Cryptography In The Browser Using JavaScript

•

1 like•2,042 views

barysteyn

The lecture that I gave at the Toronto JavaScript meetup regarding cryptography in the browser using JavaScript

JavaScript Crypto In The Browser

Barry Steyn

barry.steyn@gmail.com

March 2013

Barry Steyn JavaScript Crypto In The Browser March 2013 1/9

Overview

1 What Is Cryptography
Deﬁnition
2 Cryptography In The Browser: Pros and Cons
The Pros
3 Cryptography In The Browser: Pros and Cons
The Cons
4 Cryptographic Jargon
Some Jargon
5 Block Ciphers, MACs And Key Derivation Functions
Three Important Constructions
6 The Stanford JavaScript Cryptographic Library
A quick Intro
A Demo

Barry Steyn JavaScript Crypto In The Browser March 2013 2/9

Cryptography: A Deﬁnition

Wikipedia Deﬁnition
Cryptography is the practice and study of techniques for secure
communication in the presence of third parties.

Cryptography = Computer Security
Cryptographic communication relies upon trust:
Examples: You trust the other party you are communicating with, You
trust a certiﬁcate authority etc
The less entities that you need to trust, the better the security
Therefore, a good cryptographic protocol trusts as little as
possible

Barry Steyn JavaScript Crypto In The Browser March 2013 3/9

Cryptography In The Browser: Pros

Why Would One Want To Do Crypto In JavaScript On The Client
Encrypted peer-to-peer communication
Users can trust less by ensuring all crypto is done locally
A JavaScript interpreter is available on most internet devices

Barry Steyn JavaScript Crypto In The Browser March 2013 4/9

Cryptography In The Browser: Cons

Unfortunately, Crypto Security In The Browser Is Unknown At Best,
And Insecure At Worst
Here are three reasons why
1 You need to download the JS crypto library from a trusted source
The less trust, the better the security.
2 A browser is not a good environment for crypto.
3 JavaScript’s maliability is great for scripting, terrible for crypto
security.
4 For more info, check at
http://www.matasano.com/articles/javascript-cryptography
You Have Been Warned!!!

Barry Steyn JavaScript Crypto In The Browser March 2013 5/9

Cryptography: Some Jargon

Encryption and Decryption
Encryption Transforms a message that is in plain-text to cipher-text
Decryption Transforms a cipher-text message to the original
plain-text
Encryption takes two inputs
Key - kept secret
Plain-text Message
Decryption takes two inputs
Key - kept secret
cipher-text message - note that this is not secret, but is only useful
if one knows the secret key

Barry Steyn JavaScript Crypto In The Browser March 2013 6/9

Cryptography: Block Cipher and Key Derivation
Block Cipher - The workhorse of the cryptographic world
Input - n byte message
Output - n byte cipher
Example block cipher: AES. Input and output is 16 bytes (128 bits)
MAC - Message Authenticating Code
A MAC guarantees message integrity
Key Derivation Function
A key is normally derived from something a human should
remember - for example, a password
A key derivation function makes storage safer - It does this by
doing three things:
1 Passwords are hashed so as not to store them in plain text.
2 Passwords are salted to make them more secure against a rainbow
attack.
3 Key derivation is purposfully slow! Therefore, superior harware (should
in theory) struggle.
Barry Steyn JavaScript Crypto In The Browser March 2013 7/9

SJCL

So you still want to use crypto in the browser?
Then use The Stanford JavaScript Crypto Library
1 Its authors are hardcore cryptographers, led by Prof. Dan Boneh of
Stanford University (who personally had a hand in writing the library).
2 It is easy to use, and it tries to make things as secure as possible
while adhering to ease of use.
3 Its small (6.4 KB compressed)

Barry Steyn JavaScript Crypto In The Browser March 2013 8/9

SJCL - A Demo

Demo

Barry Steyn JavaScript Crypto In The Browser March 2013 9/9

The open source TodoMVC project implements a Todo application using popular JavaScript MV* frameworks. Some of the implementations add support for compile to JavaScript languages, module loaders and real time backends. This presentation will demonstrate a TodoMVC implementation which adds support for the forthcoming W3C Web Cryptography API, as well as review some key cryptographic concepts and definitions. Instead of storing the Todo list as plaintext in localStorage, this "secure" TodoMVC implementation encrypts Todos using a password derived key. The PBKDF2 algorithm is used for the deriveKey operation, with getRandomValues generating a cryptographically random salt. The importKey method sets up usage of AES-CBC for both encrypt and decrypt operations. The final solution helps address item "A6-Sensitive Data Exposure" from the OWASP Top 10. With the Web Cryptography API being a recommendation in 2014, any Q&A time will likely include browser implementations and limitations, and whether JavaScript cryptography adds any value.

Developer's Guide to JavaScript and Web Cryptography

Kevin Hakanson

The increasing capabilities and performance of the web platform allow for more feature-rich user experiences. How can JavaScript based applications utilize information security and cryptography principles? This session will explore the current state of JavaScript and Web Cryptography. We will review some basic concepts and definitions, discuss the role of TLS/SSL, show some working examples that apply cryptography to real-world use cases and take a peek at the upcoming W3C WebCryptoAPI. Code samples will use CryptoJS in the browser and the Node.js Crypto module on the server. An extended example will secure the popular TodoMVC project using PBKDF2 for key generation, HMAC for data integrity and AES for encryption.

Hashgraph vs Blockchain | Hedera Hashgraph Tutorial | Hashgraph Technology | ...

Edureka!

Web Apps vs Blockchain dApps (Smart Contracts): tools, vulns and standards

SecuRing

Last year at AppSec EU I had a presentation about the Ethereum smart contracts and did a technical showcase of some of their potential vulnerabilities and security flaws. I also presented my proposition on how to handle the responsible disclosure process in the smart contracts world. This year I want to focus on the whole process of security testing and present it by analogies to the web applications which are quite well-known. Smart contracts are described as Web3 decentralized apps and I believe that my talk will not only bring new light on this subject but will also help to understand and organize the way of testing. I am going to cover the whole SDLC and show the similarities and differences between the smart contracts and web applications on each step. The presented overview is especially important nowadays when the biggest companies are building their own blockchain platforms and cryptocurrencies – i.e. Libra introduced by Facebook (which by the way also supports smart contracts). I am also going to show the differences in the arsenal of vulnerabilities, security tools and standards by the analogy to web apps arsenal. I think that, even though there exist a lot of great security projects for smart contracts, we do not have a single, widely accepted security standard (such as ASVS in web apps world). I would like to discuss potential work that needs to be done in that area and show my preliminary work on that matter. After this presentation audience will know what are the similarities and differences between smart contracts and web apps in the SDLC, an arsenal of tools and standards, but also will have a fresh overview of possible options and current trends.

WebApps vs Blockchain dApps (SmartContracts): tools, vulns and standards

SecuRing

The presentation focuses on the whole process of security testing and present it by analogies to the web applications which are quite well-known. It covers the whole SDLC and show the similarities and differences in the arsenal of vulnerabilities, security tools and standards between the smart contracts and web applications on each step. Even though there exist a lot of great security projects for smart contracts, we do not have single, widely accepted security standard (such as ASVS in web apps world). That is why we introduce SCSVS (Smart Contract Security Verification Standard), a open-source 13-part checklist created to standardize the security of smart contracts for developers, architects, security reviewers and vendors.

Bandit and Gosec - Security Linters

EricBrown328

WebGoat.SDWAN.Net in Depth: SD-WAN Security Assessment

Sergey Gordeychik

Denis Kolegov, Oleg Broslavsky, Power of Community 2018, Seoul, Korea Today, «SD-WAN» is a very hot and attractive topic. Software-defined WAN (SD-WAN) is a technology based on software-defined network (SDN) approach applied to wide area networks (WAN) in enterprise networks. According to Gartner’s predictions study, more than 50% of routers will be replaced with SD-WAN solutions by 2020. In this presentation, we disclose a set of vulnerabilities in widespread and most popular SD-WAN products including Citrix NetScaler and Silver Peak EdgeConnect. We present the new results of our research, consider some technical details of the insecure design and found vulnerabilities, and describe different attack scenarios that may allow an attacker to compromise SD-WAN control and data planes.

Author: Jakub Kaluzny Let's talk about large-scale security programmes and maintaining security with tens of project teams - agile or waterfall, in-house or outsourced. I will discuss how to effectively track security requirements, organise threat modelling sessions, log output from those and translate it into penetration testing scope and test cases. We will dive deep into evil brainstorming, come up with abuser stories for each user story and define what makes the SDLC process secure or not. This talk is based on my work with different organisations in multiple countries and observations what works well in regards to security at scale and what does not.

Network Security and Cryptography.pdf

AdityaKumar1548

Web Security.pdf

AdityaKumar1548

Web security: Securing untrusted web content at browsers

Phú Phùng

Improving privacy in blockchain using homomorphic encryption

Razi Rais

Build your own Blockchain with the right tool for your application

Anthony Chow

Building & Hacking Modern iOS Apps

SecuRing

After my offensive presentation "Testing iOS Apps without Jailbreak in 2018" it is time to focus also on building not just breaking. This talk will cover the most important milestones in reaching secure iOS/macOS apps. I'm going to show you how to develop modern & secure iOS/macOS apps using new security features presented at the latest Apple's Worldwide Developers Conference. Hackers will be satisfied as well, since I'm going to cover also pen tester's perspective. What's more - I will share with you details of multiple vulnerabilities (*including not disclosed previously*) that I found during security assessments and my research of Apple's applications.

Understanding gRPC Authentication Methods

Anthony Chow

CONFidence 2018: Defense-in-depth techniques for modern web applications and ...

PROIDEA

In this presentation, we show promising new defense-in-depth techniques to protect modern web applications from old and new classes of bugs: Suborigins to have finer-grained control over origin boundaries, Site Isolation and XSDB against Spectre and Meltdown attacks, and last but not least Origin and Feature Policy. In addition to that, we explain new features of the upcoming CSP 3 specification like 'unsafe-hashed-attributes' and give an overview of how we were able to enforce CSP as a strong mitigation against cross-site scripting on over 50% of production web traffic at Google. With increased adoption new challenges arise: dealing with CSP report noise - generated by buggy browsers, extensions, malware and security software - devising an effective monitoring infrastructure, and keeping on top of bypassing techniques. In this presentation we reveal how our internal CSP infrastructure works and how we solved problems, share our experience, show real-world examples, best practices and common pitfalls. Finally, we hint at a new promising web mitigation technique, which we hope to see gaining traction in the near future: Suborigins.

Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...

Codemotion

The dark-web including TOR, FreeNet and I2P, is that part of the Internet that is not indexed by traditional search engines and where anonymity and confidentiality is enforced at the root. For these characteristics, cyber- criminals started abusing the dark-web to conduct illicit or malicious activities like illegal trading, malware hosting, and more recently targeted attacks. In this talk, we explore the cyber-criminal ecosystem in the dark-web and provides insights on its activities against hidden services and other users.

The 2nd Official W3C DID Working Group Meeting (The Netherlands)

SSIMeetup

https://ssimeetup.org/did-report-2-2nd-official-w3c-did-working-group-meeting-netherlands-drummond-reed-markus-sabadello-webinar-45/ The DID Report 2 about the Second Meeting of the W3C DID Working Group with Drummond Reed and Markus Sabadello from Danube Tech, co-authors of the W3C DID specification. DID spec co-author Drummond Reed and Markus Sabadello will report back from Amsterdam (The Netherlands) for the second official meeting of the W3C DID Working Group taking place from January 29-31, 2020 to share highlights of the meeting and the roadmap for taking DIDs to a full Web standard. This session will be followed one hour later by a full DID education session based on the DID chapter published with Manning by IdentityBook.info authors Drummond Reed, Markus Sabadello and Alex Preukschat. If you want to learn all the basics about DIDs please also join this session here: Webinar 46

Introduction to Web Application Security - Blackhoodie US 2018

Niranjanaa Ragupathy

This slide deck is structured to start from the basics of web application security and explores common web attacks. The first half is packed with theory, while we are all for jumping into exercises having a solid grasp of the fundamentals will be crucial to your success in webappsec. The deck dives into XSS, CSRF and SQL injections. It briefly outlines others like XXE, SSRF, logic errors, broken session management, and so on.

Dev and Blind - Attacking the weakest Link in IT Security

Mario Heiderich

The developer is an easy and valuable target for malicious minds. The reasons for that are numerous and hard to come by. This talk delivers examples, proof, discussion and awkward moments in a pretty special way. Everybody hates developers – especially web developers. And why not? The cracks and crevices of their APIs and implementations are the reason that vulnerabilities in web applications are still a widespread issue – and will continue to be in the foreseeable future. Bashing and blaming them for their wrongdoings is fun – boy, they are stupid in their mistakes! But has anyone ever dared to have an open on stage battle with an actual developer? And who of the developers dares to face their collective nemesis – the attacker? Can there be life where matter and anti-matter collide? We will know about this soon – because this is what this talk is going to be about. Developer versus attacker – vulnerability versus defense. Be prepared for swearing, violence and people leaving the stage prematurely in tears.

Getting Started in Blockchain Security and Smart Contract Auditing

Beau Bullock

Why is blockchain security important? Blockchain usage has exploded since the Bitcoin whitepaper was first published in 2008. Many applications rely on this technology for increased trust and privacy, where they would otherwise be absent from a centralized system. The ecosystem surrounding blockchain technology is large, complex, and has many moving pieces. Exchanges exist where users can transact various cryptocurrencies, NFTs, and tokens. Smart contracts can be written to programmatically apply behavior to blockchain transactions. Decentralized Finance (DeFi) markets exist where users can swap tokens without needing to sign up for an account. All of these pieces are prone to vulnerabilities, and with blockchain being at the forefront of emerging technology new issues are being found daily. In this Black Hills Information Security (BHIS) webcast, we'll use case studies about recent blockchain hacks to introduce the underlying issues that occur in writing/engineering smart contracts that have ultimately lead to the loss of millions of dollars to attackers.

Passwords

Kevin OBrien

Superhelt 2013-screen

Henrik Kramshøj

Privacy is a UX problem (David Dahl)

Future Insights

Session slides from Future Insights Live, Vegas 2015: https://futureinsightslive.com/las-vegas-2015/ So many network intrusions, so many email spools made public. Remember HBGary, Stratfor, 'The Fappening', Sony Pictures hacks? How about the Snowden Files? The potential liabilities of communicating in plain text has become too expensive to continue to do so. Zero-Knowledge systems can be made useful, elegant even. The problem with putting privacy first in our communications tools is that most of the existing privacy applications were created by crypto-nerds, most of whom have never overlapped with the world of UX. In this talk, Privacy will be put at the core of application design by way of new metaphors for arcane cryptography jargon (that few endusers understand). Using frameworks and services created for this new 'privacy first' era, your application can be built in a way that removes liability, is regulatory-compliant and elegant.

What's hot

OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining

OWASP

[OPD 2019] Attacking JWT tokens

OWASP

Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...

SecuRing

Continuous Security in Pipelines

Thoughtworks

Identity and Access Management At Mozilla

Michael Van Kleeck

Let's get evil - threat modeling at scale

SecuRing

Network Security and Cryptography.pdf

AdityaKumar1548

Web Security.pdf

AdityaKumar1548

Web security: Securing untrusted web content at browsers

Phú Phùng

Improving privacy in blockchain using homomorphic encryption

Razi Rais

Build your own Blockchain with the right tool for your application

Anthony Chow

Building & Hacking Modern iOS Apps

SecuRing

Understanding gRPC Authentication Methods

Anthony Chow

CONFidence 2018: Defense-in-depth techniques for modern web applications and ...

PROIDEA

Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...

Codemotion

The 2nd Official W3C DID Working Group Meeting (The Netherlands)

SSIMeetup

Introduction to Web Application Security - Blackhoodie US 2018

Niranjanaa Ragupathy

Dev and Blind - Attacking the weakest Link in IT Security

Mario Heiderich

Getting Started in Blockchain Security and Smart Contract Auditing

Beau Bullock

Passwords

Kevin OBrien

What's hot (20)

OWASP Poland Day 2018 - Amir Shladovsky - Crypto-mining

[OPD 2019] Attacking JWT tokens

Outsmarting Smart Contracts - an essential walkthrough a blockchain security ...

Continuous Security in Pipelines

Identity and Access Management At Mozilla

Let's get evil - threat modeling at scale

Network Security and Cryptography.pdf

Web Security.pdf

Web security: Securing untrusted web content at browsers

Improving privacy in blockchain using homomorphic encryption

Build your own Blockchain with the right tool for your application

Building & Hacking Modern iOS Apps

Understanding gRPC Authentication Methods

CONFidence 2018: Defense-in-depth techniques for modern web applications and ...

Marco Balduzzi - Cyber-crime and attacks in the dark side of the web - Codemo...

The 2nd Official W3C DID Working Group Meeting (The Netherlands)

Introduction to Web Application Security - Blackhoodie US 2018

Dev and Blind - Attacking the weakest Link in IT Security

Getting Started in Blockchain Security and Smart Contract Auditing

Passwords

Similar to Cryptography In The Browser Using JavaScript

Superhelt 2013-screen

Henrik Kramshøj

Privacy is a UX problem (David Dahl)

Future Insights

Crypto workshop part 3 - Don't do this yourself

hannob

Crypto failures every developer should avoid

OwaspCzech

Crypto failures every developer should avoidFilip Šebesta

5 ways

OliviaJune1

Cryptocurrency is a fantastic payment option that differs from traditional cash in many ways. In any event, it faces a range of issues and dangers connected to cryptocurrency security, such as cyber assaults, phishing, and so on, since it is subject to the fewest regulations and standards. As a result, if you use cryptocurrencies, you should exercise care and get familiar with all of the methods available to safeguard the security of your bitcoin wallet.

Securing Database Passwords Using a Combination of hashing and Salting Techni...

Fego Ogwara

Highly Secure Cryptography Algorithm Method to Safeguard Audios and Visuals

ijcisjournal

Internet hacking has become common now a days and is increasing day by day. It is a high time to safeguard our data. There are several cryptographic methods and algorithms that are evolved and already exist. How about additional protection makes us stress free? In this paper, I present a unique design of cryptographic algorithm which is specifically designed for Auditory cryptography and visual cryptography to make the encryption and decryption technique stronger. The purpose is to make it very difficult to decode the file when an unauthorized user accesses the data. This algorithm is a combination of multiple techniques such as Ant Algorithm, Logical Gates Technique, Dual authorization PINs, Indexed Arrays. Combination of these techniques makes the algorithm unique and strong to secure the data. This research was implemented on audio files, images and video files. The study of the result shows effective way of masking the data as it is hard to decode without PINs. Also, performance of the algorithm is efficient during encryption and decryption process.

HIGHLY SECURE CRYPTOGRAPHY ALGORITHM METHOD TO SAFEGUARD AUDIOS AND VISUALS

ijcisjournal

HIGHLY SECURE CRYPTOGRAPHY ALGORITHM METHOD TO SAFEGUARD AUDIOS AND VISUALS

ijdms

HIGHLY SECURE CRYPTOGRAPHY ALGORITHM METHOD TO SAFEGUARD AUDIOS AND VISUALS

ijcisjournal

Inscibe and SqueezeAyush Kejriwal

Secure by Default Web Applications with Apache Sling

Robert Munteanu

A product that works is not done, as there are many facets to consider – availability, scalability, security. Of those, security is probably the most expensive to get wrong. By analysing a simple web application built on top of Apache Sling and its threat model, we will review the main attack vectors and how they can be mitigated. You will see what the general approaches are and also how Apache Sling allows you to eliminate entire classes of vulnerabilities by using secure-by-default components. Although we will use Apache Sling for examples, previous knowledge of Sling or its components is not required.

Linux confau 2019: Web Security 2019

James Bromberger

20 years of web cryptography, and its amazing how frequently its configured sub-optimally. We've had numerous encryption algorithms, digests, protocols come, and should have GONE, but everyone has just left them on. Its time to shut out the legacy browser. The vast majority of the worlds browser install base now auto-updates, and with strict (and prescriptive) compliance in force, we get to drop the bloat form the past. In this talk we'll cover the current TRANSITIONS we're going through from a web admins perspective: TLS, Cipher Suites, HTTP Security Headers, CAs, the move to an encrypted-by-default web, and more.

CCPA (California Consumer Privacy Act) Tips For Software Developers and Managers

Adam Sbeta

You can NO LONGER prevent a cyber attack, but you CAN prevent the business impact and cost. What costs money is the breach, not the attack in itself. "Secure Your Bottom Line: The Forgotten Cybersecurity Battleground" was a presentation given at the 2019 Silicon Valley Code Camp CyberCrimeExperts.org to help software developers secure the weakest link, their own devices. It's also a call to assist in implanting a new generation that is aware of the drastic affect of default passwords to incentive them to design sourcecode and IoT devices that don't have such a master key nor default password that is not enforced to change. MAIN TAKEAWAYS: * Espionage has moved from physical to stealing technology to copy (like the Chinese J31 program and commercial C919) * Don't store master keys or any passwords in your github or source code. Stored encrypted is better, but not having either is best. * Stolen passwords is everywhere, which makes cloud not that secure if you are reusing passwords or your own computer is not secure (regardless of your IT's efforts). 94% of data breaches had an Antivirus (not Next Generation Endpoint Protection with Intrusion Prevention System) and a high-end Firewall. Github ransomcloud had developers either pay the ransom or risk having their sourcecode published as open-source :( * A few tools to protect your source code or storing you device's processes in a database to query for any anomalies (if you love databases) * Default passwords on routers allowed one group to take over 500,000 US home routers and redirect DNS requests, and taking over 10s of millions of IoT devices with default passwords attacked the internet in 2016. The bad guys have a lot more power now! So stop developing devices with default passwords, and think twice before plugging anything to the network or your machine. * Don't write passwords in spreadsheets and on your computer. They're safer on a paper, but not on your screen! Try password managers for passwords you use the most, but understand what tool you're using and secure that very well. * Make sure your laptop is encrypted, a stolen or lost laptop can cause a data breach. * Passwords are so cheap on the dark web, know what your have out there. * Wifi devices connect to the strongest link. Use hotspot from your phone instead of public wifis, or at least use a know VPN and not the cheapest (you paying them to store your traffic). * Validate phone encryption and privacy, know what apps you're installing on work phones regardless of how famous they are. We are looking for companies to perform research on new phone privacy techniques. * CCPA (The California Consumer Privacy Act) is due in January 2020 and most companies haven't even heard about it. As a non-profit, we are looking for companies to have open dialog about ways to reduce an impact of a cyber attack or data breach. It is similar to GDPR, and enforcement can be either by the Attorney General or class-action lawsuit.

PGP.ppt

ssuserec53e73

Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques

Trend Micro

Cryptolocker

Cysinfo Cyber Security Community

Understanding CryptoLocker (Ransomware) with a Case Study

securityxploded

Secure Mail Application's by Ashok Panwar

Ashok Panwar

Similar to Cryptography In The Browser Using JavaScript (20)

Superhelt 2013-screen

Privacy is a UX problem (David Dahl)

Crypto workshop part 3 - Don't do this yourself

Crypto failures every developer should avoid

5 ways

Securing Database Passwords Using a Combination of hashing and Salting Techni...

Highly Secure Cryptography Algorithm Method to Safeguard Audios and Visuals

HIGHLY SECURE CRYPTOGRAPHY ALGORITHM METHOD TO SAFEGUARD AUDIOS AND VISUALS

Inscibe and Squeeze

Secure by Default Web Applications with Apache Sling

Linux confau 2019: Web Security 2019

CCPA (California Consumer Privacy Act) Tips For Software Developers and Managers

PGP.ppt

Encryption in the Public Cloud: 16 Bits of Advice for Security Techniques

Cryptolocker

Understanding CryptoLocker (Ransomware) with a Case Study

Secure Mail Application's by Ashok Panwar

Recently uploaded

FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf

FIDO Alliance

Monitoring Java Application Security with JDK Tools and JFR Events

Ana-Maria Mihalceanu

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

JMeter webinar - integration with InfluxDB and Grafana

RTTS

Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application. In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics. Length: 30 minutes Session Overview ------------------------------------------- During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana: - What out-of-the-box solutions are available for real-time monitoring JMeter tests? - What are the benefits of integrating InfluxDB and Grafana into the load testing stack? - Which features are provided by Grafana? - Demonstration of InfluxDB and Grafana using a practice web application To view the webinar recording, go to: https://www.rttsweb.com/jmeter-integration-webinar

GenAISummit 2024 May 28 Sri Ambati Keynote: AGI Belongs to The Community in O...

Sri Ambati

Connector Corner: Automate dynamic content and events by pushing a button

DianaGray10

Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to: Create a campaign using Mailchimp with merge tags/fields Send an interactive Slack channel message (using buttons) Have the message received by managers and peers along with a test email for review But there’s more: In a second workflow supporting the same use case, you’ll see: Your campaign sent to target colleagues for approval If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team But—if the “Reject” button is pushed, colleagues will be alerted via Slack message Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors. And... Speakers: Akshay Agnihotri, Product Manager Charlie Greenberg, Host

Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...

Jeffrey Haguewood

Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows. We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases. This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams. Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.

Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...

UiPathCommunity

💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™: See how to accelerate model training and optimize model performance with active learning Learn about the latest enhancements to out-of-the-box document processing – with little to no training required Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath. Speakers: 👨‍🏫 Andras Palfi, Senior Product Manager, UiPath 👩‍🏫 Lenka Dulovicova, Product Program Manager, UiPath

State of ICS and IoT Cyber Threat Landscape Report 2024 preview

Prayukth K V

The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development. The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers: State of global ICS asset and network exposure Sectoral targets and attacks as well as the cost of ransom Global APT activity, AI usage, actor and tactic profiles, and implications Rise in volumes of AI-powered cyberattacks Major cyber events in 2024 Malware and malicious payload trends Cyberattack types and targets Vulnerability exploit attempts on CVEs Attacks on counties – USA Expansion of bot farms – how, where, and why In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East Why are attacks on smart factories rising? Cyber risk predictions Axis of attacks – Europe Systemic attacks in the Middle East Download the full report from here: https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/

Designing Great Products: The Power of Design and Leadership by Chief Designe...

Product School

FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf

FIDO Alliance

How world-class product teams are winning in the AI era by CEO and Founder, P...

Product School

Encryption in Microsoft 365 - ExpertsLive Netherlands 2024

Albert Hoitingh

GraphRAG is All You need? LLM & Knowledge Graph

Guy Korland

Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs. 1. Unifying Large Language Models and Knowledge Graphs: A Roadmap. https://arxiv.org/abs/2306.08302 2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs: https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/

Neuro-symbolic is not enough, we need neuro-*semantic*

Frank van Harmelen

Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”. All of this illustrated with link prediction over knowledge graphs, but the argument is general.

Transcript: Selling digital books in 2024: Insights from industry leaders - T...

BookNet Canada

The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more. Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/ Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.

UiPath Test Automation using UiPath Test Suite series, part 4

DianaGray10

Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap. The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies. Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques What will you get from this session? 1. Insights into SAP testing best practices 2. Heatmap utilization for testing 3. Optimization of testing processes 4. Demo Topics covered: Execution from the test manager Orchestrator execution result Defect reporting SAP heatmap example with demo Speaker: Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

FIDO Alliance Osaka Seminar: Overview.pdf

FIDO Alliance

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

Recently uploaded (20)