Detection-as-Code: Test Driven Detection Development.pdf
•
0 likes•27 views
The document discusses detection-as-code and test driven development for threat detection. It introduces challenges in threat detection and the need for continuous improvement through detection engineering. It advocates applying principles from DevOps like test-driven development, version control systems, and automated workflows to improve security posture. Test driven development for detections requires the capability to replicate attacks to test detections.
Report
Share
Report
Share
Download to read offline
Recommended
Dev{sec}ops
Keeping security top of mind while creating standards for engineering teams following the DevOps culture. This talk was designed to show off how easily it is to automate security scanning and to be the developer advocate by showing the quality of development work. We will cover some high-level topics of DevSecOps and demo some examples DevOps team can implement for free.
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Our technology, work processes, and activities all depend on if we trust our software to be developed in a safe and secure manner. Join us virtually for our upcoming "Secure Your DevOps Pipeline: Best Practices" Meetup to learn how to integrate security in the development process, DevSecOps advance methods, manage the implement secure coding analysis and how to manage software security risks.
SCS DevSecOps Seminar - State of DevSecOps
- Stefan Streichsbier is the CEO of GuardRails and a professional white-hat hacker who has identified severe shortcomings in security processes and technologies, leading him to create GuardRails.
- The document discusses the evolution of DevOps and increasing complexity, the state of security and how it needs to fit within modern development workflows, and introduces the concept of DevSecOps to address shortcomings and better integrate security.
- Key aspects of DevSecOps discussed include how to create, test, and monitor secure applications and empower development teams to build security in from the start rather than see it as a separate function. Automated security tools and the need to reduce noise and improve usability for developers is also
Understanding DevOps Security - Full Guide
DevSecOps is a process of integrating security practices into the stages of the SDLC lifecycle. The DevSecOps(https://opstree.com/) process ensures that secure software is delivered to the production environment, without delaying security until the last stages of the Software Development Life Cycle (SDLC). This is where does DevSecOps fits into the SDLC phase.
You can check more info about:
DevOps Company In UAE ( https://opstree.com/ )
understanding devops security - DevSecOps
DevSecOps is a process of integrating security practices into the stages of the SDLC lifecycle. The DevSecOps(https://opstree.com/) process ensures that secure software is delivered to the production environment, without delaying security until the last stages of the Software Development Life Cycle (SDLC). This is where does DevSecOps fits into the SDLC phase.
You can check more info about:
devops solutions ( https://opstree.com/usa/ )
Pentest is yesterday, DevSecOps is tomorrow
Introduction to General DevSecOps, how it differentiate with DevOps and the correlation between Agile DevOps and DevSecOps
DevSecOps and the CI/CD Pipeline
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at OWASP NoVA, Sept 25th, 2018
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Application's Security
For more information on DevSecOps, please visit: http://ow.ly/LcyX50g63fO
Recommended
Dev{sec}ops
Keeping security top of mind while creating standards for engineering teams following the DevOps culture. This talk was designed to show off how easily it is to automate security scanning and to be the developer advocate by showing the quality of development work. We will cover some high-level topics of DevSecOps and demo some examples DevOps team can implement for free.
Secure Your DevOps Pipeline Best Practices Meetup 08022024.pptx
Our technology, work processes, and activities all depend on if we trust our software to be developed in a safe and secure manner. Join us virtually for our upcoming "Secure Your DevOps Pipeline: Best Practices" Meetup to learn how to integrate security in the development process, DevSecOps advance methods, manage the implement secure coding analysis and how to manage software security risks.
SCS DevSecOps Seminar - State of DevSecOps
- Stefan Streichsbier is the CEO of GuardRails and a professional white-hat hacker who has identified severe shortcomings in security processes and technologies, leading him to create GuardRails.
- The document discusses the evolution of DevOps and increasing complexity, the state of security and how it needs to fit within modern development workflows, and introduces the concept of DevSecOps to address shortcomings and better integrate security.
- Key aspects of DevSecOps discussed include how to create, test, and monitor secure applications and empower development teams to build security in from the start rather than see it as a separate function. Automated security tools and the need to reduce noise and improve usability for developers is also
Understanding DevOps Security - Full Guide
DevSecOps is a process of integrating security practices into the stages of the SDLC lifecycle. The DevSecOps(https://opstree.com/) process ensures that secure software is delivered to the production environment, without delaying security until the last stages of the Software Development Life Cycle (SDLC). This is where does DevSecOps fits into the SDLC phase.
You can check more info about:
DevOps Company In UAE ( https://opstree.com/ )
understanding devops security - DevSecOps
DevSecOps is a process of integrating security practices into the stages of the SDLC lifecycle. The DevSecOps(https://opstree.com/) process ensures that secure software is delivered to the production environment, without delaying security until the last stages of the Software Development Life Cycle (SDLC). This is where does DevSecOps fits into the SDLC phase.
You can check more info about:
devops solutions ( https://opstree.com/usa/ )
Pentest is yesterday, DevSecOps is tomorrow
Introduction to General DevSecOps, how it differentiate with DevOps and the correlation between Agile DevOps and DevSecOps
DevSecOps and the CI/CD Pipeline
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at OWASP NoVA, Sept 25th, 2018
The CA Technologies | Veracode Platform: A 360-Degree View of Your Applicatio...
The CA Technologies | Veracode Platform: A 360-Degree View of Your Application's Security
For more information on DevSecOps, please visit: http://ow.ly/LcyX50g63fO
4 approaches to integrate dev secops in development cycle
This document discusses 4 approaches to integrating DevSecOps into the development cycle:
1) Software Composition Analysis to evaluate open source components for vulnerabilities
2) Static Application Security Testing to examine source code for insecure coding
3) Dynamic Application Security Testing to perform security scans on running applications
4) Infrastructure Automation Tools to automate infrastructure configuration and security
What skills are necessary to become a DevOps Engineer.pdf
Learn the principles and tools of integrated software development with a Devops course on OnlineITGuru. Top rated experts can prepare you for your certification.
Our cutting-edge Blended Learning combines live online DevOps certification classes with interactive labs that will give you hands-on experience.
The DevSecOps Builder’s Guide to the CI/CD Pipeline
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at LASCON 2018, in Austin, TX.
Democratizing security
This document discusses democratizing security as the next frontier for DevSecOps adoption in enterprises. It covers evolving delivery practices like Agile, DevOps, and SRE. Democratizing involves making capabilities self-service, granting permission to act with guardrails, and building trust. This includes democratizing infrastructure, software delivery, data, and security by making them technology agnostic, self-service, and including them in the DevSecOps toolchain to improve applications, platforms, processes, and culture. Security chaos engineering and value stream mapping are also discussed as ways to identify vulnerabilities and inefficiencies to continuously improve operational readiness and adoption.
DevSecOps: Integrating Security Into DevOps! {Business Security}
The key benefit of DevOps is speed and continuous delivery but with secure DevOps teams often suffer from the notion that there’s a tradeoff between security and speed. However, that is not the scenario always.
Prudent use of Security automation allows the teams to maintain both security and speed. The automated security testing makes the security consistent and less vulnerable to human errors. Shifting of the security practices left towards the design phase is a major advantage. It is a big achievement to catch the security loophole at the design or the development phase of a new feature. This is what DevSecOps tooling strategies aim at.
Check out this presentation and learn more about integrating security into DevOps with DevSecOps!
DevOps Roadmap 2022.pdf
Prometheus and Grafana are commonly used for observability in Kubernetes clusters. It is beneficial to unify observability across clusters for performance and cost reasons. Technologies like Thanos, Cortex, VictoriaMetrics, Datadog, and Loki can help scale Prometheus configurations. Platform teams now focus on enhancing workflows for internal customers like developers and testers. Security practices are shifting left in the development pipeline to address risks and compliance needs. Strong programming skills are important for platform engineering and SRE roles to develop tools, debug code, and ensure standards are followed. Golang is recommended over Python for platform engineering due to its concurrency, type safety, and use in large open source projects.
The Emergent Cloud Security Toolchain for CI/CD
Security is in crisis and it needs a new way to move forward. This talk from Nov 2018, Houston ISSA meeting discusses the tooling needed to rise to the demands of devops and devsecops.
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
Duration : 3 days
DevSecOps stands for development, security and operations.
DevSecOps is a technique for advancing toward IT security. DevSecOps is essential in light of the fact that while IT framework has developed significantly in the most recent decade, there hasn't been a proportionate headway in most of security and consistence observing devices.
Thusly, most apparatuses can't test code as quick as an average DevOps condition requires.
DevSecOps Training Bootcamp Course by Tonex:
DevSecOps Training Bootcamp is a 3-day down to earth DevSecOps course where members gain inside and out information and abilities to apply, actualize and improve IT security in present day DevOps.
DevSecOps is recommended for :
Security Staff
IT Leadership & IT Infrastructure
CIOs, CTOs and CSO
Configuration Managers
Developers and Application Team Members
IT Operations Staff
IT Project & Program Managers
Product Owners and Managers
Release Engineers
Agile Staff and ScrumMasters
Software Developers and Team Leads
System Admin
Course Agenda
DevOps vs. DevSecOps
DevOps Security Requirements
DevOps Typical Security Activities
Tools for Securing DevOps
Principles Behind DevSecOps
DevSecOps and Application Security
How to DevSecOps
DevSecOps Maturity
Risk Management Framework (RMF), DevOps and DevSecOps
Workshops and Group Activities :
Workshop 1: Plan for DevSecOps
Workshop 2: Secure Code Overview
Workshop 3: Create a DevSecOps plan
Request more information regarding DevSecOps IT Modernization Training Bootcamp. Visit tonex.com for course and workshop detail.
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
https://www.tonex.com/training-courses/devsecops-training-bootcamp/
Webinar–Best Practices for DevSecOps at Scale
Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where:
• The threat landscape continues to evolve.
• Application portfolios and their risk profiles continue to shift.
• Security tools are difficult to deploy, configure, and integrate into workflows.
• Consumption models continue to change.
How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering.
Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where:
• The threat landscape continues to evolve.
• Application portfolios and their risk profiles continue to shift.
• Security tools are difficult to deploy, configure, and integrate into workflows.
• Consumption models continue to change.
How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering.
For more information, please visit our website at https://www.synopsys.com/software-integrity/managed-services.html
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager
For more information on DevSecOps, please visit: http://ow.ly/u2pN50g63tN
10 things to get right for successful dev secops
This document discusses 10 things that are important to get right for successful DevSecOps implementation. It recommends that security testing be integrated seamlessly into the development process without disrupting developers. It also advises focusing first on identifying and fixing known critical vulnerabilities in libraries and components before custom code, and accepting that not all vulnerabilities can be eliminated. Developers should receive basic secure coding training without being expected to become security experts. The overall goal is to make security processes transparent to developers in order to balance security and speed of development.
DevSecOps reference architectures 2018
DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
Continuous Security / DevSecOps- Why How and What
This presentation explains what Continuous Security / DevSecOps is, Why it is important, How it works and What you can do to realized a well-engineered DevSecOps solution in your own organization or enterprise.
Take Control: Design a Complete DevSecOps Program
Designing a secure DevOps workflow is tough: Developers, testers, IT security teams, and managers all have different control points within the software development lifecycle. Additionally, each application in development and production has a unique profile and features. Then you have the different types of organizations which have different maturity levels and needs: Retail has different day-to-day priorities than Finance or Healthcare, although all industries are united by a need to defend against the current threat landscape of data breaches and ransomware.
How do you find the right touch points? How do you build application security into your DevOps workflow successfully, turning the workflow from a process into a program?
Take Control: Design a Complete DevSecOps Program
Designing a secure DevOps workflow is tough: Developers, testers, IT security teams, and managers all have different control points within the software development lifecycle. Additionally, each application in development and production has a unique profile and features. Then you have the different types of organizations which have different maturity levels and needs: Retail has different day-to-day priorities than Finance or Healthcare, although all industries are united by a need to defend against the current threat landscape of data breaches and ransomware.
How do you find the right touch points? How do you build application security into your DevOps workflow successfully, turning the workflow from a process into a program?
Product Security
The document discusses product security and how it relates to application security, infrastructure security, and security operations for a specific product or system. It argues that applying DevOps methodologies to traditional application security practices can help make security part of everyday work for developers and operations teams. This will help change an organization's security culture to focus on designing security into products from the start.
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security?
It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case.
Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss:
- Why traditional DevOps has shifted, and what this will mean
- Who should own security in the age of DevOps
- Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline
DevOps and Devsecops- Everything you need to know.
DevOps is a software development approach that emphasizes collaboration and communication between developers and IT operations teams to streamline the development and deployment of software. DevSecOps extends DevOps by integrating security into every stage of the software development lifecycle, from planning to deployment, to ensure that security risks are identified and addressed early on.
DevOps and Devsecops What are the Differences.pdf
DevSecOps is the methodology that integrates security techniques into the DevOps process. It fosters and encourages collaboration with release engineers and security groups based on a ‘Security As Code’ concept. DevSecOps has gained recognition and importance due to the increasing security risks associated with software applications.
5 principles-securing-devops-veracode-whitepaper
The document discusses five principles for securing DevOps:
1) Automate security testing by integrating it into CI/CD pipelines.
2) Integrate security testing early to "fail quickly" and avoid issues late in the process.
3) Avoid false positives from security tests to prevent blocking critical updates.
4) Build security expertise among developers by training them in secure coding practices.
5) Maintain visibility into application security for deployed software to enable quick responses to attacks.
PurpleSharp BlackHat Arsenal Asia
Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, building and testing detection capabilities will be a challenging task.
PurpleSharp is an open-source adversary simulation tool written in C# that executes adversary techniques against Windows environments. The resulting telemetry can be leveraged to measure and improve the efficacy of a detection program. PurpleSharp executes different behavior across the attack lifecycle following the MITRE ATT&CK Framework’s tactics: execution, persistence, privilege escalation, credential access, lateral movement, etc.
BSides Panama 2022
Este documento presenta PurpleSharp, una herramienta en C# que simula técnicas de ataque para generar telemetría y mejorar los programas de detección de seguridad. PurpleSharp puede ejecutar técnicas de forma remota y flexible, variando parámetros y formas de ejecución. Esto permite probar la resiliencia de las detecciones existentes y crear nuevas. El documento también incluye demostraciones de cómo PurpleSharp puede simular el descubrimiento de dominio y movimiento lateral en una red de Active Directory.
More Related Content
Similar to Detection-as-Code: Test Driven Detection Development.pdf
4 approaches to integrate dev secops in development cycle
This document discusses 4 approaches to integrating DevSecOps into the development cycle:
1) Software Composition Analysis to evaluate open source components for vulnerabilities
2) Static Application Security Testing to examine source code for insecure coding
3) Dynamic Application Security Testing to perform security scans on running applications
4) Infrastructure Automation Tools to automate infrastructure configuration and security
What skills are necessary to become a DevOps Engineer.pdf
Learn the principles and tools of integrated software development with a Devops course on OnlineITGuru. Top rated experts can prepare you for your certification.
Our cutting-edge Blended Learning combines live online DevOps certification classes with interactive labs that will give you hands-on experience.
The DevSecOps Builder’s Guide to the CI/CD Pipeline
All organizations want to go faster and decrease friction in their cloud software delivery pipeline. Infosec has an opportunity to change their classic approach from blocker to enabler. This talk will discuss hallmarks of CI/CD and some practical examples for adding security testing across different organizations. The talk will cover emergent patterns, practices and toolchains that bring security to the table.
Presented at LASCON 2018, in Austin, TX.
Democratizing security
This document discusses democratizing security as the next frontier for DevSecOps adoption in enterprises. It covers evolving delivery practices like Agile, DevOps, and SRE. Democratizing involves making capabilities self-service, granting permission to act with guardrails, and building trust. This includes democratizing infrastructure, software delivery, data, and security by making them technology agnostic, self-service, and including them in the DevSecOps toolchain to improve applications, platforms, processes, and culture. Security chaos engineering and value stream mapping are also discussed as ways to identify vulnerabilities and inefficiencies to continuously improve operational readiness and adoption.
DevSecOps: Integrating Security Into DevOps! {Business Security}
The key benefit of DevOps is speed and continuous delivery but with secure DevOps teams often suffer from the notion that there’s a tradeoff between security and speed. However, that is not the scenario always.
Prudent use of Security automation allows the teams to maintain both security and speed. The automated security testing makes the security consistent and less vulnerable to human errors. Shifting of the security practices left towards the design phase is a major advantage. It is a big achievement to catch the security loophole at the design or the development phase of a new feature. This is what DevSecOps tooling strategies aim at.
Check out this presentation and learn more about integrating security into DevOps with DevSecOps!
DevOps Roadmap 2022.pdf
Prometheus and Grafana are commonly used for observability in Kubernetes clusters. It is beneficial to unify observability across clusters for performance and cost reasons. Technologies like Thanos, Cortex, VictoriaMetrics, Datadog, and Loki can help scale Prometheus configurations. Platform teams now focus on enhancing workflows for internal customers like developers and testers. Security practices are shifting left in the development pipeline to address risks and compliance needs. Strong programming skills are important for platform engineering and SRE roles to develop tools, debug code, and ensure standards are followed. Golang is recommended over Python for platform engineering due to its concurrency, type safety, and use in large open source projects.
The Emergent Cloud Security Toolchain for CI/CD
Security is in crisis and it needs a new way to move forward. This talk from Nov 2018, Houston ISSA meeting discusses the tooling needed to rise to the demands of devops and devsecops.
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
Duration : 3 days
DevSecOps stands for development, security and operations.
DevSecOps is a technique for advancing toward IT security. DevSecOps is essential in light of the fact that while IT framework has developed significantly in the most recent decade, there hasn't been a proportionate headway in most of security and consistence observing devices.
Thusly, most apparatuses can't test code as quick as an average DevOps condition requires.
DevSecOps Training Bootcamp Course by Tonex:
DevSecOps Training Bootcamp is a 3-day down to earth DevSecOps course where members gain inside and out information and abilities to apply, actualize and improve IT security in present day DevOps.
DevSecOps is recommended for :
Security Staff
IT Leadership & IT Infrastructure
CIOs, CTOs and CSO
Configuration Managers
Developers and Application Team Members
IT Operations Staff
IT Project & Program Managers
Product Owners and Managers
Release Engineers
Agile Staff and ScrumMasters
Software Developers and Team Leads
System Admin
Course Agenda
DevOps vs. DevSecOps
DevOps Security Requirements
DevOps Typical Security Activities
Tools for Securing DevOps
Principles Behind DevSecOps
DevSecOps and Application Security
How to DevSecOps
DevSecOps Maturity
Risk Management Framework (RMF), DevOps and DevSecOps
Workshops and Group Activities :
Workshop 1: Plan for DevSecOps
Workshop 2: Secure Code Overview
Workshop 3: Create a DevSecOps plan
Request more information regarding DevSecOps IT Modernization Training Bootcamp. Visit tonex.com for course and workshop detail.
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
https://www.tonex.com/training-courses/devsecops-training-bootcamp/
Webinar–Best Practices for DevSecOps at Scale
Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where:
• The threat landscape continues to evolve.
• Application portfolios and their risk profiles continue to shift.
• Security tools are difficult to deploy, configure, and integrate into workflows.
• Consumption models continue to change.
How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering.
Today’s security professionals and software developers not only have to do more in less time; they have to do it securely. This means mitigating risk and addressing compliance requirements in an environment where:
• The threat landscape continues to evolve.
• Application portfolios and their risk profiles continue to shift.
• Security tools are difficult to deploy, configure, and integrate into workflows.
• Consumption models continue to change.
How can your internal resources keep pace in this dynamic environment? Managed application security testing can be just the relief valve your organization needs. In this webinar, we’ll discuss the need for managed application security testing, the sweet spots where it offers maximum value, what you should look for in a managed application security testing provider, and highlights from Synopsys’ Managed Services offering.
For more information, please visit our website at https://www.synopsys.com/software-integrity/managed-services.html
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Solutions (Formerly Automic) and CA Privileged Access Manager
For more information on DevSecOps, please visit: http://ow.ly/u2pN50g63tN
10 things to get right for successful dev secops
This document discusses 10 things that are important to get right for successful DevSecOps implementation. It recommends that security testing be integrated seamlessly into the development process without disrupting developers. It also advises focusing first on identifying and fixing known critical vulnerabilities in libraries and components before custom code, and accepting that not all vulnerabilities can be eliminated. Developers should receive basic secure coding training without being expected to become security experts. The overall goal is to make security processes transparent to developers in order to balance security and speed of development.
DevSecOps reference architectures 2018
DevSecOps reference architectures: Sonatype Nexus, Sonatype Nexus Lifecycle, HP Fortify, SonarQube, Jenkins, Twistlock, JIRA, Contrast, aqua, OWASP Zap, Find Bugs, Gaunltl, OWASP Depedency check, NESSUS, ThreadFix
DevOps 2018
Continuous Security / DevSecOps- Why How and What
This presentation explains what Continuous Security / DevSecOps is, Why it is important, How it works and What you can do to realized a well-engineered DevSecOps solution in your own organization or enterprise.
Take Control: Design a Complete DevSecOps Program
Designing a secure DevOps workflow is tough: Developers, testers, IT security teams, and managers all have different control points within the software development lifecycle. Additionally, each application in development and production has a unique profile and features. Then you have the different types of organizations which have different maturity levels and needs: Retail has different day-to-day priorities than Finance or Healthcare, although all industries are united by a need to defend against the current threat landscape of data breaches and ransomware.
How do you find the right touch points? How do you build application security into your DevOps workflow successfully, turning the workflow from a process into a program?
Take Control: Design a Complete DevSecOps Program
Designing a secure DevOps workflow is tough: Developers, testers, IT security teams, and managers all have different control points within the software development lifecycle. Additionally, each application in development and production has a unique profile and features. Then you have the different types of organizations which have different maturity levels and needs: Retail has different day-to-day priorities than Finance or Healthcare, although all industries are united by a need to defend against the current threat landscape of data breaches and ransomware.
How do you find the right touch points? How do you build application security into your DevOps workflow successfully, turning the workflow from a process into a program?
Product Security
The document discusses product security and how it relates to application security, infrastructure security, and security operations for a specific product or system. It argues that applying DevOps methodologies to traditional application security practices can help make security part of everyday work for developers and operations teams. This will help change an organization's security culture to focus on designing security into products from the start.
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
Your organization has already embraced the DevOps methodology? That’s a great start. But what about security?
It’s a fact - many organizations fear that adding security to their DevOps practices will severely slow down their development processes. But this doesn’t need to be the case.
Tune in to hear Jeff Martin, Senior Director of Product at WhiteSource and Anders Wallgren, VP of Technology Strategy at Cloudbees, as they discuss:
- Why traditional DevOps has shifted, and what this will mean
- Who should own security in the age of DevOps
- Which tools and strategies are needed to implement continuous security throughout the DevOps pipeline
DevOps and Devsecops- Everything you need to know.
DevOps is a software development approach that emphasizes collaboration and communication between developers and IT operations teams to streamline the development and deployment of software. DevSecOps extends DevOps by integrating security into every stage of the software development lifecycle, from planning to deployment, to ensure that security risks are identified and addressed early on.
DevOps and Devsecops What are the Differences.pdf
DevSecOps is the methodology that integrates security techniques into the DevOps process. It fosters and encourages collaboration with release engineers and security groups based on a ‘Security As Code’ concept. DevSecOps has gained recognition and importance due to the increasing security risks associated with software applications.
5 principles-securing-devops-veracode-whitepaper
The document discusses five principles for securing DevOps:
1) Automate security testing by integrating it into CI/CD pipelines.
2) Integrate security testing early to "fail quickly" and avoid issues late in the process.
3) Avoid false positives from security tests to prevent blocking critical updates.
4) Build security expertise among developers by training them in secure coding practices.
5) Maintain visibility into application security for deployed software to enable quick responses to attacks.
Similar to Detection-as-Code: Test Driven Detection Development.pdf (20)
4 approaches to integrate dev secops in development cycle
4 approaches to integrate dev secops in development cycle
What skills are necessary to become a DevOps Engineer.pdf
What skills are necessary to become a DevOps Engineer.pdf
The DevSecOps Builder’s Guide to the CI/CD Pipeline
The DevSecOps Builder’s Guide to the CI/CD Pipeline
DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps: Integrating Security Into DevOps! {Business Security}
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
DevSecOps IT Modernization Training Bootcamp for Security Staff, IT Leadership
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
Securing Your Enterprise Continuous Delivery Pipelines with CA Automation Sol...
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
From Zero to DevSecOps: How to Implement Security at the Speed of DevOps
DevOps and Devsecops- Everything you need to know.
DevOps and Devsecops- Everything you need to know.
More from Mauricio Velazco
PurpleSharp BlackHat Arsenal Asia
Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, building and testing detection capabilities will be a challenging task.
PurpleSharp is an open-source adversary simulation tool written in C# that executes adversary techniques against Windows environments. The resulting telemetry can be leveraged to measure and improve the efficacy of a detection program. PurpleSharp executes different behavior across the attack lifecycle following the MITRE ATT&CK Framework’s tactics: execution, persistence, privilege escalation, credential access, lateral movement, etc.
BSides Panama 2022
Este documento presenta PurpleSharp, una herramienta en C# que simula técnicas de ataque para generar telemetría y mejorar los programas de detección de seguridad. PurpleSharp puede ejecutar técnicas de forma remota y flexible, variando parámetros y formas de ejecución. Esto permite probar la resiliencia de las detecciones existentes y crear nuevas. El documento también incluye demostraciones de cómo PurpleSharp puede simular el descubrimiento de dominio y movimiento lateral en una red de Active Directory.
BlackHat Arsenal 2021 : PurpleSharp - Active Directory Attack Simulations
This document discusses PurpleSharp, a tool for simulating cyber attacks within Active Directory environments. PurpleSharp executes adversary techniques listed in MITRE ATT&CK and generates telemetry to help detection teams build, test, and improve detection controls. The document outlines how PurpleSharp can be deployed remotely, impersonate users, vary techniques, and focus on Active Directory. It also advertises a library of pre-made JSON playbooks that simulate AD discovery, lateral movement, and purple teaming with PurpleSharp.
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
Defending enterprise networks against attackers continues to present a difficult challenge for blue teams. Prevention has fallen short; improving detection & response capabilities has proven to be a step in the right direction. However, without the telemetry produced by adversary behavior, building new and testing existing detection capabilities will be constrained. PurpleSharp is an open source adversary simulation tool written in C# that executes adversary techniques within Windows Active Directory environments. The resulting telemetry can be leveraged to measure and improve the efficacy of a detection engineering program. PurpleSharp leverages the MITRE ATT&CK Framework and executes different techniques across the attack life cycle: execution, persistence, privilege escalation, credential access, lateral movement, etc
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
After obtaining an initial foothold, adversaries will most likely target or abuse Active Directory across the attack lifecycle to achieve operational success. It is essential for Blue Teams to design and deploy proper visibility & detection strategies for AD-based attacks and executing Adversary Simulation/Purple Team exercises can help. This talk will introduce the Active Directory Purple Team Playbook, a library of documented playbooks that describe how to simulate different adversary techniques targeting Active Directory. The playbooks can help blue teams measure detection coverage and identify enhancement opportunities. After this talk, attendees will be able to run purple team exercises against development or production Active Directory environments using open source tools.
Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...
Demo 1: https://www.youtube.com/watch?v=cpnrCkj1308
Demo 2: https://www.youtube.com/watch?v=JmtjtiI3-fc
Demo 2 1/2: https://www.youtube.com/watch?v=KRdNbYbJSiI
Demo 3: https://www.youtube.com/watch?v=6gB-upKXTZ4
Automated adversary simulation is often perceived as a hard, dangerous and complicated program to implement and run. Fear no longer, our methodology and tooling will let you test and measure your defenses throughout your production environment to test not only your detection rule’s resilience but the whole event pipeline as well as your team’s response procedures. In this talk, we’ll share with the audience the open source tools we built and the methodology we use that will allow them to hit the ground running at nearly no cost.
BlackHat 2020 Arsenal - PurpleSharp: Adversary Simulation for the Blue Team
This document discusses PurpleSharp, an open source adversary simulation tool written in C# that executes adversary techniques within Windows Active Directory environments following the ATT&CK MITRE Framework. PurpleSharp allows detection teams to build and test detection analytics, validate detection resiliency, identify gaps in visibility, verify prevention controls, and more. The document provides information on what PurpleSharp is, why it is useful, and how to access it from GitHub or its documentation site. It also previews two demos of PurpleSharp techniques for execution/persistence and discovery/defense evasion.
Bsides NYC 2018 - Hunting for Lateral Movement
This document discusses techniques for lateral movement that adversaries use to access and control remote systems on a network. It outlines various methods like exploiting vulnerabilities, abusing legitimate Windows features like Windows services, scheduled tasks, WMI, WinRM and DCOM. The document also discusses how blue teams can detect these techniques by monitoring authentication events, system events, object access logs, WMI activity and Windows remote management logs. It describes using tools like Oriana and frequency analysis to hunt for lateral movement indicators in Windows event logs collected via Windows Event Forwarding.
LimaHack 2011 - Stuxnet : El arma del futuro
Stuxnet fue un gusano informático descubierto en 2010 que apuntaba a sistemas industriales de control Siemens S7 y era capaz de modificar la velocidad y presión de las centrífugas de enriquecimiento de uranio en Irán a través de la explotación de vulnerabilidades de Windows y Siemens. El gusano se propagaba a través de USB y redes compartidas e infectaba sistemas que tuvieran instalados software específico de Siemens. Su objetivo era sabotear el programa nuclear iraní mediante el daño f
Peruhack 2015 - Cyberespionaje de Naciones
Este documento describe varios grupos de ciberespionaje y sus tácticas, técnicas y procedimientos. Incluye detalles sobre operaciones de espionaje digital llevadas a cabo por gobiernos como Stuxnet, APT1 y ataques a OPM y Hacking Team. Explica cómo grupos como Dark Hotel, Codoso y Calc Team utilizan spear phishing, waterholing y exploits de día cero para infectar objetivos y exfiltrar información. Concluye que el ciberespionaje continuará implementando nuevas técnicas a medida que se
PeruHack 2014 - Post Explotacion en Entornos Windows
Este documento presenta técnicas de post explotación en entornos Windows. Explica cómo enumerar dominios activos, obtener hashes de contraseñas locales y de dominio, moverse lateralmente entre sistemas usando técnicas como Pass the Hash, y cómo escalar privilegios a administrador de dominio accediendo a la base de datos NTDS.DIT. El objetivo es proporcionar una introducción a las herramientas y técnicas disponibles para un atacante después de haber obtenido acceso inicial a una red Windows.
Limahack 2010 - Creando exploits para GNU/Linux
Este documento presenta una introducción a Mauricio Velazco, un consultor de seguridad y hacker ético. Explica vulnerabilidades comunes en Linux como desbordamientos de búfer y pila, e introduce conceptos como fuzzing y shellcode. Muestra ejemplos de cómo explotar fallos mediante el control del registro EIP y la inyección de código malicioso.
Limahack 2009 - SSL no esta roto ... o si ?
Este documento describe varios ataques contra el protocolo SSL, incluyendo SSLstrip y ataques de certificados falsos. Explica cómo SSLstrip funciona mediante el envenenamiento de tablas ARP para interceptar tráfico HTTPS y cómo los ataques de certificados falsos pueden aprovechar vulnerabilidades en la validación de nombres comunes en certificados.
Bsides Latam 2019
Este documento presenta sobre el estado actual del Blue Team, la ingeniería de detección y la cacería de amenazas. Resume que el Blue Team asume la violación y que la detección es más importante que la prevención. También resume herramientas como ATT&CK, PurpleSharp y Oriana que ayudan a simular adversarios y mejorar la detección mediante el análisis de frecuencia y la cacería de amenazas.
ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...
Attack2jira is a tool that leverages JIRA's API and the ATTACK-Python-Client library to automate the process of setting up a JIRA project for tracking and measuring coverage of ATT&CK techniques. It creates a JIRA project with custom fields for URLs, tactics, and maturity levels. Then it creates a JIRA issue for each ATT&CK technique to interface collaboration on work logging, documentation, and comments while providing basic reporting.
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
This document discusses techniques for hunting lateral movement using Windows event logs. It describes how attackers often need to move laterally within a network and the common methods they use. It then outlines specific Windows events and logon events that can help identify lateral movement, such as Kerberos authentication events, NTLM events, logon/logoff events, and events related to services, tasks, WMI, and WinRM. It presents examples of hunting queries to detect this suspicious activity. Finally, it introduces Oriana, a threat hunting tool the author created that leverages these event types to identify outliers and suspicious user and computer behavior that could indicate lateral movement.
Defcon 27 - Writing custom backdoor payloads with C#
This workshop aims to provide attendees hands-on experience on writing custom backdoor payloads using C# for the most common command and control frameworks including Metasploit, Powershell Empire and Cobalt Strike. The workshop consists in 7 lab exercises; each of the exercises goes over a different technique that leverages C# and .NET capabilities to obtain a reverse shell on a victim Windows host. The covered techniques include raw shellcode injection, process injection, process hollowing, runtime compilation, parent pid spoofing, antivirus bypassing, etc. At the end of this workshop attendees will have a clear understanding of these techniques both from an attack and defense perspective.
https://www.defcon.org/html/defcon-27/dc-27-workshops.html
Derbycon 2017: Hunting Lateral Movement For Fun & Profit
After obtaining an initial foothold on an environment, attackers are forced to embark in lateral movement techniques in order to be successful in identifying and exfiltrating sensitive information. To stay ahead of the bad guys, the Blue team needs to have a clear understanding of these techniques as well as the forensic artifacts these techniques leave behind on the victim hosts. Armed with this knowledge, we can proactively hunt for lateral movement in the environment before exfiltration can occur. This presentation will analyze Lateral Movement from both a Red and Blue team perspective and introduce Oriana, a lateral movement hunting tool that can assist the Blue team in catching the adversary.
Bsides Long Island 2019
Threat hunting is an approach to security that assumes compromise and actively searches a network for signs of attackers without relying on alerts. It involves defining hypotheses about potential attacker behaviors, collecting relevant log and process data from systems, and analyzing that data through rules, signatures, and frequency analysis to identify anomalous activity. Several example hunts were described, including searching for unusual processes, persistence mechanisms, and lateral movement using event logs. Frequency analysis and heuristics can be used to analyze the data and detect outliers.
Bsides Baltimore 2019: Embrace the Red Enhancing detection capabilities with ...
Executing adversary simulations in properly monitored environments allows defenders to test and enhance their detection capabilities. Unfortunately, red & purple team engagements cannot be executed too often. This talk will describe the benefits of blue team led simulations by dissecting common red team techniques, show how they can be detected and release a new tool to simulate them.
More from Mauricio Velazco (20)
BlackHat Arsenal 2021 : PurpleSharp - Active Directory Attack Simulations
BlackHat Arsenal 2021 : PurpleSharp - Active Directory Attack Simulations
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
Defcon 29 Adversary Village: PurpleSharp - Automated Adversary Simulation
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
SANS Purple Team Summit 2021: Active Directory Purple Team Playbooks
Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...
Defcon Blue Team Village 2020: Purple On My Mind: Cost Effective Automated Ad...
BlackHat 2020 Arsenal - PurpleSharp: Adversary Simulation for the Blue Team
BlackHat 2020 Arsenal - PurpleSharp: Adversary Simulation for the Blue Team
PeruHack 2014 - Post Explotacion en Entornos Windows
PeruHack 2014 - Post Explotacion en Entornos Windows
ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...
ATT&CKcon 2.0 2019 - Tracking and measuring your ATT&CK coverage with ATT&CK2...
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
SANS Threat Hunting Summit 2018 - Hunting Lateral Movement with Windows Event...
Defcon 27 - Writing custom backdoor payloads with C#
Defcon 27 - Writing custom backdoor payloads with C#
Derbycon 2017: Hunting Lateral Movement For Fun & Profit
Derbycon 2017: Hunting Lateral Movement For Fun & Profit
Bsides Baltimore 2019: Embrace the Red Enhancing detection capabilities with ...
Bsides Baltimore 2019: Embrace the Red Enhancing detection capabilities with ...
Recently uploaded
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Full-RAG: A modern architecture for hyper-personalization
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
Communications Mining Series - Zero to Hero - Session 1
This session provides introduction to UiPath Communication Mining, importance and platform overview. You will acquire a good understand of the phases in Communication Mining as we go over the platform with you. Topics covered:
• Communication Mining Overview
• Why is it important?
• How can it help today’s business and the benefits
• Phases in Communication Mining
• Demo on Platform overview
• Q/A
UiPath Test Automation using UiPath Test Suite series, part 6
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
National Security Agency - NSA mobile device best practices
Threats to mobile devices are more prevalent and increasing in scope and complexity. Users of mobile devices desire to take full advantage of the features
available on those devices, but many of the features provide convenience and capability but sacrifice security. This best practices guide outlines steps the users can take to better protect personal devices and information.
“I’m still / I’m still / Chaining from the Block”
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
20240607 QFM018 Elixir Reading List May 2024
Everything I found interesting about the Elixir programming ecosystem in May 2024
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neha Bajwa, Vice President of Product Marketing, Neo4j
Join us as we explore breakthrough innovations enabled by interconnected data and AI. Discover firsthand how organizations use relationships in data to uncover contextual insights and solve our most pressing challenges – from optimizing supply chains, detecting fraud, and improving customer experiences to accelerating drug discoveries.
UiPath Test Automation using UiPath Test Suite series, part 5
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
Climate Impact of Software Testing at Nordic Testing Days
My slides at Nordic Testing Days 6.6.2024
Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Join Maher Hanafi, VP of Engineering at Betterworks, in this new session where he'll share a practical framework to transform Gen AI prototypes into impactful products! He'll delve into the complexities of data collection and management, model selection and optimization, and ensuring security, scalability, and responsible use.
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Discover how MongoDB Atlas and vector search technology can revolutionize your application's search capabilities. This comprehensive presentation covers:
* What is Vector Search?
* Importance and benefits of vector search
* Practical use cases across various industries
* Step-by-step implementation guide
* Live demos with code snippets
* Enhancing LLM capabilities with vector search
* Best practices and optimization strategies
Perfect for developers, AI enthusiasts, and tech leaders. Learn how to leverage MongoDB Atlas to deliver highly relevant, context-aware search results, transforming your data retrieval process. Stay ahead in tech innovation and maximize the potential of your applications.
#MongoDB #VectorSearch #AI #SemanticSearch #TechInnovation #DataScience #LLM #MachineLearning #SearchTechnology
Recently uploaded (20)
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
National Security Agency - NSA mobile device best practices
National Security Agency - NSA mobile device best practices
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Elizabeth Buie - Older adults: Are we really designing for our future selves?
Elizabeth Buie - Older adults: Are we really designing for our future selves?
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Generative AI Deep Dive: Advancing from Proof of Concept to Production
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Unlock the Future of Search with MongoDB Atlas_ Vector Search Unleashed.pdf
Detection-as-Code: Test Driven Detection Development.pdf
- 1. Detection-as-Code: Test Driven Detection Development Mauricio Velazco @mvelazco
- 2. #whoami ✘ Threat Research @ Splunk ✘ @mvelazco ✘ Bsides, Derbycon, Defcon, BlackHat ✘ github.com/mvelazc0
- 6. Detection Engineering Continuous process of building, deploying, tuning and operating detection analytics while applying engineering concepts.
- 10. Test Detections Jose Hernandez and Patrick Bareiss, RSA 2020
- 11. Detection Language Version Control System Automated Workflows Test-Driven- Development Detection as Code Principles Jose Hernandez and Patrick Bareiss, RSA 2020
- 12. Test Driven Development … software development process relying on software requirements being converted to test cases before software is fully developed… https://www.kaizenko.com/what-is-test-driven-development-tdd/
- 13. Testing Detections Jose Hernandez and Patrick Bareiss, RSA 2020
- 14. Takeaways Applying engineering practices to detection programs can improve your security posture. To shift to test driven development, teams need the capability to replicate attacks.
- 15. Detection-as-Code: Test Driven Detection Development Mauricio Velazco @mvelazco