https://www.slideshare.net/HitoshiKokumai/fend-off-cyberattack-with-episodic-memory-24feb2023
Cyber Predicament by Text-Only Password SystemsHitoshi Kokumai
The current password predicament is caused by the conventional password systems that do not allow people to use anything but numbers/characters. But we do not have to despair. There exists an incredibly simple solution to it, though little known to the public as yet.
Role Of Biometric Security- Bahaa Abdul Hadi.pdfBahaa Abdulhadi
Bahaa Abdul Hadi is an Identity Management expert and regularly shares his experiences with his audience through his blogs.
Biometric systems can be used to protect our data as well as our wallets. Its ease of inclusion and the difficulty of forging the credentials employed by biometric technology makes it one of the most sensible security options currently available. As consumer use of the IoT rises, biometric technology is being used more frequently.
Why is cybersecurity important for the entertainment industry Lisa Stockley
Sharing an interesting article by Sem Ponnambalam, President at XAHIVE , a Canadian, certified woman-led cybersecurity company. www.xahive.com
www.xahive.com
Companies are generally very good at protecting themselves against external attacks, but only rarely do they guard themselves against internal attacks. By using what’s known as ‘Social Engineering’, hackers exploit unsuspecting people who in good faith open up their doors to unwanted strangers.
Social engineering, or SE, is the art of manipulating people into performing actions or so they give up confidential information. Social Engineering can mean different things to different people.
Why is password protection a fallacy a point of viewYury Chemerkin
MAKE your password strong, with a unique jumble of letters, numbers and punctuation marks. But memorize it – never write it down. And, oh yes, change it every few months. These instructions are supposed to protect us. But they don’t.
http://hakin9.org/hakin9-extra-12011-exploiting-software/
100+ Cyber Security Interview Questions and Answers in 2022Temok IT Services
Top 100 Cyber Security Interview Questions and Answers in 2022 According to the IBM Report, data breaches cost measured businesses $4.24 million per incident on average, the highest in the 17 years of history. However, the demand for cyber security professionals exceeded and created exciting job opportunities.
Case Study On Social Engineering Techniques for Persuasion Full Text graphhoc
There are plenty of security software in market; each claiming the best, still we daily face problem of viruses and other malicious activities. If we know the basic working principal of such malware then we can very easily prevent most of them even without security software. Hackers and crackers are experts in psychology to manipulate people into giving them access or the information necessary to get access. This paper discusses the inner working of such attacks. Case study of Spyware is provided. In this case study, we got 100% success using social engineering techniques for deception on Linux operating system, which is considered as the most secure operating system. Few basic principal of defend, for the individual as well as for the organization, are discussed here, which will prevent most of such attack if followed.
Social Engineering - Strategy, Tactics, & Case StudiesPraetorian
For many organizations, the human element is often the most overlooked attack vector. Ironically, people are typically one of the easiest vulnerabilities to exploit and an attacker needs little more than a smile or email to completely compromise a company. With targeted attacks on the rise, organizations must understand the risk of social engineering based attacks. The purpose of this presentation is to examine common physical, phone, and Internet based attacks. Real world case studies are included and recommendations are provided that will help mitigate this growing threat.
Praetorian's goal is to help our clients understand minimize their overall security exposure and liability. Through our services, your organization can obtain an accurate, independent security assessment.
The Internet of Things: We've Got to ChatDuo Security
BSides SF, February 2014: http://www.securitybsides.com/w/page/70849271/BSidesSF2014
Duo's Zach Lanier (@quine) & Mark Stanislav (@markstanislav) on IoT (Internet of Things) security, announcing http://BuildItSecure.ly
Here are the discussions that are mentioned in P19 of "Fend Off Cyberattack with Episodic Memory"
https://www.slideshare.net/HitoshiKokumai/fend-off-cyberattack-with-episodic-memory-24feb2023
Cyber Predicament by Text-Only Password SystemsHitoshi Kokumai
The current password predicament is caused by the conventional password systems that do not allow people to use anything but numbers/characters. But we do not have to despair. There exists an incredibly simple solution to it, though little known to the public as yet.
Role Of Biometric Security- Bahaa Abdul Hadi.pdfBahaa Abdulhadi
Bahaa Abdul Hadi is an Identity Management expert and regularly shares his experiences with his audience through his blogs.
Biometric systems can be used to protect our data as well as our wallets. Its ease of inclusion and the difficulty of forging the credentials employed by biometric technology makes it one of the most sensible security options currently available. As consumer use of the IoT rises, biometric technology is being used more frequently.
[DSC Europe 23] Shahab Anbarjafari - Generative AI: Impact of Responsible AIDataScienceConferenc1
Today, we embark on a journey into the realm of Generative AI (Gen AI), a force of innovation and possibility. We'll not only unveil the vast opportunities it offers but also confront the ethical challenges it poses. In the spirit of responsible innovation, we'll then dive deep into Responsible AI, illuminating the path to its implementation in this era of Gen AI. Join us for a profound exploration of this technological frontier, where our commitment to responsibility and foresight shapes the future.
Biometrics are climbing as a general layer to various individuals and try security systems.With the special identifiers of your science and practices, this might appear to be secure. Notwithstanding, biometric personality has been made numerous careful with regards to its utilization as independent confirmation.
Bring healthy second life to legacy password systemHitoshi Kokumai
Passwords are said to be too vulnerable to theft and too hard to manage. Many people sound as if the password were an enemy of people. Some people even allege that removal of the password would improve the security of digital identity. Let us examine how valid such views are.
More information at https://www.mnemonicidentitysolutions.com/
Biometrics are organic estimates - or actual attributes - that can be utilized to recognize people. For instance, unique mark planning, facial acknowledgment, and retina checks are largely types of biometric innovation, however these are only the most perceived choices.
Authentication is an important part of digital system security and ensuring that only authorised persons have access to sensitive information or resources.
Let’s take a closer look at each one
A brief overview of biometric authentication and the benefits it can have on your business and its overall security. Is biometric authentication something you should be looking into? Find out now...
Image data of a picture that the user picks up will be hashed by the likes of Sha256
Sha-hashed data of the selected several pictures will be put together and hashed by the likes of Argon2id
The Argon2id-hashed data will be outputted as the code to be used as a password, a crypto key, a master-password or something else depending on use cases.
With unique salts added, a number of derivative codes can be automatically generated from the first code in a single process
Fend Off Cyberattack with Episodic Memory (24Feb2023)Hitoshi Kokumai
This is a slide with script presented at Conference On Cyber Security In Financial Institutions by Banking Association of Central and East Europe on 24th February 2023 - https://baceeconference.com/cyber-security-conference/
The issues mentioned on P19 are discussed here - "More Issues on Digital Identity"
https://www.slideshare.net/HitoshiKokumai/more-issues-on-digital-identity-24feb2023
Slide Share (Updated) - Fend Off Cybercrime with Episodic Memory 29Aug2022Hitoshi Kokumai
Digital Transformation would be a pipe dream if it’s not supported by a practicable means of identity authentication that is secure and yet stress-free, desirably giving us joy and fun
Our company, Mnemonic Identity Solutions Limited (MIS), set up in August 2020 in United Kingdom for global operations, is a Start-Up as a corporation but it’s more than a Start-Up as a business entity. We set it up in order to globally expand what its predecessor named Mnemonic Security, Inc. started in Japan in late 2001.
We have a 20 years long pre-history of technology development, product making and commercial implementations with some US$1 million sales. Our champion use case is Japanese Army deploying our product on field vehicles since 2013 and still using it.
At MIS we are now going to help global citizens fend off cybercrime by their non-volatile episodic memory, with the values of democracy.
< Video Link >
Fend Off Cybercrime by Episodic Memory (90 seconds) https://youtu.be/T1nrAlmytWE
MnemonicGateways (90 seconds)
https://youtu.be/0nNIU4uYl94
High-Security Operation on PC for managers (4m28s)
https://www.youtube.com/watch?v=UO_1fEp2jFo
< Document Link >
Power of Citizens’ Episodic Memory
https://www.linkedin.com/pulse/power-citizens-episodic-memory-hitoshi-kokumai/
LOSS of Security Taken for GAIN of Security
https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/
An updated version is available from 30/Aug/2022 at https://www.slideshare.net/HitoshiKokumai/slide-share-updated-fend-off-cybercrime-with-episodic-memory-29aug2022
..................................................
Digital Transformation would be a pipe dream if it’s not supported by a practicable means of identity authentication that is secure and yet stress-free, desirably giving us joy and fun
<Reference URL>
- Video
90-second introductory video; Fend Off Cybercrime by Episodic Memory (4/Feb/2022) https://youtu.be/T1nrAlmytWE
90-second demonstration video: Mnemonic Gateways (10/Feb/2022)
https://youtu.be/0nNIU4uYl94
- Blog collections
Power of Citizens’ Episodic Memory
https://www.linkedin.com/pulse/power-citizens-episodic-memory-hitoshi-kokumai/
LOSS of Security Taken for GAIN of Security
https://www.linkedin.com/pulse/loss-security-taken-gain-hitoshi-kokumai/
Biometrics Unravelled | password-dependent password-killer
https://www.linkedin.com/pulse/biometrics-unravelled-password-dependent-hitoshi-kokumai/
- Hitoshi Kokumai's profile
https://www.linkedin.com/in/hitoshikokumai/
Updated: Presentation with Scripts at CIW2018Hitoshi Kokumai
The volitional password is absolutely necessary where the democratic values matter (*1). whereas the conventional password is hated as everybody agrees.
This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice.
We came up with the way out. It is Expanded Password System that accepts images as well as texts/characters.
This is the updated version of the slide used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam (*2). P20 for "Deterrence to Targeted Phishing" has been added.
*1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia.
*2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview
<Link to Videos >
80-second video
https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be
30-second video
https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be
The volitional password is absolutely necessary(where the democratic values matter *1). whereas the conventional password is hated (as everybody agrees).
This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice.
We came up with the way out. It is Expanded Password System that accepts images as well as texts/characters.
This slide was used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam *2
*1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia.
*2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview
<Link to Videos >
80-second video
https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be
30-second video
https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be
Updated: Identity Assurance by Our Own Volition and MemoryHitoshi Kokumai
The volitional password is absolutely necessary(where the democratic values matter *1). whereas the conventional password is hated (as everybody agrees).
This observations lead us to conclude that we should agree that we have to find the sort of password system that is not hated. Logic tells that there can be no other choice.
We came up with the way out. It is Expanded Password
System that accepts images as well as texts/characters.
This is the slide I used for the presentation on 30/Oct/2018 at KuppingerCole's Consumer Identity World Europe 2018 in Amsterdam *2
*1 Where authentication of our identity happens without our knowledge or against our will, it is a 1984-like Dystopia.
*2 https://www.kuppingercole.com/events/ciweu2018/agenda_overview
<Link to Videos >
80-second video
https://www.youtube.com/watch?v=ypOnKTTwRJg&feature=youtu.be
30-second video
https://www.youtube.com/watch?v=7UAgtPtmUbk&feature=youtu.be
Help unravel the conundrum over NIST authentication guidelineHitoshi Kokumai
It appears that NIST is of the view that a house with two entrances placed in parallel, not in tandem, is less vulnerable to burglars than a one-entrance house. We are unable to understand their logic behind such observations. We wonder if some of you can help unravel this conundrum.
You might also be interested in these short videos::
- Biometrics in Cyber Space - "below-one" factor authentication
https://youtu.be/wuhB5vxKYlg
- Six Reasons to Believe Biometrics Don't Ruin Cyber Security
https://youtu.be/lODTiO2k8ws
Expanded password system - Reliable Identity AssuranceHitoshi Kokumai
Security of the real/cyber-fused society hinges on “Assured Identity”, which hinges on “Shared Secrets” in cyberspace. The text password has been the shared secrets for many decades. We now need a successor to the text password. There exists a promising candidate, an Expanded Password System which accepts images as well as characters and which generates a high-entropy password from a hard-to-forget password.
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
How to Get CNIC Information System with Paksim Ga.pptxdanishmna97
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Removing Uninteresting Bytes in Software FuzzingAftab Hussain
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
GridMate - End to end testing is a critical piece to ensure quality and avoid...ThomasParaiso2
End to end testing is a critical piece to ensure quality and avoid regressions. In this session, we share our journey building an E2E testing pipeline for GridMate components (LWC and Aura) using Cypress, JSForce, FakerJS…
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...SOFTTECHHUB
The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing.
One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 6DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
UiPath Test Automation using UiPath Test Suite series, part 5DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Alt. GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using ...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Maruthi Prithivirajan, Head of ASEAN & IN Solution Architecture, Neo4j
Get an inside look at the latest Neo4j innovations that enable relationship-driven intelligence at scale. Learn more about the newest cloud integrations and product enhancements that make Neo4j an essential choice for developers building apps with interconnected data and generative AI.
In the rapidly evolving landscape of technologies, XML continues to play a vital role in structuring, storing, and transporting data across diverse systems. The recent advancements in artificial intelligence (AI) present new methodologies for enhancing XML development workflows, introducing efficiency, automation, and intelligent capabilities. This presentation will outline the scope and perspective of utilizing AI in XML development. The potential benefits and the possible pitfalls will be highlighted, providing a balanced view of the subject.
We will explore the capabilities of AI in understanding XML markup languages and autonomously creating structured XML content. Additionally, we will examine the capacity of AI to enrich plain text with appropriate XML markup. Practical examples and methodological guidelines will be provided to elucidate how AI can be effectively prompted to interpret and generate accurate XML markup.
Further emphasis will be placed on the role of AI in developing XSLT, or schemas such as XSD and Schematron. We will address the techniques and strategies adopted to create prompts for generating code, explaining code, or refactoring the code, and the results achieved.
The discussion will extend to how AI can be used to transform XML content. In particular, the focus will be on the use of AI XPath extension functions in XSLT, Schematron, Schematron Quick Fixes, or for XML content refactoring.
The presentation aims to deliver a comprehensive overview of AI usage in XML development, providing attendees with the necessary knowledge to make informed decisions. Whether you’re at the early stages of adopting AI or considering integrating it in advanced XML development, this presentation will cover all levels of expertise.
By highlighting the potential advantages and challenges of integrating AI with XML development tools and languages, the presentation seeks to inspire thoughtful conversation around the future of XML development. We’ll not only delve into the technical aspects of AI-powered XML development but also discuss practical implications and possible future directions.
Clues to Unravelling Conundrums - Biometrics deployed 'in parallel' as against 'in series'
1. Clues to Unravelling Conundrums
- Biometrics deployed ‘in parallel’ as against ‘in series’
In my earlier writing “Truth does not matter in infosec?” I wrote as follows:
--------
So long as the biometrics is backed up by a fallback password, irrespective of
which are more accurate than the others, its security is lower than that of a
password-onlyauthentication
Then, we have to wonder why and how the biometrics has been touted as a
security-enhancing tool for so long, with so many security professionals being
silent aboutthe fact.
---------
It appears that we may have got some clues to this conundrum. We had a chance
to look at a document produced by NIAP (National Information Assurance
Partnership),in which ‘hybrid biometrics authentication’ wasdiscussed.
The biometrics advocates got a NIAP committee to positively evaluate the hybrid
(two-factor) deployment of biometrics and passwords by just talking about the 'in
series' deployments. Then, the concept that the hybrid biometrics
authentications provide good security was solidly established with authority.
There may have been some more similar cases.
On the other hand, a number of biometrics vendors put on the market the
biometrics products, which are deployed 'in parallel', without referring¸
knowingly or unknowingly, to the difference between the 'in parallel'
deployments and the 'in series' deployments. I would not like to suspect that
there were choreographers for it. I assume that it might well have happened due
to lack of good communication and misunderstanding among the people
concerned.
2. The outcome was a number of misguided security professionals and tech media
spreading the misguiding information in a gigantic scale. We are now
witnessing such a worrying situation that a number of financial institutions are
adopting the 'in parallel' hybrid biometrics for the applications for which they say
they require the level of security higher than the password. It is defeating the
purpose.
Well, I am not happy with this uncomfortable hypothesis. I would appreciate it
if someone could let me know the presence of different materials that might lead
us to different observations.
I would also welcome any information on whether the publicized FAR and FRR
are empirical or theoretical and how they are measured, monitored or calculated.
<Remarks>
‘in series’ deployment = both to pass, And/Conjunction
‘in parallel’ deployment = either to pass, Or/Disjunction
< Related Article >
P3 Truth does not matter in infosec?
P4 iPhone X Face ID - What FAR means when it does not come with the corresponding
FRR?
P5 Mitigation of Password Predicament
P6 Democracy would be dead where the password is killed
P7 Mix up “Unique” with “Secret” and confuse “Identification” with “Authentication”
3. Truth does not matter in infosec?
Tech media seem busy arguing which biometrics is better than the others. But it is all
nonsense from security’s point of view. Instead we should ask why security-lowering
measures have been touted as security-enhancing solutions.
Because of its inherent characteristics, biometrics depends on a fallback means in case of false
rejection. In physical security, it could be handled by personnel in charge other than the user.
In cybersecurity, however, it needs to be handled by the user themselves, in most cases by way
of a password that the user themselves needs to feed.
So long as the biometrics is backed up by a fallback password, irrespective of which are more
accurate than the others, its security is lower than that of a password-only authentication as
illustrated in this video. https://youtu.be/wuhB5vxKYlg
Then, we have to wonder why and how the biometrics has been touted as a security-enhancing
tool for so long, with so many security professionals being silent about the fact.
There could be various explanations – from agnotology, neuroscience, psychology, sociology,
behavioral economics and so on. This phenomenon will perhaps be found to have provided an
excitingly rich material for a number of scientists and researchers in those fields.
Summary of the video
> >
4. iPhone X Face ID
What FAR means when it does not come with the corresponding FRR?
Answer: It means nothing.
According to some tech media¸the FAR (false acceptance rate) of iPhone X Face ID is said to be
one millionth, which might be viewed as considerably better than the reported one 50,000th of
Touch ID.
It is not the case, however. The fact is that which is better or worse can by no means be decided
when the corresponding FRR (false rejection rates) of Face ID and Touch ID, which are in the
trade-off relation with FAR, are not known. This crucial observation is seldom reported by
major tech media. It is really sad to see the misguided tech media spreading the misguiding
information in a huge scale.
The only meaningful fact that we can logically get confirmed by the trade-off between FAR and
FRR is that the biometrics deployed with a password as a fallback means against false
rejection would only provide the level of security lower than that of a password-only
authentication.
Face ID, which brings down security as such, could be recommended only for those who want
better convenience, as in the case of Touch ID. If recommended for better security, it would
only get criminals and tyrants delighted.
Security professionals are expected to speak up.
30-second video - https://youtu.be/7UAgtPtmUbk
5. Mitigation of Password Predicament
This article talks about the old and new NIST password guidelines.
https://www.theverge.com/2017/8/7/16107966/password-tips-bill-burr-regrets-advice-nits-cyber
security
It is nice to see repealed the odd recommendations like the complicated hard-to-recall
passwords which would result in reusing the same password across many accounts and the
regular password change which would result in using the easiest-to-guess passwords. It is
not nice, however, to see ‘passphrase’ and ‘password manager’ being touted so naively. Caveats
should come with these recommendations.
Passphrase: It could be longer and yet easier to remember but it does not necessarily mean a
higher entropy despite the troubles of tiresome typing. It is generally made of known words
that are just vulnerable to automated dictionary attacks.
The cartoon shown in this Verge article reads that a 44-bits entropy is hard to guess. It may
be extremely hard for humans to guess, but it would be so easy a prey for criminals who
possess the automated attack software with the intelligent dictionaries.
Password Manager: It remembers all my passwords when un-hacked and loses all my
passwords to criminals when hacked. It should be operated in a decentralized formation or
should be considered mainly for low-security accounts, not for the high-security business that
should desirably be protected by all different strong passwords unique to each account.
Then, what else can we do? Our proposition.is “Intuitive Passwords: Passwords to Succeed
Passwords”
http://virtual-strategy.com/2017/04/14/intuitive-passwords-passwords-to-succeed-passwords/
6. Democracy would be dead where the password is killed
Some security people are advocating that the password should be killed dead. I wonder if
they are aware of what they mean by what they say. A society where login without users’
volition is allowed would be the society where democracy is dead. It’s a tyrant’s utopia.
We know that biometrics, which relies on a fallback password, can by no means be an
alternative to the password, that the password is an indispensable factor for multi-factor
schemes and that the security of password managers and single-sign-on schemes needs to
hinge on the reliability of the password.
The password (memorized secret) is absolutely necessary. Don’t let it be killed. Don’t accept
any form of passwordless login.
<Reference>
Slide: Password Fatigue and Expanded Password System
http://www.slideshare.net/HitoshiKokumai/password-fatigue-and-expanded-password-system
Article (7-page): Intuitive Password – passwords succeeding passwords
https://www.slideshare.net/HitoshiKokumai/intuitive-passwords-passwords-succeeding-passw
ords
7. Mix up “Unique” with “Secret” and
we would confuse “Identification” with “Authentication”
Biometrics follows “unique” features of individuals’ bodies and behaviors. It means that it
could be well used when deployed for identification of individuals who may be conscious or
unconscious, alive or dead. Due respect could be paid to biometrics in this sphere.
Being “unique” is different from being “secret”, however. It would be a misuse of biometrics if
deployed for security of the identity authentication of individuals.
Confusing “Identification” with “Authentication”, we would be building a sandcastle in which
people are trapped in a nefarious false sense of security. However gigantic and grandiose it
may look, the sandcastle could melt away altogether when we have a heavy storm.
And, the storm will come. The question is not “if”, but just “how soon”.
< Videos >
Turn off biometrics where security matters (30 seconds)
https://youtu.be/7UAgtPtmUbk
Biometrics in Cyber Space - "below-one" factor authentication
https://youtu.be/wuhB5vxKYlg
Six Reasons to Believe Biometrics Don't Ruin Cyber Security
https://youtu.be/lODTiO2k8ws
Password-free Life - Utopia or Dystopia? (30 seconds)
https://youtu.be/UJDBZpX1a0U
Password Predicament and Expanded Password System
https://youtu.be/-KEE2VdDnY0