A discussion of the importance of communication between people in different teams or working in different disciplines, with lots of examples from my time introducing devops practices to the UK Government.
Purple Teaming is the idea of using a Red Team exercise with clear training objectives for the Blue Team.
Great exercises should not just be focused on testing a product, they should also test your active Blue Team members and their skills. But how does one start to think about a Purple Team exercise, how does one go about running one and what does it look like?
In this talk we will explain what, why and how, to plan an effective purple team exercise and give some examples. Most enterprise networks are Windows heavy so examples will heavily lean on this.
Testing Assumptions, gaps, blind spots is what being proactive is all about. This talk is both for the console folks and non-console folks.
This was part of a 3 hour talk for students at a local college. Introductipn to post exploitation with PowerShell Empire. Feel free to use and learn from.
An idea for a log and backup policy that reduces the possibility of and potential damage from insider threats. Presented at Information Warfare Summit 2013.
Purple Teaming is the idea of using a Red Team exercise with clear training objectives for the Blue Team.
Great exercises should not just be focused on testing a product, they should also test your active Blue Team members and their skills. But how does one start to think about a Purple Team exercise, how does one go about running one and what does it look like?
In this talk we will explain what, why and how, to plan an effective purple team exercise and give some examples. Most enterprise networks are Windows heavy so examples will heavily lean on this.
Testing Assumptions, gaps, blind spots is what being proactive is all about. This talk is both for the console folks and non-console folks.
This was part of a 3 hour talk for students at a local college. Introductipn to post exploitation with PowerShell Empire. Feel free to use and learn from.
An idea for a log and backup policy that reduces the possibility of and potential damage from insider threats. Presented at Information Warfare Summit 2013.
A look at some of the configuration issues that containers introduce, and how to avoid or fix them. Discusses immutable infrastructure, the difference between build-time and runtime configuration, scheduler configuration and more.
Presentation from Barcamp London 6 about Google App Engine. Focus was on the type of applications the platform is well suited for, what features are currently missing and what's coming up in the next releases.
Config managament for development environments iiGareth Rushgrove
Talk for the London Ruby User Group about using configuration management tools to manage development environments. Lots of Vagrant and Chef code examples.
Social Media Risk and Reputation ManagementClaudiu Popa
Of the biggest business risks presented by cyber threats such as hacking, identity theft, privacy breaches and other security events, reputation damage is the one that concerns individuals and businesses the most.
Social media is a global phenomenon that can't be ignored. Being online makes you feel vulnerable, but paradoxically, NOT having an active online presence exposes your business to even greater risks of brand damage, credibility and reputation impact.
How do you craft your Facebook, Twitter, LinkedIn and other social channels to maximize your positive exposure and limit your risk?
Learn how reputation is part of the Threat/Impact Triad and how proper management can avert disaster.
About the idea of DevOps, why we implemented DevOps and what we did, what is important !
About our road from waterfall/ITIL and silo structures to DevOps/Agile culture.
Major updates to Puppet Enterprise give you the power to use automation as the bridge to your future, whether that's moving to the cloud or adopting containers in production.
New change reporting and orchestration features make it easy to drive change with confidence, and tools for building and deploying popular cloud and container technologies give you a standard way to automate the delivery and operation of all of your software.
Join us for a webinar to see the latest release in action. You’ll learn about:
Orchestration enhancements to give you even more control to run phased deployments and coordinated roll-outs of change
Corrective change reporting to gain insight into why changes occur across your infrastructure
Tools to automate the build of Docker container images
Integration with VMware's vRealize Suite (vRA/vRO) to enable fully automated, self-service provisioning workflows
Integration with Jenkins to easily enable you to scale your DevOps practice by building continuous delivery pipelines and orchestrating infrastructure deployment
Presented by Michael Olson, Sr. Product Marketing Manager, and Grace Andrews, Technical Solutions Engineer.
PuppetConf 2016: Device-Based Modules: Making Them as Simple as a Light Switc...Puppet
Here are the slides from TP Honey's PuppetConf 2016 presentation called Device-Based Modules: Making Them as Simple as a Light Switch. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Advice on how to get started — and ahead — in a career in DevOpsPuppet
We talked to dozens of engineers, managers and recruiters whose jobs (or the jobs they're hiring for) emphasize DevOps practices to see what insights they have to share. In this SlideShare you'll find quotes from them on their biggest pieces of advice for someone trying to embrace DevOps more in their current job — or find a new one.
For all their advice and wisdom, get the full ebook at https://puppet.com/devops-and-you.
A look at some of the configuration issues that containers introduce, and how to avoid or fix them. Discusses immutable infrastructure, the difference between build-time and runtime configuration, scheduler configuration and more.
Presentation from Barcamp London 6 about Google App Engine. Focus was on the type of applications the platform is well suited for, what features are currently missing and what's coming up in the next releases.
Config managament for development environments iiGareth Rushgrove
Talk for the London Ruby User Group about using configuration management tools to manage development environments. Lots of Vagrant and Chef code examples.
Social Media Risk and Reputation ManagementClaudiu Popa
Of the biggest business risks presented by cyber threats such as hacking, identity theft, privacy breaches and other security events, reputation damage is the one that concerns individuals and businesses the most.
Social media is a global phenomenon that can't be ignored. Being online makes you feel vulnerable, but paradoxically, NOT having an active online presence exposes your business to even greater risks of brand damage, credibility and reputation impact.
How do you craft your Facebook, Twitter, LinkedIn and other social channels to maximize your positive exposure and limit your risk?
Learn how reputation is part of the Threat/Impact Triad and how proper management can avert disaster.
About the idea of DevOps, why we implemented DevOps and what we did, what is important !
About our road from waterfall/ITIL and silo structures to DevOps/Agile culture.
Major updates to Puppet Enterprise give you the power to use automation as the bridge to your future, whether that's moving to the cloud or adopting containers in production.
New change reporting and orchestration features make it easy to drive change with confidence, and tools for building and deploying popular cloud and container technologies give you a standard way to automate the delivery and operation of all of your software.
Join us for a webinar to see the latest release in action. You’ll learn about:
Orchestration enhancements to give you even more control to run phased deployments and coordinated roll-outs of change
Corrective change reporting to gain insight into why changes occur across your infrastructure
Tools to automate the build of Docker container images
Integration with VMware's vRealize Suite (vRA/vRO) to enable fully automated, self-service provisioning workflows
Integration with Jenkins to easily enable you to scale your DevOps practice by building continuous delivery pipelines and orchestrating infrastructure deployment
Presented by Michael Olson, Sr. Product Marketing Manager, and Grace Andrews, Technical Solutions Engineer.
PuppetConf 2016: Device-Based Modules: Making Them as Simple as a Light Switc...Puppet
Here are the slides from TP Honey's PuppetConf 2016 presentation called Device-Based Modules: Making Them as Simple as a Light Switch. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
Advice on how to get started — and ahead — in a career in DevOpsPuppet
We talked to dozens of engineers, managers and recruiters whose jobs (or the jobs they're hiring for) emphasize DevOps practices to see what insights they have to share. In this SlideShare you'll find quotes from them on their biggest pieces of advice for someone trying to embrace DevOps more in their current job — or find a new one.
For all their advice and wisdom, get the full ebook at https://puppet.com/devops-and-you.
Join well known industry thought leaders and experts from local New York companies for a 1/2 day event focused on the latest and greatest in DevOps practices.
PuppetConf 2016: The Future of Testing Puppet Code – Gareth Rushgrove, PuppetPuppet
Here are the slides from Gareth Rushgrove's presentation called The Future of Testing Puppet Code. Watch the videos at https://www.youtube.com/playlist?list=PLV86BgbREluVjwwt-9UL8u2Uy8xnzpIqa
FYI readers: SlideShare somewhat messed up the presentation, but it's still quite readable all the way (except slide 44, SlideShare doesn't seem to like the "thinking emoji"). Also, I made sure that the speaker notes gave a lot of insight. I hope this is useful to you!
** SUMMARY OF THE TALK:
Your product (or your client’s product) is kicking butt, and the userbase is ever growing, allowing to hire more engineers to build more experimental features, more interactions, more experiences in your product. Soon, a dreadful problem starts arising: how do you ensure that one team’s work in your crowd of engineers doesn’t unwillingly break or impact another team’s front-end work? How do you scale humans on the front-end while limiting risk?
We’ll briefly look at how that problem is being solved on the back-end in large companies (Google, Apple, Uber, Salesforce) to see what we can learn from it for the front-end, and then we’ll dive in the opportunities that current front-end framework are leveraging. We’ll discuss component-based approaches in particular, since they’re designed as a solution to that problem, and will review the solutions they bring, but also the new challenges, and what future we can expect to them.
Gareth Rushgrove (Puppet) - Ubiquity at #DOXLONOutlyer
Ubiquity - Moving past file, package and service with Puppet Gareth Rushgrove Puppet Labs
In the last few years we've all got much better at managing the configuration of node level resources like files and packages. But our infrastructures are only getting larger and more complex, and today we're more likely to be talking about clusters and distributed systems than individual hosts. This talk will cover a number of things Puppet is doing to make this shift easier - from support for hardware devices and tools like etcd to cloud provisioning and docker.
Video: http://youtu.be/Z2mv9Istg90
Join DevOps Exchange London here: http://www.meetup.com/DevOps-Exchange-London/
Follow DOXLON on twitter http://www.twitter.com/doxlon
202104 technical challenging and our solutions - golang taipeiRonald Hsu
technical challenging in a MMAU SASS product, and how do we improve reliability in a microservice architecture with improving context passing, service mesh, etc.
Introduction to Blockchain and the Hyperledger ProjectManuel Garcia
Does The Hyperledger Project have the potential to become the engine behind most successful decentralized applications and organizations created in the next 25-50 years? Absolutely!
A much better question is how, and in what new ways, can we:
a) Build decentralized applications, organizations and APIs at 10x the speed at 1/10 the cost.
b) Build situational awareness in the local community.
I believe that the convergence of decentralized applications, decentralized organizations, artificial intelligence and IoT brings upon us the Great Displacement of the 21st century, where the majority of workforce will be left without “conventional” jobs, forced to learn new skills and professions. Why?
Founders of this group believe that the Hyperledger Foundation will be the engine behind decentralization of the world, a massive economic change of the next 25-50 years.
So.... why don't we standardize and democratize the field with and around Hyperledger?
What?
We are a local micro community of those interested in advancing their knowledge of Hyperledger, its use cases and applications.
How?
Join our group for a regular dose of human interaction, conversations, smiles, food and drinks on all things Hyperledger:
• Use Cases
• Competitive analysis of Hyperledger startups (Distributed Apps from disruptive companies in specific vertical markets)
• How-To’s
• Interviews with individuals working at the edge of the Hyperledger project
• Reviews of tools, services and APIs offered by the Hyperledger ecosystem
• Best Practices in Application Architecture
• Do’s and Don’ts
• Application Templates
• Hackathons
• Security in the decentralized world - on the edge, on the node, in the cloud and in transit
• How others solve some of the hard problems that exist in the world using Hyperledger.
https://www.hyperledger.org
https://github.com/hyperledger
Join the movement. Let’s change the world. Because with Hyperledger we can.
This slides belong to a presentation done by Manuel Garcia @ http://www.meetup.com/HyperLedger-and-Blockchain-Apps-Buenos-Aires
Machine Learning and Python For Marketing Automation | MKGO October 2019 | Ru...Ruth Everett
Advancements to Machine Learning are changing the game for busy marketers, with automation possibilities from personalised messaging and content creation to social listening and predictive analysis available.
Digital Publishing for Scale: The Economist and GoC4Media
Video and slides synchronized, mp3 and slide download available at URL https://bit.ly/2CALlGE.
Kathryn Jonas talks about The Economist’s struggles and victories in transitioning to Go and how Go has uniquely fit their digital publishing goals. Filmed at qconnewyork.com.
Kathryn Jonas is the Lead Engineer for the Content Platform at The Economist. She has lead projects for organizations in Beijing, London, and New York, applying technology to diverse challenges such as mission impact evaluation, editorial transparency and trust, and online learning and collaboration.
Lightning talk given at Refresh Cambridge event on 6th July 2011. Very quick introduction to where an HTTP Caching solution fits in, and an example of the kind of effect it could have on performance.
Talk about using Ganglia and other tools for storing all kinds of web application metrics for both operations and business purposes. Presented at Cambridge Geek Night
You really should automate the deployment of your web site or application. Stop using your source control system for deployment, and definitely stop relying on FTP. This presentations talks about why, what you should be doing and importantly how to go about doing it.
Presented at barcamp brighton 4
Talk about tools that web developers should use that go beyond just using the basic stack you are familiar with. Knocked together for barcamp North East 2
Keeping up with the Zeldmans
Presentation about education and keeping up to date with the latest trends. Presented at Bamboo Juice conference at The Eden Project, Cornwall, UK
A short presentation about what I like about App Engine, aimed at Python developers but relevant for all.
Given at the Cambridge Python User Group on the 3rd of March
Presentation from Xtech in Dublin 2008 on advantages, problems and potential solutions for bringing a mashups to larger commercial web application development
A short presentation about what anyone building software can learn from the Web 2.0 success stories. Delivered to a group of IT Managers for Codeworks Connect.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
21. the language and speech,
especially the jargon, slang or
argot, of a particular field, group
or individual
Gareth Rushgrove
lingo
noun
plural noun: lingoes
22. Language acts as a barrier to
entry to different communities
Gareth Rushgrove
33. Will the release really work?
Gareth Rushgrove
Paraphrasing one of my colleagues from 2012
”
“
34. Yes. We’ve done it more than
1000 times. I’m confident it
works now
Gareth Rushgrove
Paraphrasing me
”
“
35. Early members of GDS were
mainly from media, startup and
technology backgrounds
Gareth Rushgrove
36. The formal language of
Service Management* was
unfamiliar to most
Gareth Rushgrove
*Ironically, ITIL was a creation of CCTA, a UK Government agency
37. But practices like automation,
developers on-call, configuration
management, continuous
deployment, and automated
testing were second nature
Gareth Rushgrove
39. We cancelled one configuration
management effort because we
couldn’t keep the spreadsheet
up to date
Gareth Rushgrove
Remembering one conversation with an Government department
”
“
40. The recommendation was to move
from quarterly releases to one
release every 6 months
Gareth Rushgrove
Remembering one conversation with an Government department
”
“
41. Oh, we use an open source
configuration management tool
which reports state every
30 minutes for every device
Gareth Rushgrove
Remembering one conversation with an Government department
”
“
42. Overlapping words from different
tribes are often a great place to
start collaborating
Gareth Rushgrove
Tip
44. A lack of personal relationships,
sometimes caused by the
inability to communicate,
leads to stereotypes
Gareth Rushgrove
45. a widely held but fixed and
oversimplified image or idea of a
particular type of person or thing.
Gareth Rushgrove
stereotype
noun
plural noun: stereotypes
53. a fictional rogue systems
administrator who takes out his
anger on users and others who
pester him with computer problems
Gareth Rushgrove
BOFH
Bastard Operator from Hell
58. Making use of stacks of paper
policy often involves middlemen
Gareth Rushgrove
59. Having direct access to real
domain experts* is awesome
Gareth Rushgrove
*Unfairly in my case that mean
60. I think you’ll find you can’t do that
because of my interpretation of this
wording in GPG13
Gareth Rushgrove
Unfairly paraphrasing countless conversations with intermediaries”
“
61. Let’s just ring Richard from
GCHQ and see what he thinks
Gareth Rushgrove
”
“
Unfairly paraphrasing countless conversations with intermediaries
69. (without introducing more risk)
Feature: Search
@high
Scenario: check search results on unified search
Given I am testing through the full stack
And I force a varnish cache miss
When I search for "tax" using unified search
Then I should see some search results
@normal
Scenario: check organisation filtering on unified search
Given I am testing through the full stack
And I force a varnish cache miss
When I search for "policy" using unified search
Then I should see organisations in the unified organisation filter
@normal
Scenario: check sitemap
Given I am testing through the full stack
And I force a varnish cache miss
When I get the sitemap index
Then It should contain a link to at least one sitemap file
And I should be able to get all the referenced sitemap files
GOV.UK Smoke Tests
70. (without introducing more risk)
Feature: Search
@high
Scenario: check search resul
Given I am testing through
And I force a varnish cach
When I search for "tax" us
73. (without introducing more risk)
// Should cache responses for the period defined in a `Cache-Control:
// max-age=n` response header.
func TestCacheCacheControlMaxAge(t *testing.T) {
ResetBackends(backendsByPriority)
const cacheDuration = time.Duration(5 * time.Second)
headerValue := fmt.Sprintf("max-age=%.0f", cacheDuration.Seconds())
handler := func(w http.ResponseWriter) {
w.Header().Set("Cache-Control", headerValue)
}
req := NewUniqueEdgeGET(t)
testRequestsCachedDuration(t, req, handler, cacheDuration)
}
CDN Acceptance Tests
74. (without introducing more risk)
Scenario: The application should not contain SQL injection vulnerabilities
Meta: @id scan_sql_injection @cwe-89
Given a scanner with all policies disabled
And the SQL-Injection policy is enabled
And the attack strength is set to High
And the alert threshold is set to Low
When the scanner is run
And the XML report is written to the file sql_injection.xml
Then no Medium or higher risk vulnerabilities should be present
BDD Security