The document provides guidance for demonstrating the Customer Portal to customers. It recommends determining whether to use actual or demo data, customizing the demo based on the audience, and ensuring necessary preparations are made. The summary walks through demonstrating key features like invoices, service contracts, search, and entering new data. Emphasis is placed on integrating data from multiple sources and linking all records.
This document discusses fraud prevention, detection, and management. It defines fraud as a deception practiced to gain unfair advantage or cause loss to another party. Fraud can originate from clients or employees and can occur at any stage of the loan process. The document then lists and describes different types of fraud, including those perpetrated by borrowers, loan officers, supervisors, and other bank staff. It emphasizes that while fraud cannot be eliminated, it can be prevented and controlled by minimizing motivations and opportunities through strong internal controls and compliance with policies. Uncovering fraud often happens through management discoveries or reports from staff, clients, or audits.
The document describes Samport ZEUS, an anti-fraud system that uses dynamic filters to assess risk for different customer categories. It can process orders simultaneously from a wide range of merchants without incorrectly flagging legitimate orders or missing fraudulent ones, as static systems do. Each merchant category is assigned a customized filter tuned to its customers' typical purchasing behaviors. The system analyzes orders using modules for velocity, location, and artificial intelligence to detect inconsistencies that indicate fraud. It aims to better protect merchants from chargebacks while approving more legitimate orders compared to obsolete static anti-fraud systems.
Cloud computing metrics for successful business architecture and strategy cap...Mark Skilton
This document provides an agenda and overview for a session on cloud computing metrics for business architecture and strategy. The session will introduce Capgemini's work on cloud computing services and adoption strategies, and how architecture is evolving to transition customers and providers toward on-demand IT and business architecture models. It will discuss how trends like big data, mobility, social networks and ubiquitous computing are changing business and IT solutions, and how cloud computing can fit within these trends. The session will conclude with examples of technology and business architecture roadmaps, metrics and design criteria for cloud or non-cloud adoption.
This document outlines an approach for migrating content and functionality from a Microsoft SharePoint site into Liferay. It describes exporting SharePoint pages, libraries, and web parts into XML packages, then importing them into Liferay using custom importers. Web part functionality is reimplemented as Java portlets, and SharePoint URLs in content are rewritten during import. The automated, repeatable process allows full migration of a SharePoint site structure and content into Liferay.
Your law firm’s success or failure this year will not be determined by how much money you spend on marketing, how many leads you get, or even how much you charge for your services. It will be determined by how solid your intake is and how effectively you can convert prospects into paying clients. Join us for this information-packed webinar and set your law firm on the right track.
The document discusses the challenges of invoicing for enterprises and how Invoicera can help overcome them. Some common challenges include lack of visibility into invoices and payments, long approval times, limited functionality of traditional ERP systems, and lack of customization. Invoicera is a cloud-based invoicing application that allows users to maintain suppliers and vendors on a single dashboard, integrate with 25 payment gateways, and customize workflows to improve productivity. It offers solutions like integrating with third-party tools, invoicing for multiple business units, improving finances with reports, and ensuring data security.
Learn about the convenient, cost-effective, and easy-to-use MyCase Client Portal that allows your clients to securely log in and view the status of their case, and even pay invoices!
This document discusses fraud prevention, detection, and management. It defines fraud as a deception practiced to gain unfair advantage or cause loss to another party. Fraud can originate from clients or employees and can occur at any stage of the loan process. The document then lists and describes different types of fraud, including those perpetrated by borrowers, loan officers, supervisors, and other bank staff. It emphasizes that while fraud cannot be eliminated, it can be prevented and controlled by minimizing motivations and opportunities through strong internal controls and compliance with policies. Uncovering fraud often happens through management discoveries or reports from staff, clients, or audits.
The document describes Samport ZEUS, an anti-fraud system that uses dynamic filters to assess risk for different customer categories. It can process orders simultaneously from a wide range of merchants without incorrectly flagging legitimate orders or missing fraudulent ones, as static systems do. Each merchant category is assigned a customized filter tuned to its customers' typical purchasing behaviors. The system analyzes orders using modules for velocity, location, and artificial intelligence to detect inconsistencies that indicate fraud. It aims to better protect merchants from chargebacks while approving more legitimate orders compared to obsolete static anti-fraud systems.
Cloud computing metrics for successful business architecture and strategy cap...Mark Skilton
This document provides an agenda and overview for a session on cloud computing metrics for business architecture and strategy. The session will introduce Capgemini's work on cloud computing services and adoption strategies, and how architecture is evolving to transition customers and providers toward on-demand IT and business architecture models. It will discuss how trends like big data, mobility, social networks and ubiquitous computing are changing business and IT solutions, and how cloud computing can fit within these trends. The session will conclude with examples of technology and business architecture roadmaps, metrics and design criteria for cloud or non-cloud adoption.
This document outlines an approach for migrating content and functionality from a Microsoft SharePoint site into Liferay. It describes exporting SharePoint pages, libraries, and web parts into XML packages, then importing them into Liferay using custom importers. Web part functionality is reimplemented as Java portlets, and SharePoint URLs in content are rewritten during import. The automated, repeatable process allows full migration of a SharePoint site structure and content into Liferay.
Your law firm’s success or failure this year will not be determined by how much money you spend on marketing, how many leads you get, or even how much you charge for your services. It will be determined by how solid your intake is and how effectively you can convert prospects into paying clients. Join us for this information-packed webinar and set your law firm on the right track.
The document discusses the challenges of invoicing for enterprises and how Invoicera can help overcome them. Some common challenges include lack of visibility into invoices and payments, long approval times, limited functionality of traditional ERP systems, and lack of customization. Invoicera is a cloud-based invoicing application that allows users to maintain suppliers and vendors on a single dashboard, integrate with 25 payment gateways, and customize workflows to improve productivity. It offers solutions like integrating with third-party tools, invoicing for multiple business units, improving finances with reports, and ensuring data security.
Learn about the convenient, cost-effective, and easy-to-use MyCase Client Portal that allows your clients to securely log in and view the status of their case, and even pay invoices!
The document proposes developing an online real estate management system. Some key points:
- The system will automate manual processes and provide information about tenants and properties to customers and real estate companies.
- Challenges include transferring from a manual to automated system, developing financial operations, and ensuring communication between offices and websites.
- The vision is to attract more customers by building a database to handle requirements and provide more property details online.
- Objectives include allowing real estate companies to access tenant information and share data between companies through a distributed database.
Project report on ONLINE REAL ESTATE BUSINESSDivyesh Shah
A project report on 'online real estate' will help you to understand the modeling diagrams for this project and all type of information related to this project
It’s a global real estate people network where all professionals and consultants work (R.E. Brokers) and grow as a family by increasing their horizon of work and thus, outshining their business in the market with excellent result.
If you want to be a part of professional association and want your business to grow with high promotions and global recognition, then, Realty Tree is the right place to be!
The first ever global Real Estate business networking portal that will take you by surprise with every click and minute you spend on it!
This unique concept has been designed so as to form a one stop solution to all your Real Estate requirements and problems.
Customer Service PowerPoint PPT Content Modern SampleAndrew Schwartz
163 slides include: understanding the basics of effective customer service, knowing customer wants and expectations, the 4 steps to super service, what to say and addressing excuses, implementing a program and examining behaviors, 7 practical steps to customer service, performance standards and quality, looking to the future, Q& A's, increasing customer satisfaction, the top ten customer complaints, the five most common customer requests, 4 steps to super service, how to's and more.
ReadySetPresent (Customer Service PowerPoint Presentation Content): 100+ PowerPoint presentation content slides. Knowing what your customer wants and needs is the number one factor to excellent customer service. Only by improving one’s customer service can your business develop. Customer Service PowerPoint Presentation Content slides include topics such as: understanding the basics of effective customer service, knowing customer wants and expectations, the 4 steps to super service, 10+ slides on what to say and addressing excuses, 10+ slides on implementing a program and examining behaviors, 7 practical steps to customer service, 30 slides on performance standards and quality, looking to the future, Q& A’s, 5 slides on increasing customer satisfaction, the top ten customer complaints, the five most common customer requests, 4 steps to super service, how to's and more!
We've improved our virtual terminal and tokenization workflows. The document outlines changes such as a cleaner menu layout, easier password resets, improved IP access controls, and streamlined returns, voids, and reversals. It also advertises additional CenPOS products and services such as mobile apps, shopping cart integrations, reporting dashboards, and payment solutions.
Create an IVR that Keeps Up with Your CustomersTwilio Inc
When customers call your contact center, almost a third of their time is spent in your IVR system. Al Cook, Twilio Product Director, explains how to make the experience a good one. Watch the full webinar here: https://www.twilio.com/learn/contact-center/create-an-ivr-built-for-customer-experience
Bill settlement | SQL to Tally | Tally.NET Services | Tally TDLstannventures.Pvt.Ltd
Tally.ERP 9 allows users to settle multiple outstanding bills for a party at once through its bill settlement feature. This allows users to quickly clear bulk payments for many pending bills simultaneously by nullifying them in the accounts book. The bill settlement feature displays outstanding bills in a ledger and lets the user select multiple bills. It then automatically generates a receipt or payment voucher with the selected bills and amounts pre-allocated, making the settlement process faster and more convenient.
How to Make Down Payments in Odoo 17 Sales AppCeline George
The amount that a buyer pays beforehand towards the entire cost of an item, such as a Home, Automobile, Electronics, Installments, or any other product or service, is known as a down payment. Debt, interest, and monthly payment amounts for the borrower may all be greatly decreased as a result. In order to confirm the supply of their goods or services to the client, the merchant takes a down payment, with the expectation that the remaining balance will be paid later.
Cash Management is a system for managing bank statements and reconciling transactions in accounts payable and accounts receivable. It allows importing bank statements, matching transactions, and reconciling differences. There are parameters to set up accounts, transaction codes, tolerances, and controls. The auto-reconciliation program validates statements and matches transactions within tolerances, creating accounting entries for reconciled and unmatched amounts.
The document discusses InvenTrak, a point of sale and inventory management system for retailers. It provides an overview of the InvenTrak suite, which includes PosiTrak point of sale terminals, a central administration server, and MobiTrak mobile devices. The document outlines the key features of the InvenTrak systems, such as inventory management, sales reporting, customer management, and mobile capabilities. It also discusses how InvenTrak can help retailers adapt to changing market conditions and optimize their operations.
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
QA or the Highway - Component Testing: Bridging the gap between frontend appl...zjhamm304
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
The document proposes developing an online real estate management system. Some key points:
- The system will automate manual processes and provide information about tenants and properties to customers and real estate companies.
- Challenges include transferring from a manual to automated system, developing financial operations, and ensuring communication between offices and websites.
- The vision is to attract more customers by building a database to handle requirements and provide more property details online.
- Objectives include allowing real estate companies to access tenant information and share data between companies through a distributed database.
Project report on ONLINE REAL ESTATE BUSINESSDivyesh Shah
A project report on 'online real estate' will help you to understand the modeling diagrams for this project and all type of information related to this project
It’s a global real estate people network where all professionals and consultants work (R.E. Brokers) and grow as a family by increasing their horizon of work and thus, outshining their business in the market with excellent result.
If you want to be a part of professional association and want your business to grow with high promotions and global recognition, then, Realty Tree is the right place to be!
The first ever global Real Estate business networking portal that will take you by surprise with every click and minute you spend on it!
This unique concept has been designed so as to form a one stop solution to all your Real Estate requirements and problems.
Customer Service PowerPoint PPT Content Modern SampleAndrew Schwartz
163 slides include: understanding the basics of effective customer service, knowing customer wants and expectations, the 4 steps to super service, what to say and addressing excuses, implementing a program and examining behaviors, 7 practical steps to customer service, performance standards and quality, looking to the future, Q& A's, increasing customer satisfaction, the top ten customer complaints, the five most common customer requests, 4 steps to super service, how to's and more.
ReadySetPresent (Customer Service PowerPoint Presentation Content): 100+ PowerPoint presentation content slides. Knowing what your customer wants and needs is the number one factor to excellent customer service. Only by improving one’s customer service can your business develop. Customer Service PowerPoint Presentation Content slides include topics such as: understanding the basics of effective customer service, knowing customer wants and expectations, the 4 steps to super service, 10+ slides on what to say and addressing excuses, 10+ slides on implementing a program and examining behaviors, 7 practical steps to customer service, 30 slides on performance standards and quality, looking to the future, Q& A’s, 5 slides on increasing customer satisfaction, the top ten customer complaints, the five most common customer requests, 4 steps to super service, how to's and more!
We've improved our virtual terminal and tokenization workflows. The document outlines changes such as a cleaner menu layout, easier password resets, improved IP access controls, and streamlined returns, voids, and reversals. It also advertises additional CenPOS products and services such as mobile apps, shopping cart integrations, reporting dashboards, and payment solutions.
Create an IVR that Keeps Up with Your CustomersTwilio Inc
When customers call your contact center, almost a third of their time is spent in your IVR system. Al Cook, Twilio Product Director, explains how to make the experience a good one. Watch the full webinar here: https://www.twilio.com/learn/contact-center/create-an-ivr-built-for-customer-experience
Bill settlement | SQL to Tally | Tally.NET Services | Tally TDLstannventures.Pvt.Ltd
Tally.ERP 9 allows users to settle multiple outstanding bills for a party at once through its bill settlement feature. This allows users to quickly clear bulk payments for many pending bills simultaneously by nullifying them in the accounts book. The bill settlement feature displays outstanding bills in a ledger and lets the user select multiple bills. It then automatically generates a receipt or payment voucher with the selected bills and amounts pre-allocated, making the settlement process faster and more convenient.
How to Make Down Payments in Odoo 17 Sales AppCeline George
The amount that a buyer pays beforehand towards the entire cost of an item, such as a Home, Automobile, Electronics, Installments, or any other product or service, is known as a down payment. Debt, interest, and monthly payment amounts for the borrower may all be greatly decreased as a result. In order to confirm the supply of their goods or services to the client, the merchant takes a down payment, with the expectation that the remaining balance will be paid later.
Cash Management is a system for managing bank statements and reconciling transactions in accounts payable and accounts receivable. It allows importing bank statements, matching transactions, and reconciling differences. There are parameters to set up accounts, transaction codes, tolerances, and controls. The auto-reconciliation program validates statements and matches transactions within tolerances, creating accounting entries for reconciled and unmatched amounts.
The document discusses InvenTrak, a point of sale and inventory management system for retailers. It provides an overview of the InvenTrak suite, which includes PosiTrak point of sale terminals, a central administration server, and MobiTrak mobile devices. The document outlines the key features of the InvenTrak systems, such as inventory management, sales reporting, customer management, and mobile capabilities. It also discusses how InvenTrak can help retailers adapt to changing market conditions and optimize their operations.
"Scaling RAG Applications to serve millions of users", Kevin GoedeckeFwdays
How we managed to grow and scale a RAG application from zero to thousands of users in 7 months. Lessons from technical challenges around managing high load for LLMs, RAGs and Vector databases.
[OReilly Superstream] Occupy the Space: A grassroots guide to engineering (an...Jason Yip
The typical problem in product engineering is not bad strategy, so much as “no strategy”. This leads to confusion, lack of motivation, and incoherent action. The next time you look for a strategy and find an empty space, instead of waiting for it to be filled, I will show you how to fill it in yourself. If you’re wrong, it forces a correction. If you’re right, it helps create focus. I’ll share how I’ve approached this in the past, both what works and lessons for what didn’t work so well.
Northern Engraving | Modern Metal Trim, Nameplates and Appliance PanelsNorthern Engraving
What began over 115 years ago as a supplier of precision gauges to the automotive industry has evolved into being an industry leader in the manufacture of product branding, automotive cockpit trim and decorative appliance trim. Value-added services include in-house Design, Engineering, Program Management, Test Lab and Tool Shops.
QA or the Highway - Component Testing: Bridging the gap between frontend appl...zjhamm304
These are the slides for the presentation, "Component Testing: Bridging the gap between frontend applications" that was presented at QA or the Highway 2024 in Columbus, OH by Zachary Hamm.
Northern Engraving | Nameplate Manufacturing Process - 2024Northern Engraving
Manufacturing custom quality metal nameplates and badges involves several standard operations. Processes include sheet prep, lithography, screening, coating, punch press and inspection. All decoration is completed in the flat sheet with adhesive and tooling operations following. The possibilities for creating unique durable nameplates are endless. How will you create your brand identity? We can help!
"What does it really mean for your system to be available, or how to define w...Fwdays
We will talk about system monitoring from a few different angles. We will start by covering the basics, then discuss SLOs, how to define them, and why understanding the business well is crucial for success in this exercise.
AI in the Workplace Reskilling, Upskilling, and Future Work.pptxSunil Jagani
Discover how AI is transforming the workplace and learn strategies for reskilling and upskilling employees to stay ahead. This comprehensive guide covers the impact of AI on jobs, essential skills for the future, and successful case studies from industry leaders. Embrace AI-driven changes, foster continuous learning, and build a future-ready workforce.
Read More - https://bit.ly/3VKly70
How information systems are built or acquired puts information, which is what they should be about, in a secondary place. Our language adapted accordingly, and we no longer talk about information systems but applications. Applications evolved in a way to break data into diverse fragments, tightly coupled with applications and expensive to integrate. The result is technical debt, which is re-paid by taking even bigger "loans", resulting in an ever-increasing technical debt. Software engineering and procurement practices work in sync with market forces to maintain this trend. This talk demonstrates how natural this situation is. The question is: can something be done to reverse the trend?
Must Know Postgres Extension for DBA and Developer during MigrationMydbops
Mydbops Opensource Database Meetup 16
Topic: Must-Know PostgreSQL Extensions for Developers and DBAs During Migration
Speaker: Deepak Mahto, Founder of DataCloudGaze Consulting
Date & Time: 8th June | 10 AM - 1 PM IST
Venue: Bangalore International Centre, Bangalore
Abstract: Discover how PostgreSQL extensions can be your secret weapon! This talk explores how key extensions enhance database capabilities and streamline the migration process for users moving from other relational databases like Oracle.
Key Takeaways:
* Learn about crucial extensions like oracle_fdw, pgtt, and pg_audit that ease migration complexities.
* Gain valuable strategies for implementing these extensions in PostgreSQL to achieve license freedom.
* Discover how these key extensions can empower both developers and DBAs during the migration process.
* Don't miss this chance to gain practical knowledge from an industry expert and stay updated on the latest open-source database trends.
Mydbops Managed Services specializes in taking the pain out of database management while optimizing performance. Since 2015, we have been providing top-notch support and assistance for the top three open-source databases: MySQL, MongoDB, and PostgreSQL.
Our team offers a wide range of services, including assistance, support, consulting, 24/7 operations, and expertise in all relevant technologies. We help organizations improve their database's performance, scalability, efficiency, and availability.
Contact us: info@mydbops.com
Visit: https://www.mydbops.com/
Follow us on LinkedIn: https://in.linkedin.com/company/mydbops
For more details and updates, please follow up the below links.
Meetup Page : https://www.meetup.com/mydbops-databa...
Twitter: https://twitter.com/mydbopsofficial
Blogs: https://www.mydbops.com/blog/
Facebook(Meta): https://www.facebook.com/mydbops/
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
Keywords: AI, Containeres, Kubernetes, Cloud Native
Event Link: https://meine.doag.org/events/cloudland/2024/agenda/#agendaId.4211
GlobalLogic Java Community Webinar #18 “How to Improve Web Application Perfor...GlobalLogic Ukraine
Під час доповіді відповімо на питання, навіщо потрібно підвищувати продуктивність аплікації і які є найефективніші способи для цього. А також поговоримо про те, що таке кеш, які його види бувають та, основне — як знайти performance bottleneck?
Відео та деталі заходу: https://bit.ly/45tILxj
"Frontline Battles with DDoS: Best practices and Lessons Learned", Igor IvaniukFwdays
At this talk we will discuss DDoS protection tools and best practices, discuss network architectures and what AWS has to offer. Also, we will look into one of the largest DDoS attacks on Ukrainian infrastructure that happened in February 2022. We'll see, what techniques helped to keep the web resources available for Ukrainians and how AWS improved DDoS protection for all customers based on Ukraine experience
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation F...AlexanderRichford
QR Secure: A Hybrid Approach Using Machine Learning and Security Validation Functions to Prevent Interaction with Malicious QR Codes.
Aim of the Study: The goal of this research was to develop a robust hybrid approach for identifying malicious and insecure URLs derived from QR codes, ensuring safe interactions.
This is achieved through:
Machine Learning Model: Predicts the likelihood of a URL being malicious.
Security Validation Functions: Ensures the derived URL has a valid certificate and proper URL format.
This innovative blend of technology aims to enhance cybersecurity measures and protect users from potential threats hidden within QR codes 🖥 🔒
This study was my first introduction to using ML which has shown me the immense potential of ML in creating more secure digital environments!
Introducing BoxLang : A new JVM language for productivity and modularity!Ortus Solutions, Corp
Just like life, our code must adapt to the ever changing world we live in. From one day coding for the web, to the next for our tablets or APIs or for running serverless applications. Multi-runtime development is the future of coding, the future is to be dynamic. Let us introduce you to BoxLang.
Dynamic. Modular. Productive.
BoxLang redefines development with its dynamic nature, empowering developers to craft expressive and functional code effortlessly. Its modular architecture prioritizes flexibility, allowing for seamless integration into existing ecosystems.
Interoperability at its Core
With 100% interoperability with Java, BoxLang seamlessly bridges the gap between traditional and modern development paradigms, unlocking new possibilities for innovation and collaboration.
Multi-Runtime
From the tiny 2m operating system binary to running on our pure Java web server, CommandBox, Jakarta EE, AWS Lambda, Microsoft Functions, Web Assembly, Android and more. BoxLang has been designed to enhance and adapt according to it's runnable runtime.
The Fusion of Modernity and Tradition
Experience the fusion of modern features inspired by CFML, Node, Ruby, Kotlin, Java, and Clojure, combined with the familiarity of Java bytecode compilation, making BoxLang a language of choice for forward-thinking developers.
Empowering Transition with Transpiler Support
Transitioning from CFML to BoxLang is seamless with our JIT transpiler, facilitating smooth migration and preserving existing code investments.
Unlocking Creativity with IDE Tools
Unleash your creativity with powerful IDE tools tailored for BoxLang, providing an intuitive development experience and streamlining your workflow. Join us as we embark on a journey to redefine JVM development. Welcome to the era of BoxLang.
AppSec PNW: Android and iOS Application Security with MobSFAjin Abraham
Mobile Security Framework - MobSF is a free and open source automated mobile application security testing environment designed to help security engineers, researchers, developers, and penetration testers to identify security vulnerabilities, malicious behaviours and privacy concerns in mobile applications using static and dynamic analysis. It supports all the popular mobile application binaries and source code formats built for Android and iOS devices. In addition to automated security assessment, it also offers an interactive testing environment to build and execute scenario based test/fuzz cases against the application.
This talk covers:
Using MobSF for static analysis of mobile applications.
Interactive dynamic security assessment of Android and iOS applications.
Solving Mobile app CTF challenges.
Reverse engineering and runtime analysis of Mobile malware.
How to shift left and integrate MobSF/mobsfscan SAST and DAST in your build pipeline.
2. Before performing a demo you should:
Determine whether you want to show the customer their actual data, or “demo” data.
If the customer is new, or hasn't bought Sun maintenance from us, consider
performing the generic demo.
Consider your audience. If you will be presenting to finance staff, you may wish
to place more emphasis on invoices, purchase orders, and other financial data
elements. If you will be presenting to IT staff, you may wish to emphasise
the asset management features of the Customer Portal.
Ensure that our finance department has reviewed their invoices and order history.
Ensure that our Service Sales staff have reviewed their service contract data.
Ensure that the customer has internet access at the site where you plan to perform
the demo. Some customers will not permit you to connect your laptop to their network,
so you may need to make other arrangements beforehand.
Ensure that you have a valid user name and password, and that it is bound to the
customer's data, if you will be using their data for the demo.
Preview the customer’s data to ensure familiarity.
3. Our WWW home page.
Explain that the
Customer Portal can be
accessed from our
home page via the form
at the lower right.
Enter username and
password, and hit the
carriage return key.
4. This is the Customer Portal’s native login screen.
Explain that the Customer
Portal can also be
accessed at
http://portal.______.com
Enter username and
password, and click on
“login” or hit the carriage
return key.
5. This is the Customer Portal home page.
Explain that the Status
Dashboard at the left of
the screen shows the time
remaining (if any) for the
customer's maintenance
contracts and software
licenses that are due to
expire soonest. Up to five
contracts/licenses from
each of our vendor
partners is shown. Each
individual graph is linked
to the detail for that
contract or license.
Briefly describe the 6 links
at the top of the screen,
as well as the links at
lower left, and the press
releases.
Next, click on the
“Invoices” button, and
display the Invoice
Summary screen.
6. The Invoice Summary screen.
This screen shows the customer's purchase history, comprised of a list of their invoices sorted in descending date
order. Each of the Invoice numbers is linked to that invoice.
Explain the three invoice
facsimile types:
Invoice numbers beginning with
“PS” are for professional
services.
Invoice numbers beginning with
“STDRTN” are returns/credits.
Invoice numbers beginning with
“INV” are for goods and
services.
Next, click an invoice number,
and show the invoice.
7. This is an Invoice Facsimile.
Describe the Invoice Facsimile
screen. Explain that the invoice
facsimile shown is not a substitute
for the actual hard-copy invoice.
Explain that unlike the paper
invoices, the invoice facsimiles in
the Customer Portal contain
additional data – device serial
numbers scanned at the time of
shipment, and the associated
service contract number, if any,
linked to that item's service
contract detail, where applicable,
all in one location.
Next, click on the service contract
number in the invoice facsimile,
and jump to the service contract
detail.
8. The Service Contract Detail screen.
Explain that the service contract
number from the invoice
facsimile is a link to that item's
record in the service contract
detail. Explain that the item is
highlighted for the user's
reference.
Explain that device hostnames
are shown to the extent that
they have been reported to Sun.
The customer may report the
hostname to Sun when booking
the device under maintenance.
Explain the rest of the data
elements.
Explain that the user can sort on
columns by clinking on the
column header.
Next, click on the small square
line item detail icon in the 4th
column, and display the line
item detail.
9. The Line Item Detail screen.
This screen contains all of the data elements present in the feed we get from Sun for this particular device.
Hostnames provided to us at the time of placing the initial order are entered into the support contract and are
available in the Customer Portal.
Explain the importance of the location field when
dispatching Sun staff to service or repair a device.
(Sun will dispatch staff to the location of record.)
Further explain that many customers have run into
situations where replacement parts have been
shipped to the wrong locations.
Explain that the service levels shown are only
“base level” and do not reflect any uplifts.
Emphasise that the link to the actual invoice
facsimile for the sale of the device itself is not
available anywhere else, as that datum is not
available to Sun. Explain that the link to the invoice
facsimile will enable to customer to see details
such as the customer’s original PO, when the item
shipped, and what else shipped with it.
Emphasise the value of joining service contract
records to purchase history. (The Customer Portal
has links to the original invoice from Corporate
Technologies.)
Next, click on “Technical Contacts” and display the
technical contacts screen
10. The Technical Contacts screen.
Explain that the customer
can quickly see who is
entitled to request service
under the terms of this
contract. Explain the
importance of verifying that
the person calling Sun for
service on a device is among
the technical contacts listed
for the associated service
contract.
Next, go back to the line item
detail, and click on a part
number.
11. The Part Number Detail screen.
Explain that all part numbers
throughout the Customer Portal
are linked to the part number
detail screen, where the user
can see all instances of that part
on record, with links to invoices
and service contracts for each.
Explain that a customer can use
this feature to identify other like
parts, and to find links to their
associated invoices and service
contracts. This screen enables
the customer to get a quick
count of like products, and to
identify gaps in service
coverage.
Next, click the same invoice
number you've been using, and
take the user back to the invoice
facsimile screen.
12. The Invoice Facsimile screen.
Again, explain that all
instances of an invoice
number will take the user
back to the invoice facsimile,
with that line highlighted for
easy reference. This principle
applies for many of the links
found throughout the
Customer Portal.
Next, leave this screen by
clicking on the “Purchase
Orders” button at the top of
the page and display the
purchase order summary.
13. The Purchase Order Summary screen.
Explain that this is a list of all
purchase orders, which will
likely be of primary interest to
the customer's finance staff.
Next, click on the “Service
Contracts” button at the top
of the screen, and display the
service contracts and
licenses summary.
14. The Service Contracts Summary screen.
Explain that this screen contains all
high-level “header” data for the
customer's service contracts and
software licenses.
− Contract number
− Start & end dates
− status and number of devices
− Link to Technical Contacts
− Scheduled reminders
− Part numbers
− Descriptions
Explain that it is from this screen that
the user can set email reminders to
avoid out-of-service charges, and that
they can enter service/change
requests for their service contracts, or
to request information.
Point out that such fully-integrated
data from multiple vendors, all in a
single place, is only available from us.
Next, click the “Change Request”
button and display the change request
interface.
15. The Change Request interface.
Explain that change requests
entered from this screen are
forwarded to our support staff,
where they are reviewed and
acted upon.
Explain that when a change
request is created, a tracking
number is assigned and the
tracking number and originator
of the request are displayed in
the Customer Portal.
Enter a service request, and
display the resulting link to the
service request.
Next, click on the “Scheduled
Reminders” button, and
schedule an email reminder.
16. The Scheduled Reminders creation interface.
Explain that the user can use
this feature to create email
reminders to send to
themselves, that can be
scheduled at any time prior to
the expiration of a contract, so
that the user can have sufficient
lead time to effect the contract
renewal prior to expiration.
Explain that we will
automatically send an email 90
days prior to contract and/or
lease expirations. Point out that
the Customer Portal’s
scheduled reminders feature is
flexible and can be used for any
purpose.
Submit the email reminder.
17. The Service Contracts Summary screen.
Show the user the resulting
email reminder (in this case, for
12/15/2004) notation that
appears in the screen. Explain
that the user can opt to delete
the reminder.
Next, scroll down to additional
partner data.
18. The Service Contracts Summary screen.
Explain that part of the value of
the Customer Portal lies in the
integration of data from multiple
vendor partners, a facility not
available elsewhere.
Explain that these software
licenses do not have associated
contract numbers, but rather
that they have individual serial
numbers.
Next, click on the detail icon and
show the line item detail.
19. The Line Item Detail screen.
Explain that this screen contains
everything reported to us by our
partner about this particular
software license. Explain that
customers can use this feature
to track the number of active
licenses they have in force at
any given time.
Next, click on the “Serial
Numbers” button at the top of
the screen, and display the
serial number summary.
20. The Serial Numbers Summary screen.
Explain that this screen shows
all serial numbers reported to us
by Sun, whether as part of a
service contract, or in our
shipment reports or nightly
Point-of-Sale reports.
Explain only our company can
provide this data in its entirety,
because we integrate data from
our nightly Point-of-Sale reports
with Sun contract data. Point
out that we keep a record of the
serial number of every device
we sell, whether covered under
a support contract or not.
Explain that this feature enables
the customer to identify gaps in
service coverage (as in the 5th
and 6th lines shown at left.)
“We’ll point out one part
number…” (???)
Next, enter a value in the
search field at the upper-right of
the screen, and hit the carriage
return key.
21.
Explain that the user can search all
fields in the Customer Portal. Give
several examples of how they might
The Search Results screen. use this feature. Explain that they can
search on a partial serial number, part
number, or enter the name of a city to
find all devices on record at that
location. Explain that if a patch or fix
comes out for a problem with V880’s
for example, that the customer can
use the search feature to locate these
assets.
Explain that the search feature is
powerful - the customer doesn’t need
much information. Simply typing
“V880” will give the customer access
to invoice facsimiles, shipment dates
and associated service contracts.
Explain that using the Customer Portal
to find a serial number is in many
cases preferable to sending someone
into a data center with a flashlight to
read a serial number off the back of a
server chassis.
Explain that all results are linked back
to the applicable record. In this
example, the link is to the contract line
item, and the link at bottom center is
to the invoice facsimile.
Next, click on the “Leases” button at
the top of the screen, and display the
leases summary.
22. The Lease Summary screen.
Explain that this screen displays
leases, and that the customer
may enter and track their own
lease data, even if it is not
known to us, as when they use
a 3rd party to “flip” a device to a
lease, after the sale.
Explain that this data always
originates from the customer,
and is not managed by us.
Next, click on the “Add a Lease”
button, and display the lease
entry form.
23. The Lease Creation interface.
Explain the various elements in
the form used to enter lease
data.
Enter some representative data
in the form, and submit the new
lease. Display the resulting
lease record.
24. The Lease Summary screen, showing the resulting lease record.
Explain that leases entered in
this way are tracked in the
“Status Dashboard” on the
Customer Portal home page for
the customer's easy reference.
Point out that this feature is
financially beneficial to
customers, as customers who
lose track of their leases and fail
to note expiration dates can
incur costly lease extension
fees.
Next, click on the “Home” button
at the top of the screen, and
display the home page.
25. The Customer Portal home page.
Point out the new “Lease” graph
that appears in the Status
Dashboard.
Next, click on the “Contacts”
button at the top of the screen,
and display the customer's
contact data.
26. The Contact Details screen.
Explain that this screen shows
the contacts for a particular
customer. Explain the role of
each of our internal staff
members listed.
Explain that the sales contact is
responsible for overall account
management, but that if a
customer’s question is
specifically related to service,
they should call a member of
our support team.
Explain the Sun Service-related
language and link to Sun's On-
line Support Center, and explain
that Sun’s on-line support
center enables the customer to
enter a support call.
Explain the importance of
verifying that the user placing a
support call is listed among the
technical contacts for the given
contract, available from the links
at the bottom of the screen.
27. Security, Administration, and Support considerations
Explain that the Customer Portal is secure – all interaction over encrypted SSL. All security
tokens are managed and stored in the HTTP session, and continually referenced by application
code.
Explain that the role-based security features of the Customer Portal will enable key contacts on
customer's staff to grant access and administer grants on all aspects of the Customer Portal's
interface in granular fashion. The key contact can add/update/delete as many user accounts as
desired, and can grant access to data at the screen element level – obscuring acquisition cost
from junior IT staff, for example.
Explain that our vendor partners supply a large percentage of the underlying data, and that all
data is retrieved and loaded nightly. Any EDI exceptions are caught and handled gracefully – the
data is rolled back to the prior day's, and our systems staff automatically notified.
Explain that the Customer Portal is highly-available, with database replication, failover, and
redundant hardware – 2 Sun V65s with dual independent processor modules and multiple hot-
swappable drives.
To showcase our PS and applications expertise, stress that the Customer Portal was developed
entirely in-house, and built using the same best-of-breed technologies that we recommend to our
customers – pure Java (J2EE,) Sun hardware, Sun platform software (JES,) and open-source
development tools.