Crowdsourcing Cyber Security

•

0 likes•38 views

CrowdSourcing Cyber Security programs utilize the knowledge of hackers and security researchers around the world to identify vulnerabilities in systems and applications. There are several types of crowdSourced programs including hacker-powered programs where hackers research vulnerabilities and report them, bug bounty programs where researchers are rewarded for reporting vulnerabilities to programs like HackerOne and BugCrowd, and crowd contests at security conferences. Researchers can participate by learning methodologies, scanning targets, and building proof-of-concepts to report vulnerabilities for cash rewards. CrowdSourcing provides advantages like being more effective by tapping diverse expertise and keeping applications more secure without needing large in-house security teams.

Technology

CrowdSourcing Cyber Security
PRESENTED BY
TOE KHAING OO

About Me
• Student
• Programmer
• Acknowledged by ESET, Magento, Intel, HubSpot, SmartSheet …
• Contributor at OWASP Myanmar
• Organizer at Myanmar Cyber Conference
• Researcher at BugCrowd Inc.

What is this about?
• Cyber Security
• CrowdSourcing
• CrowdSourced Cyber Security Programs
• How it works?
• How to participate in crowdsourced programs?
• Benefits, Advantages and Disadvantages

Cyber Security
• Technology to protect Networks, Computers, Programs,
Applications and Data from Attack, Damage or Unauthorized access.
• Application Security
• Information Security
• Operational Security
• Awareness
• End-user Education

CrowdSourcing means
• Crowd + Outsourcing
• Working with a crowd of individual, organization or group.
• Many types of crowdsourced cyber security programs

CrowdSourced Cyber Security Programs
• Hacker-Powered CrowdSourced Programs
• CrowdSourced Vulnerability Assessment (aka) Bug Bounty Programs
• Crowd Contest Programs
• Macrotasking Crowdsourced Programs

Hacker-Powered CrowdSourced Program
• Utilizing the knowledge of hackers to keep secure.
• Hackers research latest security vulnerabilities and report to
program
• The program detects and finds the solution
• Eg : Detectify CrowdSource Program
• http://detectity.com

CrowdSourced VA Programs – Bug Bounty Programs
• Works with the global crowd of security researchers
• Identifying the vulnerabilities
• Get reward for reporting security vulnerabilities.
• HackerOne (https://hackerone.com)
• BugCrowd (https://bugcrowd.com)
• Cobalt (https://cobalt.io)
• Synack (https://synack.com)

HackerOne
• Highest payout
• 866 Programs
• 19 Million Dollars paid

BugCrowd Inc
• 50,000+ Researchers
• 100+ Programs
• Mostly Private
• Reverse Engineering, Thick
Clients, IoT include

Other Bug Bounty Program
• Facebook Bug Bounty Program
• Google VRP (Vulnerability Reward Program)
• Microsoft Bounty Program
• US Department of Defense Bug Bounty Program

Crowd Contest Program
• Like CTF (Capture The Flag) Challenges
• Companies challenges their product’s vulnerability at Cyber Security
Conferences.
• Cash Reward

How to participate?
• Learn
• Self Study
• Lab Practice
• Learn from others
• Read reports
• Ask

Methodology
• Review the scope
• Perform recon to find targets
• Scan to get additional info
• Review all the services and
applications
• Fuzz for errors to expose
vulnerabilities
• Attack vulnerabilities to build
proof-of-concepts
Review Scope
Scanning &
Testing
Reporting

Advantages of CrowdSourcing
• More effective
• Different people have different expertise
• Company no longer need to handle security team
• More secure

The document outlines the agenda for a threat modeling workshop. The workshop includes three sessions: (1) BYOTM where attendees bring their own threat models to work on together, (2) an advanced threat modeling session on applying rapid techniques in a DevOps environment, and (3) an introductory threat modeling primer. The document then provides more details on topics covered in each session, including customizing approaches to organizational needs, key threat modeling terms, and frameworks that can be used. It emphasizes the importance of focusing threat modeling efforts on adding value and keeping practices sustainable.

Key Takeaways from Instructure's Successful Bug Bounty Program

bugcrowd

NTXISSACSC2 - Next-Generation Security and the Problem of Exploitation by Mat...

North Texas Chapter of the ISSA

Thwarting the Insider Threat: Developing a Robust “Defense in Depth” Data Los...

EC-Council

This document discusses developing a robust data loss prevention strategy to thwart insider threats. It begins by noting that 64% of data loss is caused by well-meaning insiders and 50% of employees leave with data, costing companies an average of $5.4 million per breach. The document then provides definitions and an overview of data loss prevention strategies before outlining a 10-step strategy that includes identifying sensitive data owners, locating where data resides, monitoring how data is used, implementing real-time enforcement of policies, educating users, and wrapping additional security around sensitive data to prevent leaks. The goal is to safeguard organizations' most sensitive data and reputation from both unintentional and malicious insider threats.

Outpost24 webinar - Mapping Vulnerabilities with the MITRE ATT&CK Framework

Outpost24

Revitalizing Product Securtiy at Zephyr Health

bugcrowd

Zephyr Health, a quickly growing company harnessing the power of global healthcare data, has spent the last year augmenting its’ product security efforts. With Bugcrowd’s help, they have transformed their development and overarching culture to prioritize security. Bugcrowd joins Zephyr Health’s CISO, Kim Green, to hear about how she came to understand and implement crowdsourced security testing within the organization.

NTXISSACSC2 - Top Ten Trends in TRM by Jon Murphy

North Texas Chapter of the ISSA

Jon Murphy, National Practice Lead, AOS Top 10 Trends for 2015 in Information Tech Risk Management ITRM is more than merely security hardware and apps under the control of an overworked network admin. It is strategic and tactical process, technology, and people in various roles and levels working collaboratively to protect vital organizational assets like data, information, ability to delivery timely, and reputation. Organizations need continuous, current, Actionable InsightSM about probable sources of majorly impactful risks and threats. Then and only then are they adequately prepared to make the smartest investments in continuing education, process improvement, and procedures for the proper use of the right technology for their situation. This multi-media, interactive presentation will cover the current top trends for 2015 in ITRM and that Actionable InsightSM - what your organization can and should do about likely and impactful IT risks and vulnerabilities.

Session 7.3 Implementing threat intelligence systems - Moving from chaos to s...

Puneet Kukreja

Puneet Kukreja of Deloitte gave a presentation at the ISF's 26th Annual World Congress on implementing threat intelligence systems. He discussed defining threat intelligence, the threat landscape facing organizations, and challenges in threat intelligence. Kukreja also covered the threat intelligence lifecycle, standards like STIX and TAXII, using cases studies and attributes to measure threat intelligence effectiveness. The presentation emphasized that threat intelligence requires integration across security operations and is one part of an overall security strategy.

In this talk we will look at the current attacker community as well as the tactics and capabilities that are currently being leveraged against targets across the globe. We will then go into the financial mechanics behind both financial based cybercrime as well as nationstate espionage. We will touch on some of the scary capabilities of attackers and try to work thru the reason why we still aren’t seeing the broad scale destructive attacks that everyone has been predicting for years. By Jim Walter, Senior Research Scientist, Cylance

Outpost24 webinar: best practice for external attack surface management

Outpost24

This document discusses best practices for external attack surface management. It explains how digital acceleration has increased organizations' attack surfaces and defines external attack surface management. The document outlines how to categorize and assess risk for web applications and common attack vectors in retail, finance and healthcare. It concludes with recommended best practices, which include discovering all external assets, categorizing them, monitoring for changes, and implementing controls like patching, access management and security assessments.

Outpost24 webinar - A day in the life of an information security professional

Outpost24

The document discusses the importance of a full stack cyber security approach from an information security professional's perspective. It recommends scanning both external and internal networks as the first and second lines of defense, similar to an airbag and seatbelt in a car. The document also provides an overview of a product demo for a network security workflow automation tool that allows for discovery scanning, dynamic asset management, risk prioritization, and flexible reporting.

The Business Benefits of Threat Intelligence Webinar

ThreatConnect

The Businees Benefits of Threat Intelligence Take 30 minutes of your time to hear Cyber Squared Inc. CEO Adam Vincent review the need for businesses to evaluate the cost of a sophisticated threat intelligence program. Learn more about the ROI calculator that evaluates cost/benefits of threat intelligence investments and offers quantifiable financial benefits and use-cases to demonstrate the overall costs associated with data breaches, and how using threat intelligence can decrease those costs and make existing staff more efficient. Watch the full webinar here: https://attendee.gotowebinar.com/recording/7218699913172089858

Outpost24 Webinar - Common wireless security threats and how to avoid them

Outpost24

2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...

APNIC

Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...

Outpost24

ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps

UA DevOps Conference

Cyber security landscape

Jisc

The document summarizes Jisc's cyber security strategy and services. It establishes a cyber security division in 2017 to consolidate security functions. It defends against threats through incident response, investigates distributed denial of service attacks, and provides professional security services like penetration testing. It also shares threat intelligence and has a roadmap for future services around DNS, firewalls, and digital forensics.

Outpost24 webinar - Improve your organizations security with red teaming

Outpost24

Cyber Threat Intelligence: Building and maturing an intelligence program that...

Mark Arena

Using Hackers’ Own Methods and Tools to Defeat Persistent Adversaries

EC-Council

This document discusses using hackers' methods and tools to defeat persistent adversaries. It summarizes Michael Davis's background in cybersecurity and agenda for the presentation, which includes why attackers are winning, why defenders aren't keeping up, and new approaches that can solve this problem. The presentation will cover compromising users, enterprise security concerns, complexity challenges, how companies make decisions, and tools like Failure Mode and Effects Analysis (FMEA) that can help manage risk and prioritize security issues.

A New Era of Cybersecurity

Digital Transformation EXPO Event Series

Fears and fulfillment with IT security

David Strom

The document summarizes the current state of IT security based on a presentation given at an annual security conference. It discusses the typical stages of a cyber attack including phishing, ransomware, and lateral movement with fileless malware. Examples are provided of detection delays for major data breaches. Recommendations are made for improving security posture such as applying patches quickly, segmenting networks, restricting admin rights, and disabling unneeded protocols. Best practices discussed include having dedicated breach response teams, limiting IoT devices, using security automation, and vetting managed service providers. The use of SPF, DKIM, and DMARC protocols for email authentication is also recommended.

Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...

Outpost24

Mobile Application Security Threats through the Eyes of the Attacker

bugcrowd

Build or Buy: The Barracuda Bug Bounty Story [Webinar]

bugcrowd

The webinar discusses Barracuda's transition from an in-house bug bounty program to a third-party program managed by Bugcrowd. It describes how Barracuda initially built its own program in 2010, then weighed the pros and cons of switching to Bugcrowd for its scalability and to offload management of bounty payouts. The webinar outlines Barracuda's process for transitioning to Bugcrowd and how it adjusted its security team workflow and integration of bug submissions. Program stats from Bugcrowd show Barracuda paid out $27,771 on 316 submissions with an average priority of 3.5.

NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal

North Texas Chapter of the ISSA

Monty McDougal, Cyber Engineering Fellow, Intelligence, Information and Services, Raytheon Kid Proofing the Internet of Things This presentation is intended to address the unique challenges parents face in securing their home networks both against their kids and in order to protect their kids from the evils of the Internet. It is particularly focused on the problems the Internet of Things brings to us as parents.

33rd TWNIC IP OPM: Practical Incident Response & Threat Intelligence

APNIC

CNCERT International Partnership in Emergency Response Conference: Cooperatio...

APNIC

1. The document discusses the importance of cooperation and collaboration between incident response teams and network operators in the Asia Pacific region to address cyber security challenges. It emphasizes that cooperation requires mutual trust and respect. 2. Key aspects of cooperation include mitigation of incidents, sharing insights and best practices, capacity building, and peer support. This improves overall efficiency, capabilities, and maturity of responses. 3. Challenges include the need for timely and coordinated responses, ongoing awareness training, and preserving the spirit of cooperation through continuity of relationships and resources. Diversity and inclusion of new participants is also important.

The state of web applications (in)security @ ITDays 2016

Tudor Damian

The global security landscape is changing, now more than ever. With cloud computing gaining momentum and advanced persistent threats becoming a common occurrence, the industry is taking a more focused and serious approach, especially after some of last years' heavily publicized cyber breaches. Join this session for a high-level overview on the industry trends in the area of web application security, and find out why security is bound to become a hot topic in any organization developing or using web applications.

Bug bounties - cén scéal?

Ciaran McNally

Ciarán McNally is an experienced security researcher who participates in bug bounty programs. He outlines advantages of bug bounties for both security researchers and organizations. He provides tips for getting started, including focusing on newer or larger programs initially. Ciarán also describes techniques he uses for effective information gathering and vulnerability scanning at scale for bug bounty programs, such as leveraging IP address ranges and public scan data. He stresses following responsible disclosure guidelines and focusing on high quality issues.

What's hot

Exploring the Capabilities and Economics of Cybercrime

Cylance

Outpost24 webinar: best practice for external attack surface management

Outpost24

Outpost24 webinar - A day in the life of an information security professional

Outpost24

The Business Benefits of Threat Intelligence Webinar

ThreatConnect

Outpost24 Webinar - Common wireless security threats and how to avoid them

Outpost24

2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...

APNIC

Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...

Outpost24

ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps

UA DevOps Conference

Cyber security landscape

Jisc

Outpost24 webinar - Improve your organizations security with red teaming

Outpost24

Cyber Threat Intelligence: Building and maturing an intelligence program that...

Mark Arena

Using Hackers’ Own Methods and Tools to Defeat Persistent Adversaries

EC-Council

A New Era of Cybersecurity

Digital Transformation EXPO Event Series

Fears and fulfillment with IT security

David Strom

Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...

Outpost24

Mobile Application Security Threats through the Eyes of the Attacker

bugcrowd

Build or Buy: The Barracuda Bug Bounty Story [Webinar]

bugcrowd

NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal

North Texas Chapter of the ISSA

33rd TWNIC IP OPM: Practical Incident Response & Threat Intelligence

APNIC

CNCERT International Partnership in Emergency Response Conference: Cooperatio...

APNIC

What's hot (20)

Exploring the Capabilities and Economics of Cybercrime

Outpost24 webinar: best practice for external attack surface management

Outpost24 webinar - A day in the life of an information security professional

The Business Benefits of Threat Intelligence Webinar

Outpost24 Webinar - Common wireless security threats and how to avoid them

2021 CNCERT International Partnership Conference: Increasing cybersecurity pr...

Outpost24 webinar - Why asset discovery is the missing link to enterprise vul...

ІЛЛЯ ЛУБЕНЕЦЬ «DevSecOps наступний етап розвитку DevOps» GO DevOps

Cyber security landscape

Outpost24 webinar - Improve your organizations security with red teaming

Cyber Threat Intelligence: Building and maturing an intelligence program that...

Using Hackers’ Own Methods and Tools to Defeat Persistent Adversaries

A New Era of Cybersecurity

Fears and fulfillment with IT security

Outpost24 webinar - The new CISO imperative: connecting technical vulnerabili...

Mobile Application Security Threats through the Eyes of the Attacker

Build or Buy: The Barracuda Bug Bounty Story [Webinar]

NTXISSACSC2 - Kid Proofing the Internet of Things by Monty McDougal

33rd TWNIC IP OPM: Practical Incident Response & Threat Intelligence

CNCERT International Partnership in Emergency Response Conference: Cooperatio...

Similar to Crowdsourcing Cyber Security

The state of web applications (in)security @ ITDays 2016

Tudor Damian

Bug bounties - cén scéal?

Ciaran McNally

Owasp LA

leifdreizler

- Bugcrowd runs public and private bug bounty programs that incorporate up to 18,000 security researchers to test for vulnerabilities. It manages the entire process, including vulnerability submissions, payments to researchers, and communications. - Bug bounty programs have grown significantly since the mid-1990s. They allow companies to cost-effectively find security issues through crowdsourcing, while also improving developer skills and strengthening security culture. - Running a successful bug bounty requires planning, clear expectations, and ongoing management of researcher communications and payments. Companies that are new to bounties should start with lower reward amounts and focus on learning, while more mature programs offer higher rewards.

7 Bug Bounty Myths, BUSTED

bugcrowd

View this ondemand webinar here: https://pages.bugcrowd.com/7-bug-bounty-myths-busted-ondemand-webinar About the content: Despite thousands of large and small organizations running bug bounty programs, there is still a lot of fear and uncertainty about these in the cybersecurity community. In this recorded webinar we will explore 7 myths about Bug Bounty programs, the hackers who are involved, and the impact they are having on the security posture of organizations around the world. After viewing this presentation and ondemand webinar you will: 1. Learn if a bug bounty program is right for your organization 2. Understand if a bug bounty encourages hackers to attack your systems 3. Explore the real benefits of bug bounty programs – and find out if they actually work 4. Get insight on whether these programs are too hard and costly to manage

HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs

bugcrowd

Kymberlee Price's Presentation from Black Hat 2015 In this presentation, Kymberlee discusses several highly critical vulnerabilities that have been uncovered through a variety of bug bounty programs and their impact on the customers. With participation from researchers and vendors, attendees will not only see some sweet vulnerabilities broken down, but also why wading through another submission from @CluelessSec might be worth it.

Developing A Cyber Security Incident Response Program

BGA Cyber Security

This document discusses developing a cyber security incident response program. It recommends establishing a security operations center to monitor networks for attacks, anomalies and data leakage. It also recommends conducting simulations of cyber attacks to test incident response plans and using cyber threat intelligence to identify emerging threats. The document emphasizes establishing a continuous security monitoring program using tools like vulnerability scanning and threat intelligence to help prevent and respond to cyber attacks.

Web Application Security And Getting Into Bug Bounties

kunwaratul hax0r

What are the best malware removal and malware analysis companies to remove ma...

Bytecode Security

There are several reputable cybersecurity companies and organizations that specialize in malware removal and malware analysis. These companies offer a range of services to help individuals and businesses detect and remove malware from their systems, as well as analyze and understand the nature of the malware. Bytecode offers cybersecurity and malware analysis course Read more : https://www.bytec0de.com/cybersecurity/ https://www.bytec0de.com/malware-analysis-course-training-certification/

Journey to the Cloud: Securing Your AWS Applications - April 2015

Alert Logic

James Brown, Director of Cloud Computing & Security Architecture, Alert Logic covers: • The shared security model: what security you are responsible for to protect your content, applications, systems and networks vs AWS. • Overview of the OWASP Top 10 most critical web application security risks (such as SQL injections) • Best practices for how to protect your environment from the latest threats

Data mining in security: Ja'far Alqatawna

Maribel García Arenas

Ja'far Alqatawna presented on applying data mining in security. He discussed trends showing that while encryption and defenses have advanced, security incidents are increasing. Factors contributing to insecurity include new technologies, connectivity, extensibility, and complexity. Data mining can help by analyzing large security data through classification, clustering, prediction, and correlation. Alqatawna discussed applying data mining for behavioral biometrics authentication, malicious spam detection, cybercrime detection, and adaptive security. He outlined two ongoing research projects on malicious spam detection in educational email systems and on social networks.

Cyber Crimes: The next five years.

Gregory McCardle

2016 to 2021

Gregory McCardle

Practical White Hat Hacker Training - Introduction to Cyber Security

PRISMA CSI

Cyber security for business

Daniel Thomas

Cybersecurity involves protecting information systems and networks from attacks, accidents, and failures. It aims to protect corporate and national operations and assets. Some key aspects of cybersecurity include user accounts, configuration management, contingency plans, mobile device security, and incident response. Common cyber threats include viruses, hackers, identity theft, and spyware/adware. Basic cybersecurity actions people can take include installing updates, running antivirus software, using firewalls, avoiding spyware, backing up files, and protecting passwords. Education about cybersecurity risks and proper security practices is important for users at home and work.

Owasp Summit - Wednesday evening briefing master

Dinis Cruz

The document discusses several security-related topics including promoting the OWASP Orange Saft tool, outcomes from a security guidance stakeholder meeting, feedback for improving security guidance in IDEs, topics to cover in a new CISO guide, questions to include in the guide, securing GitHub integration, an incident response playbook, and a CISO round table discussion. It also summarizes outcomes from several breakout groups at an OWASP event on threat modeling, application security curriculum design, and infosec warranties and guarantees.

Security Culture from Concept to Maintenance: Secure Software Development Lif...

Dilum Bandara

The document discusses implementing a Secure Software Development Lifecycle (SDLC) to help organizations build more secure software. It describes the key steps in the SDL process, including requirements, design, implementation, verification, release and response. Implementing an SDL can help minimize security issues and related costs through practices like threat modeling, secure coding and security testing throughout the development cycle. The challenges of adoption and ways to build a security culture are also addressed.

Use Combinatorial Testing for Mobile Device Fragmentation

Josiah Renaudin

A common problem in mobile systems testing is the number of hardware, operational, and software configurations that need to be tested. For example, the so-called Android fragmentation problem might lead a test team to test hundreds of device and software configurations, yielding thousands or even tens-of-thousands of tests. A branch of mathematics, called combinatorics, and associated tools exist that allow teams to minimize the number of test cases required, while assuring high error finding percentages. Jon Hagar defines the fragmentation problem and then examines test patterns supported by tools that can help improve testing success. Jon outlines how combinatorial test patterns can be applied to other testing situations. To solve real-world fragmentation problems, he identifies specific tools, which you can take back to your project for quick use. Reference work and data are provided to help your team justify adding combinatorial testing to your mobile test activities.

Bug bounty

Ramin Farajpour Cami

This document discusses bug bounty programs, which allow individuals to receive recognition and compensation for reporting software bugs and vulnerabilities to organizations. It provides examples of major companies that run public bug bounty programs, including Facebook, Google, and Microsoft. The history of bug bounty programs is traced back to 1995 when Netscape launched the first program. Guidelines are provided for researchers on getting started with bug bounty programs and the types of programs that exist.

Cyber Security - awareness, vulnerabilities and solutions

inLabFIB

This document discusses cybersecurity awareness, vulnerabilities, and solutions. It begins by outlining threats to IoT/ICS/SCADA systems from actors like script kiddies, gray hats, black hats, and state-sponsored groups. Common threats include DDoS attacks and exploiting vulnerabilities in device access controls and software updates. The document then examines solutions like developing response and recovery plans, conducting risk assessments, implementing security controls, and obtaining external cybersecurity support. It emphasizes the importance of cybersecurity awareness training, continuous monitoring, and establishing cooperation between organizations.

ShiftGearsWithInformationSecurity.pdf

Steven Carlson

This talk will be focused on discussing war stories from a product architect/engineer who lives within an information security department and is passionate about driving change. Attendees will get to experience a few different routes that have lead to success and others that might need to avoided. As an ever-evolving space, when reducing risk and deploy safe products to the market, we all have to find the correct gear to get us down the road.

Similar to Crowdsourcing Cyber Security (20)

The state of web applications (in)security @ ITDays 2016

Bug bounties - cén scéal?

Owasp LA

7 Bug Bounty Myths, BUSTED

HI THIS IS URGENT PLZ FIX ASAP: Critical Vunlerabilities and Bug Bounty Programs

Developing A Cyber Security Incident Response Program

Web Application Security And Getting Into Bug Bounties

What are the best malware removal and malware analysis companies to remove ma...

Journey to the Cloud: Securing Your AWS Applications - April 2015

Data mining in security: Ja'far Alqatawna

Cyber Crimes: The next five years.

2016 to 2021

Practical White Hat Hacker Training - Introduction to Cyber Security

Cyber security for business

Owasp Summit - Wednesday evening briefing master

Security Culture from Concept to Maintenance: Secure Software Development Lif...

Use Combinatorial Testing for Mobile Device Fragmentation

Bug bounty

Cyber Security - awareness, vulnerabilities and solutions

ShiftGearsWithInformationSecurity.pdf

Recently uploaded

Full-RAG: A modern architecture for hyper-personalization

Zilliz

Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.

Programming Foundation Models with DSPy - Meetup Slides

Zilliz

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU

panagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/ DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen! Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell. Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten. Diese Themen werden behandelt - Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten - Wie funktionieren CCB- und CCX-Lizenzen wirklich? - Verstehen des DLAU-Tools und wie man es am besten nutzt - Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw. - Praxisbeispiele und Best Practices zum sofortigen Umsetzen

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Neo4j

Infrastructure Challenges in Scaling RAG with Custom AI models

Zilliz

Building Retrieval-Augmented Generation (RAG) systems with open-source and custom AI models is a complex task. This talk explores the challenges in productionizing RAG systems, including retrieval performance, response synthesis, and evaluation. We’ll discuss how to leverage open-source models like text embeddings, language models, and custom fine-tuned models to enhance RAG performance. Additionally, we’ll cover how BentoML can help orchestrate and scale these AI components efficiently, ensuring seamless deployment and management of RAG systems in the cloud.

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Presentation of the OECD Artificial Intelligence Review of Germany

innovationoecd

みなさんこんにちはこれ何文字まで入るの？40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの？えこ...

名前です男

“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...

Edge AI and Vision Alliance

For the full video of this presentation, please visit: https://www.edge-ai-vision.com/2024/06/building-and-scaling-ai-applications-with-the-nx-ai-manager-a-presentation-from-network-optix/ Robin van Emden, Senior Director of Data Science at Network Optix, presents the “Building and Scaling AI Applications with the Nx AI Manager,” tutorial at the May 2024 Embedded Vision Summit. In this presentation, van Emden covers the basics of scaling edge AI solutions using the Nx tool kit. He emphasizes the process of developing AI models and deploying them globally. He also showcases the conversion of AI models and the creation of effective edge AI pipelines, with a focus on pre-processing, model conversion, selecting the appropriate inference engine for the target hardware and post-processing. van Emden shows how Nx can simplify the developer’s life and facilitate a rapid transition from concept to production-ready applications.He provides valuable insights into developing scalable and efficient edge AI solutions, with a strong focus on practical implementation.

Serial Arm Control in Real Time Presentation

tolgahangng

Driving Business Innovation: Latest Generative AI Advancements & Success Story

Safe Software

Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency. During the hour, we’ll take you through: Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board. Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes. Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI. We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI. This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Video Streaming: Then, Now, and in the Future

Alpen-Adria-Universität

In his public lecture, Christian Timmerer provides insights into the fascinating history of video streaming, starting from its humble beginnings before YouTube to the groundbreaking technologies that now dominate platforms like Netflix and ORF ON. Timmerer also presents provocative contributions of his own that have significantly influenced the industry. He concludes by looking at future challenges and invites the audience to join in a discussion.

“I’m still / I’m still / Chaining from the Block”

Claudio Di Ciccio

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?

Speck&Tech

ABSTRACT: A prima vista, un mattoncino Lego e la backdoor XZ potrebbero avere in comune il fatto di essere entrambi blocchi di costruzione, o dipendenze di progetti creativi e software. La realtà è che un mattoncino Lego e il caso della backdoor XZ hanno molto di più di tutto ciò in comune. Partecipate alla presentazione per immergervi in una storia di interoperabilità, standard e formati aperti, per poi discutere del ruolo importante che i contributori hanno in una comunità open source sostenibile. BIO: Sostenitrice del software libero e dei formati standard e aperti. È stata un membro attivo dei progetti Fedora e openSUSE e ha co-fondato l'Associazione LibreItalia dove è stata coinvolta in diversi eventi, migrazioni e formazione relativi a LibreOffice. In precedenza ha lavorato a migrazioni e corsi di formazione su LibreOffice per diverse amministrazioni pubbliche e privati. Da gennaio 2020 lavora in SUSE come Software Release Engineer per Uyuni e SUSE Manager e quando non segue la sua passione per i computer e per Geeko coltiva la sua curiosità per l'astronomia (da cui deriva il suo nickname deneb_alpha).

How to Get CNIC Information System with Paksim Ga.pptx

danishmna97

UiPath Test Automation using UiPath Test Suite series, part 6

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI. UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities. Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes. What will you get from this session? 1. Insights into integrating generative AI. 2. Understanding how this integration enhances test automation within the UiPath platform 3. Practical demonstrations 4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath Topics covered: What is generative AI Test Automation with generative AI and Open AI. UiPath integration with generative AI Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

HCL Notes and Domino License Cost Reduction in the World of DLAU

panagenda

Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-and-domino-license-cost-reduction-in-the-world-of-dlau/ The introduction of DLAU and the CCB & CCX licensing model caused quite a stir in the HCL community. As a Notes and Domino customer, you may have faced challenges with unexpected user counts and license costs. You probably have questions on how this new licensing approach works and how to benefit from it. Most importantly, you likely have budget constraints and want to save money where possible. Don’t worry, we can help with all of this! We’ll show you how to fix common misconfigurations that cause higher-than-expected user counts, and how to identify accounts which you can deactivate to save money. There are also frequent patterns that can cause unnecessary cost, like using a person document instead of a mail-in for shared mailboxes. We’ll provide examples and solutions for those as well. And naturally we’ll explain the new licensing model. Join HCL Ambassador Marc Thomas in this webinar with a special guest appearance from Franz Walder. It will give you the tools and know-how to stay on top of what is going on with Domino licensing. You will be able lower your cost through an optimized configuration and keep it low going forward. These topics will be covered - Reducing license cost by finding and fixing misconfigurations and superfluous accounts - How do CCB and CCX licenses really work? - Understanding the DLAU tool and how to best utilize it - Tips for common problem areas, like team mailboxes, functional/test users, etc - Practical examples and best practices to implement right away

Mind map of terminologies used in context of Generative AI

Kumud Singh

Recently uploaded (20)

Full-RAG: A modern architecture for hyper-personalization

Programming Foundation Models with DSPy - Meetup Slides

Uni Systems Copilot event_05062024_C.Vlachos.pdf

HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU

GraphSummit Singapore | Neo4j Product Vision & Roadmap - Q2 2024

Infrastructure Challenges in Scaling RAG with Custom AI models

National Security Agency - NSA mobile device best practices

Presentation of the OECD Artificial Intelligence Review of Germany

“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...

Serial Arm Control in Real Time Presentation

Driving Business Innovation: Latest Generative AI Advancements & Success Story

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Video Streaming: Then, Now, and in the Future

“I’m still / I’m still / Chaining from the Block”

Cosa hanno in comune un mattoncino Lego e la backdoor XZ?

How to Get CNIC Information System with Paksim Ga.pptx

UiPath Test Automation using UiPath Test Suite series, part 6

HCL Notes and Domino License Cost Reduction in the World of DLAU

Mind map of terminologies used in context of Generative AI

Crowdsourcing Cyber Security

1. CrowdSourcing Cyber Security PRESENTED BY TOE KHAING OO

2. About Me • Student • Programmer • Acknowledged by ESET, Magento, Intel, HubSpot, SmartSheet … • Contributor at OWASP Myanmar • Organizer at Myanmar Cyber Conference • Researcher at BugCrowd Inc.

3. What is this about? • Cyber Security • CrowdSourcing • CrowdSourced Cyber Security Programs • How it works? • How to participate in crowdsourced programs? • Benefits, Advantages and Disadvantages

4. What is Cyber Security?

5. Cyber Security • Technology to protect Networks, Computers, Programs, Applications and Data from Attack, Damage or Unauthorized access. • Application Security • Information Security • Operational Security • Awareness • End-user Education

6. What is CrowdSourcing?

7. CrowdSourcing means • Crowd + Outsourcing • Working with a crowd of individual, organization or group. • Many types of crowdsourced cyber security programs

8. CrowdSourced Cyber Security Programs • Hacker-Powered CrowdSourced Programs • CrowdSourced Vulnerability Assessment (aka) Bug Bounty Programs • Crowd Contest Programs • Macrotasking Crowdsourced Programs

9. Hacker-Powered CrowdSourced Program • Utilizing the knowledge of hackers to keep secure. • Hackers research latest security vulnerabilities and report to program • The program detects and finds the solution • Eg : Detectify CrowdSource Program • http://detectity.com

10. CrowdSourced VA Programs – Bug Bounty Programs • Works with the global crowd of security researchers • Identifying the vulnerabilities • Get reward for reporting security vulnerabilities. • HackerOne (https://hackerone.com) • BugCrowd (https://bugcrowd.com) • Cobalt (https://cobalt.io) • Synack (https://synack.com)

11. HackerOne • Highest payout • 866 Programs • 19 Million Dollars paid

12. BugCrowd Inc • 50,000+ Researchers • 100+ Programs • Mostly Private • Reverse Engineering, Thick Clients, IoT include

13. Other Bug Bounty Program • Facebook Bug Bounty Program • Google VRP (Vulnerability Reward Program) • Microsoft Bounty Program • US Department of Defense Bug Bounty Program

14. Crowd Contest Program • Like CTF (Capture The Flag) Challenges • Companies challenges their product’s vulnerability at Cyber Security Conferences. • Cash Reward

15.

16. How to participate? • Learn • Self Study • Lab Practice • Learn from others • Read reports • Ask

17. Methodology • Review the scope • Perform recon to find targets • Scan to get additional info • Review all the services and applications • Fuzz for errors to expose vulnerabilities • Attack vulnerabilities to build proof-of-concepts Review Scope Scanning & Testing Reporting

18. Benefits for participating • Earn • Freelance/Part Time Job • Better Profile • Better Experience • Fun

19. Advantages of CrowdSourcing • More effective • Different people have different expertise • Company no longer need to handle security team • More secure

20. Thanks for your attention

Crowdsourcing Cyber Security

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Crowdsourcing Cyber Security

Similar to Crowdsourcing Cyber Security (20)

Recently uploaded

Recently uploaded (20)

Crowdsourcing Cyber Security