Come hear how to work with external REST, SOAP, and Windows Communication Foundation (WCF) services from Silverlight. Learn how to securely and efficiently communicate with services using Binary XML, debug services with improved Faults support, and implement server-to-client "push" using the new Add Service Reference for Duplex functionality.
Developing Web Services With Oracle Web Logic ServerGaurav Sharma
Talk given at Sun tech 2010 in Hyderabad, India about developing web services with weblogic server and how to enable some of the WS* standards for your web services
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.
In this presentation Tom, Josh and Kevin will discuss the new security issues with web services and release an updated web service testing methodology that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and a open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques.
Developing Web Services With Oracle Web Logic ServerGaurav Sharma
Talk given at Sun tech 2010 in Hyderabad, India about developing web services with weblogic server and how to enable some of the WS* standards for your web services
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
Over the years web services have become an integral part of web and mobile applications. From critical business applications like SAP to mobile applications used by millions, web services are becoming more of an attack vector than ever before. Unfortunately, penetration testers haven't kept up with the popularity of web services, recent advancements in web service technology, testing methodologies and tools. In fact, most of the methodologies and tools currently available either don't work properly, are poorly designed or don't fully test for real world web service vulnerabilities. In addition, environments for testing web service tools and attack techniques have been limited to home grown solutions or worse yet, production environments.
In this presentation Tom, Josh and Kevin will discuss the new security issues with web services and release an updated web service testing methodology that will be integrated into the OWASP testing guide, new Metasploit modules and exploits for attacking web services and a open source vulnerable web service for the Samurai-WTF (Web Testing Framework) that can be used by penetration testers to test web service attack tools and techniques.
WCF is not just for SOAP based services and can be used with popular protocols like RSS, REST and JSON. Rob Windsor covers URI templates, the importance of HTTP GET in the programmable web, how to expose service operations via HTTP GET, how to control the format of data exposed by service operations, and finally how to use the WebOperationContext to access the specifics of HTTP.
The Way of the Whiteboard: Persuading with Picturesgoodfriday
Hear Dan Roam talk about persuading people with pictures. Whether convincing leadership to back a project, getting a VC to fund a business, building consensus on a project team, or selling a new technology platform within an organization, nothing is more powerful than a simple picture for discovering and developing technological concepts and business ideas. This session shows how to use the pictures we've created to persuade other people to take action.
Presentación de David Kaplan en el Colegio de México, 22 de junio de 2016. Comentarios sobre los posibles efectos de aumentar el salario mínimo de México. Los otros panelistas fueron Gerardo Esquivel y Salomón Chertorivski.
Visit Gent has it's own unique way of keeping Ghent real. In this spirit it uses technology to promote Ghent as a tourist destination and welcome foodie lovers in the city.
Working with Data and Web Services in Microsoft Silverlight 2goodfriday
Learn how easy it is to utilize POX, REST, RSS, ATOM, JSON, and SOAP in your Microsoft Silverlight mashup applications. Also learn how to easily access and display data with Silverlight using LINQ and databinding.
WCF is not just for SOAP based services and can be used with popular protocols like RSS, REST and JSON. Rob Windsor covers URI templates, the importance of HTTP GET in the programmable web, how to expose service operations via HTTP GET, how to control the format of data exposed by service operations, and finally how to use the WebOperationContext to access the specifics of HTTP.
The Way of the Whiteboard: Persuading with Picturesgoodfriday
Hear Dan Roam talk about persuading people with pictures. Whether convincing leadership to back a project, getting a VC to fund a business, building consensus on a project team, or selling a new technology platform within an organization, nothing is more powerful than a simple picture for discovering and developing technological concepts and business ideas. This session shows how to use the pictures we've created to persuade other people to take action.
Presentación de David Kaplan en el Colegio de México, 22 de junio de 2016. Comentarios sobre los posibles efectos de aumentar el salario mínimo de México. Los otros panelistas fueron Gerardo Esquivel y Salomón Chertorivski.
Visit Gent has it's own unique way of keeping Ghent real. In this spirit it uses technology to promote Ghent as a tourist destination and welcome foodie lovers in the city.
Working with Data and Web Services in Microsoft Silverlight 2goodfriday
Learn how easy it is to utilize POX, REST, RSS, ATOM, JSON, and SOAP in your Microsoft Silverlight mashup applications. Also learn how to easily access and display data with Silverlight using LINQ and databinding.
Real time websites and mobile apps with SignalRRoy Cornelissen
My session about building real time websites and mobile apps using the SignalR framework. Delivered on Microsoft TechDays Netherlands 2013.
In this session I combined a back end in NServiceBus, a SignalR ASP.NET gateway, and WPF, WinRT and iOS clients (using Xamarin.iOS) to build a real time production monitor.
Will Web 2.0 applications break the cloud?Flaskdata.io
Computing in the cloud is fashionable and in many cases extremely cost-effective. But - considering a flawed execution model of rich Web 2.0 applications - will Web applications in the cloud fail to live up to the promise due to performance and security issues?
In this presentation - I discuss security and performance issues of Web 2.0 apps in the cloud and talk about the kind of mistakes people make.
I wrap up with some thoughts on the game changers
This will be a brief discussion on Pen Testing Web Services in 2012, though OWASP have testing guides which describes various methods and tools for performing black box and white box security testing on web services but they’re all outdated. The key points of the presentation will revolve around how to pen test web services, what are the pre-requisites, methodology, tools used, etc.
The Art of the Pitch: WordPress Relationships and SalesLaura Byrne
Clients don’t know what they don’t know. What web solutions are right for them? How does WordPress come into the picture? How do you make sure you understand scope and timeline? What do you do if sometime changes?
All these questions and more will be explored as we talk about matching clients’ needs with what your agency offers without pulling teeth or pulling your hair out. Practical tips, and strategies for successful relationship building that leads to closing the deal.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Securing your Kubernetes cluster_ a step-by-step guide to success !KatiaHIMEUR1
Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster.
However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks.
In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Builder.ai Founder Sachin Dev Duggal's Strategic Approach to Create an Innova...Ramesh Iyer
In today's fast-changing business world, Companies that adapt and embrace new ideas often need help to keep up with the competition. However, fostering a culture of innovation takes much work. It takes vision, leadership and willingness to take risks in the right proportion. Sachin Dev Duggal, co-founder of Builder.ai, has perfected the art of this balance, creating a company culture where creativity and growth are nurtured at each stage.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
13. Using quot;typicalquot; message payloads
HP BL680c: 8 Intel EMT64 cores@2.4GHz
Windows Server 2008 64-bit, IIS7
Text / HTTP
Web service requests/sec
24% Binary / HTTP
7570
6122
71% 4615
2702
Your mileage may vary
20 objects 100 objects
Message size
14. Using large messages with arrays of quot;typicalquot; data
40%
34%
Size reduction
15%
Your mileage may vary
String Int Large object graph
25. Example with Cookies + Forms Auth
E.g.: ASP.NET login
Credentials
User:
YourDomain.com
Password:
Auth info (cookie)
Service calls + Auth info
Browser
26. Login through Silverlight
Call with credentials to YourDomain.com
User: ASP.NET Auth Service
Password: ASP.NET
Reply contains cookie Auth Service
Service calls + Auth info
Browser
28. Cross-Domain Threat
MyBank.com Login
Credentials
User:
MyBank.com
Password:
Auth info (e.g. cookie)
Could steal or
change data
Malicious call + Auth info if protection
wasn’t in place
Malicious application
EvilApps.com
29.
30. Identity managed by Silverlight, not the Browser
YourDomain.com
User:
Password:
Creds are added by
Silverlight, not browser
No
creds
EvilApps.com
Browser
33. <!-- WS-Security Header -->
<!-- With UserName, Password, Timestamp -->
<!-- Message Payload -->
Default max skew is 5 minutes – may require changes
(Client clock can’t be more that 5 minutes out of sync with server)
37. Simple Back-End Data Access
WCF,
SOAP
“Data Push” (Server to Client)
WCF
Mashups (Using REST APIs)
REST,
XML/JSON,
Atom/RSS
38.
39.
40. EndpointAddress address = new
EndpointAddress(quot;http://example.com/Service1.svcquot;);
CustomBinding binding = new CustomBinding(
new PollingDuplexBindingElement(),
new TextMessageEncodingBindingElement(
MessageVersion.Soap12WSAddressing10, Encoding.UTF8),
new HttpTransportBindingElement());
53. High-level components and User Code
HttpWebRequest
Browser Plugin APIs Restrictions
Web Browser
- Cookies
- Authenticated sessions Restrictions
- Caching
- Proxy server to use
Windows/Mac
Networking Layer
54. Client Client Any messages? Server Server
App Duplex Duplex App
Channel 10-15sec Channel
No messages
Any messages?
Message
Message Message
Any messages?
Client Browser Server