This talk combines two of the OWASP top ten security risks:
* Injections (A1:2017): We are using a simple application that is exploitable by an injection and will then secure it with ModSecurity.
* Insufficient Logging & Monitoring (A10:2017): We are logging and monitoring the application both with and without ModSecurity with the open source Elastic Stack.
To make it more interactive the audience has to do the injections, which we are then live monitoring and mitigating with ModSecurity.
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondPriyanka Aash
Based on investigations of real-world attacks, Microsoft Office 365 cybersecurity experts provide a prescriptive approach to identifying and implementing the most critical security controls to protect your Office 365 tenant. You will learn threats and defenses change from on-premises attacks and what Microsoft recommends for quickly protecting against the most likely and impactful risks.
(Source: RSA Conference USA 2018)
CIS14: Best Practices You Must Apply to Secure Your APIsCloudIDSummit
Scott Morrison, CA Technologies
Good practices to put in place and the common security antipatterns you must avoid to ensure your company’s APIs are reliable, safe and secure; includes top ways hackers exploit APIs in the wild, common identity pitfalls and how to avoid them, why OAuth scopes are essential to master, and how to keep web developers from bringing bad habits with them.
In this talk we will present a middleware async architecture based on Expressive and Swoole to speed up web API development and runtime in PHP. Using this approach, you will be able to achieve great performance improvement, up to 4x faster than nginx or Apache (benchmark).
Preventing Vulnerabilities in SAP HANA based DeploymentsOnapsis Inc.
Companies nowadays are choosing in between on-premise, cloud and hybrid deployment models. The common factor across all these scenarios is the underlying platform, used in the background to run all on-premise and cloud-based applications developed by SAP. This platform is called SAP HANA, which is an in-memory database and application server, that serves an increasing number of business applications, providing cutting edge features and performance.
Vulnerabilities affecting SAP HANA have now an increased attack surface, as these could be abused to compromise many diverse deployments and many customers, if the customers are not properly taking care of this risks.
Join us on this presentation to learn about diverse attack vectors affecting current SAP solutions, on-premise and cloud-based. You will not only learn technical details about these vulnerabilities, but also understand how to prevent and detect attacks to our crown jewels, running on HANA.
Attacks Based on Security ConfigurationsOnapsis Inc.
Many large companies, as well as large government and defense organizations, have something in common: they rely on SAP platforms to process their business critical processes and information. Because of the sensitive nature of the information stored in these complex implementations, they are quickly becoming an attractive target for cyber-criminals looking to perform espionage, sabotage or financial fraud attacks by gaining access to the organizations’ crown jewels.
Securing these large and complex SAP implementations can be an ongoing, complicated and pain-staking task which requires specialized SAP security knowledge. This task encompasses managing the SoD process, patch (Security Note) management and implementation, analyzing interfaces and configuring the systems properly and securely (among many other things). One of the first and most important steps in starting the process of securing SAP implementations is the need to configure SAP application servers in a secure way. This task is not easy, as a SAP system has hundreds of different configurations which can be modified and a wrong setting or combination of settings can introduce large amounts of risk.
During this presentation, Onapsis CTO, Juan Perez-Etchegoyen explained some of the risks a default or insecure setting could introduce to the whole SAP infrastructure. You will see real life examples of these misconfigurations, and the threats introduced by them through several live demos. He will also explain how organizations can begin a process of securely configuring these systems.
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
A surprising trend is starting to emerge among organizations who are progressing through the cloud maturity lifecycle: major improvements in revenue growth, customer satisfaction, and mission success are being directly attributed to improvements in security and compliance. At one time thought of as speed bumps in the path to deployment, security and compliance are now seen as critical ingredients that help organizations differentiate their offerings in the market, win more deals, and achieve mission-critical goals faster. This session explores how organizations like Jive Software and the National Geospatial Agency use the Evident Security Platform, AWS, and AWS Quick Starts to automate security and compliance processes in their organization to accomplish more, do it faster, and deliver better results.
Session sponsored by Evident.io
Office 365 Security: Top Priorities for 30 Days, 90 Days and BeyondPriyanka Aash
Based on investigations of real-world attacks, Microsoft Office 365 cybersecurity experts provide a prescriptive approach to identifying and implementing the most critical security controls to protect your Office 365 tenant. You will learn threats and defenses change from on-premises attacks and what Microsoft recommends for quickly protecting against the most likely and impactful risks.
(Source: RSA Conference USA 2018)
CIS14: Best Practices You Must Apply to Secure Your APIsCloudIDSummit
Scott Morrison, CA Technologies
Good practices to put in place and the common security antipatterns you must avoid to ensure your company’s APIs are reliable, safe and secure; includes top ways hackers exploit APIs in the wild, common identity pitfalls and how to avoid them, why OAuth scopes are essential to master, and how to keep web developers from bringing bad habits with them.
In this talk we will present a middleware async architecture based on Expressive and Swoole to speed up web API development and runtime in PHP. Using this approach, you will be able to achieve great performance improvement, up to 4x faster than nginx or Apache (benchmark).
Preventing Vulnerabilities in SAP HANA based DeploymentsOnapsis Inc.
Companies nowadays are choosing in between on-premise, cloud and hybrid deployment models. The common factor across all these scenarios is the underlying platform, used in the background to run all on-premise and cloud-based applications developed by SAP. This platform is called SAP HANA, which is an in-memory database and application server, that serves an increasing number of business applications, providing cutting edge features and performance.
Vulnerabilities affecting SAP HANA have now an increased attack surface, as these could be abused to compromise many diverse deployments and many customers, if the customers are not properly taking care of this risks.
Join us on this presentation to learn about diverse attack vectors affecting current SAP solutions, on-premise and cloud-based. You will not only learn technical details about these vulnerabilities, but also understand how to prevent and detect attacks to our crown jewels, running on HANA.
Attacks Based on Security ConfigurationsOnapsis Inc.
Many large companies, as well as large government and defense organizations, have something in common: they rely on SAP platforms to process their business critical processes and information. Because of the sensitive nature of the information stored in these complex implementations, they are quickly becoming an attractive target for cyber-criminals looking to perform espionage, sabotage or financial fraud attacks by gaining access to the organizations’ crown jewels.
Securing these large and complex SAP implementations can be an ongoing, complicated and pain-staking task which requires specialized SAP security knowledge. This task encompasses managing the SoD process, patch (Security Note) management and implementation, analyzing interfaces and configuring the systems properly and securely (among many other things). One of the first and most important steps in starting the process of securing SAP implementations is the need to configure SAP application servers in a secure way. This task is not easy, as a SAP system has hundreds of different configurations which can be modified and a wrong setting or combination of settings can introduce large amounts of risk.
During this presentation, Onapsis CTO, Juan Perez-Etchegoyen explained some of the risks a default or insecure setting could introduce to the whole SAP infrastructure. You will see real life examples of these misconfigurations, and the threats introduced by them through several live demos. He will also explain how organizations can begin a process of securely configuring these systems.
From Obstacle to Advantage: The Changing Role of Security & Compliance in You...Amazon Web Services
A surprising trend is starting to emerge among organizations who are progressing through the cloud maturity lifecycle: major improvements in revenue growth, customer satisfaction, and mission success are being directly attributed to improvements in security and compliance. At one time thought of as speed bumps in the path to deployment, security and compliance are now seen as critical ingredients that help organizations differentiate their offerings in the market, win more deals, and achieve mission-critical goals faster. This session explores how organizations like Jive Software and the National Geospatial Agency use the Evident Security Platform, AWS, and AWS Quick Starts to automate security and compliance processes in their organization to accomplish more, do it faster, and deliver better results.
Session sponsored by Evident.io
https://getnobullshit.com/
Nous savons tous développer une API mais avons-nous bien intégré toutes les problématiques?
Son aspect organisationnel et humain, sa gouvernance, ses contraintes business et d'opérabilité (SLA, SLO, SLI), son release management, ses méthodes de requêtage, sa sécurité (ses performances, sa mise à l'échelle), ses différents types de test, sa documentation, son versioning (compatibilité, changelog), son monitoring — et bien plus encore — de cette API une fois en production ?
Durant ce talk, c'est plus de 30 points d'attentions rarement évoqué que je vous propose d'aborder, à la lumière de retours d'expériences provenant de tech-leader comme Uber, Stripe, Facebook et Google mais aussi d'entreprise française de la petite startup à la PME.
Exploiting Critical Attack Vectors to Gain Control of SAP SystemsOnapsis Inc.
The largest organizations in the world rely on SAP platforms to run their critical processes and keep their business crown jewels: financial information, customers data, intellectual property, credit cards, human resources salaries, sensitive materials, suppliers and more. Everything is there – and attackers know it.
This presentation will highlight three attack vectors targeting SAP.
- SAP Portal Header Authentication
- Verb Tampering
- Abuse of JAVA Core Services
You will learn techniques to mitigate these threats.
Another Atlassian 'summit' is completed, summer is beckoning and we are all eager to take on some new projects, right? Join us as Andrew and Dileep, NYCE ACE Community Leaders, present all the top announcements and highlights of Team 21 and Jean-Phillipe Comeau, Adaptavist, discusses how you can 'translate' your favorite ScriptRunner scripts and bring automation to the cloud.
In the agile, lean, devops communities people talk about improving security by "shifting left". Patterns and tools are emerging, or re-emerging, that make security less of a pain in the development process while also making applications more secure.
"Document your development code" reflects the significance of documentation in software development projects.
About the Author:
Kapil Raj Nakhwa is the lead Ruby and Ruby on Rails developer at Jyaasa.
About Us:
Jyaasa is a Ruby on Rails consulting and Software Development Company specializing in developing web and mobile based solutions for startups.
Agenda
1) Scratch Org VS Sandbox Development
2) SalesforceDX source code format from traditional format
3) Winter 19 Salesforce Source Commands (Retrieve, Deploy and Delete)
4) Using Salesforce Extensions For VSCode against Non-scratch orgs
5) Auto Generating package.xml from changesets and unmanaged package
6) Setting Developer Workflows for Salesforce application development and debugging (ISV apps and changeset based development)
7) Deploying metadata from one org to another using Vscode extensions
Lambda Architecture in the Cloud with Azure Databricks with Andrei VaranovichDatabricks
The term “Lambda Architecture” stands for a generic, scalable and fault-tolerant data processing architecture. As the hyper-scale now offers a various PaaS services for data ingestion, storage and processing, the need for a revised, cloud-native implementation of the lambda architecture is arising.
In this talk we demonstrate the blueprint for such an implementation in Microsoft Azure, with Azure Databricks — a PaaS Spark offering – as a key component. We go back to some core principles of functional programming and link them to the capabilities of Apache Spark for various end-to-end big data analytics scenarios.
We also illustrate the “Lambda architecture in use” and the associated tread-offs using the real customer scenario – Rijksmuseum in Amsterdam – a terabyte-scale Azure-based data platform handles data from 2.500.000 visitors per year.
What Do Defects Really Cost? Much More Than You ThinkTechWell
As software increasingly becomes the face of the business, defects can lead to embarrassment, financial loss, and even business failure. Nevertheless, in response to today's demand for speed and “continuous everything,” the software delivery conveyer belt keeps moving faster and faster. It's foolhardy to expect that speeding up an already-troubled implementation process will achieve the desired results. Wayne Ariola shares why and how to evolve from automated to continuous testing and discusses the methods to help you do so. Explore how to establish quality gates that continuously measure software vs. business expectations, allowing you to confidently and automatically promote software from one phase of the SDLC to the next. Learn strategies—how to promote collaborative risk reduction, collapse remediation cycle time, and establish a feedback loop for defect prevention—to remove SDLC constraints without compromising quality.
In this talk from Codemotion 2018 In this talk, we will show how to design and build microservices in PHP. We will use Expressive (https://getexpressive.org/), an open source framework based on PSR-7 and PSR-15 standards, to build the services and Swoole (https://www.swoole.co.uk/), a PECL extension for async programming in PHP. We will demonstrate how to build web APIs in PHP using a middleware approach and how to execute as microservices using Swoole, without the usage of a web server like Apache or Nginx.
Inception of the SAP Platform's Brain: Attacks on SAP Solution ManagerOnapsis Inc.
Global Fortune 1000 companies, major governmental organizations and defense agencies, share something in common: they all rely on SAP platforms to handle their most critical business processes and iinformation. In this scenario, any criminal cyber attacks seeking to conduct espionage, sabotage, or financial fraud, knows that these systems contain the jewels in the crown.
In all SAP implementations there is a special system that acts as the "brain" of the platform: the SAP Solution Manager. Using proprietary interfaces and protocols, the Solution Manager connects and manages all SAP "satellites" of implementation (ERP, CRM, SCM, etc.) systems. Therefore, if an attacker compromises the SolMan, might be able to expand its control over all environments that are under control. Moreover, because of weaknesses in architecture, a malicious group would be possible to start by compromising one of the first satellite systems, and use it as a pivot to control the SolMan.
In this talk we present, through various live demonstrations, novel attack vectors that a hacker can use in intrusion attempt to SAP Solution Manager, and result in a total compromise to the SAP implementation. We will analyze the technical origins of vulnerabilities that allow such attacks, and give you mitigation information about these threats in your organization.
The Digital Imperative >> Keynote MasteringSAP Analytics Joburg, ZAWaldemar Adams
The Digital Imperative Keynote at MasteringSAP Analytics event Johannesburg, ZA March 14th 2016
http://www.masteringsap.co.za/ba/agenda
The Eventful Group
Scalable code Design with slimmer Django models .. and moreDawa Sherpa
Code scalability is the capability to allow your software and processes to allow increase in productivity efficiently when you add new engineers.
Scalable code design strategy:
* Design for human in mind
* Focus on productivity leak areas
* How fat models are bad for code scalability
La plateforme d'Intégration Oracle Cloud élimine les barrières entre les applications d'entreprise grâce à une combinaison d'apprentissage automatique, de recommandations intégrées des meilleures pratiques, d'intégration prédéfinie et d'automatisation des processus.
La plateforme d'Intégration Oracle Cloud est UNIQUE sur le marché en tirant parti de l'expertise en applications Oracle pour créer une bibliothèque complète d'adaptateurs pour les applications SaaS et On-Promise Oracle et tiers, afin de vous permettre de fournir de nouveaux services plus rapidement.
Sujet de mon dernier meetup que j'ai animé 18Juillet 2019 derneir , c'était l'occasion pour nos participants et nos clients de découvrir notre plateforme d'Intégration Oracle Cloud Unifiée , Simple et Complète avec la présentation en exclusivité de l'intégration "Social Integration" qui notifie des tweets sur votre profil à chaque changement des horaires du vol , réalisé en 10 minutes seulement .
Je vous partage mon support du meetup Découvrons Oracle Cloud Platform for Integration - OIC , du 18 Juillet 2019 :)
Trouvez également le planning de nos prochains meetups Oracle Cloud services >>> https://www.meetup.com/fr-FR/Oracle-Developer-Meetup-France
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™ Symmetry™
Enterprises today use the cloud for applications all across their IT landscape for tools like email, Salesforce, ServiceNow and more. Cost savings, operational stability, and reduced management effort are all proven advantages. But when we consider moving mission-critical systems at the heart of business such as SAP HANA – there is significant angst and uncertainty among IT and security professionals. Tom Evgey – Director of Cloud, Onapsis and Scott Goolik – VP of Compliance & Security, Symmetry explore various security issues organizations are facing when it comes to SAP HANA cloud deployments. During this presentation, we outline foundational elements and best practices for organizations to follow as they build a comprehensive security program when migrating SAP implementations to the cloud.
Security testing is a huge topic. In this talk, Ken will discuss his experience working for small companies where security testing is a requirement, but often gets overlooked. Ken will explore some of the basic things a tester should know about web application security, such as the resources available from OWASP. As part of this talk, Ken will live demo the following tools:
OWASP Zed Attack Proxy
Microsoft Thread Modeling tool
Wireshark / tcpdump
sqlmap (SQL exploitation tool)
Attendees will take away:
A quick overview of some tools that you can use on a daily basis today
Resources to learn more about security testing
Ways of practicing it in a safe environment
DevOps Fest 2020. Сергій Калінець. Building Data Streaming Platform with Apac...DevOps_Fest
Apache Kafka зараз на хайпі. Все більше компаній починають використовувати її, як message bus. Проте Kafka може набагато більше, аніж бути просто транспортом. Її реальна міць і краса розкриваються, коли Kafka стає центральною нервовою системою вашої архітектури. Вона швидка, надійна і доволі гнучка для різних сценаріїв використання.
На цій доповіді Сергій поділитися досвідом побудови data streaming платформи. Ми поговоримо про те, як Kafka працює, як її потрібно конфігурувати і в які халепи можна потрапити, якщо Kafka використовується неоптимально.
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CDDevOps_Fest
CI/CD process has been something your DevOps engineer purpose-built for your team. But with Kubernetes & cloud-native, that’s becoming “legacy.” The rising level of platform abstraction allows all the good practices that the industry has developed over time to be integrated, hidden, and simplified behind just one practice called “GitOps.” That simplified world is what Jenkins X enables.
We will discuss GitOps, Jenkins X, and how that combination drastically simplifies cloud-native web app development. You’ll understand why traditional DevOps is not suitable in a Kubernetes and cloud-native world, explore GitOps principles and discover how they facilitate high-velocity app development.
And finally, Kohsuke will make a fool of himself by talking about the future — now that Jenkins X simplifies the CD process, where is the next frontier?
More Related Content
Similar to DevOps Fest 2019. Philipp Krenn. Hands-On ModSecurity and Logging
https://getnobullshit.com/
Nous savons tous développer une API mais avons-nous bien intégré toutes les problématiques?
Son aspect organisationnel et humain, sa gouvernance, ses contraintes business et d'opérabilité (SLA, SLO, SLI), son release management, ses méthodes de requêtage, sa sécurité (ses performances, sa mise à l'échelle), ses différents types de test, sa documentation, son versioning (compatibilité, changelog), son monitoring — et bien plus encore — de cette API une fois en production ?
Durant ce talk, c'est plus de 30 points d'attentions rarement évoqué que je vous propose d'aborder, à la lumière de retours d'expériences provenant de tech-leader comme Uber, Stripe, Facebook et Google mais aussi d'entreprise française de la petite startup à la PME.
Exploiting Critical Attack Vectors to Gain Control of SAP SystemsOnapsis Inc.
The largest organizations in the world rely on SAP platforms to run their critical processes and keep their business crown jewels: financial information, customers data, intellectual property, credit cards, human resources salaries, sensitive materials, suppliers and more. Everything is there – and attackers know it.
This presentation will highlight three attack vectors targeting SAP.
- SAP Portal Header Authentication
- Verb Tampering
- Abuse of JAVA Core Services
You will learn techniques to mitigate these threats.
Another Atlassian 'summit' is completed, summer is beckoning and we are all eager to take on some new projects, right? Join us as Andrew and Dileep, NYCE ACE Community Leaders, present all the top announcements and highlights of Team 21 and Jean-Phillipe Comeau, Adaptavist, discusses how you can 'translate' your favorite ScriptRunner scripts and bring automation to the cloud.
In the agile, lean, devops communities people talk about improving security by "shifting left". Patterns and tools are emerging, or re-emerging, that make security less of a pain in the development process while also making applications more secure.
"Document your development code" reflects the significance of documentation in software development projects.
About the Author:
Kapil Raj Nakhwa is the lead Ruby and Ruby on Rails developer at Jyaasa.
About Us:
Jyaasa is a Ruby on Rails consulting and Software Development Company specializing in developing web and mobile based solutions for startups.
Agenda
1) Scratch Org VS Sandbox Development
2) SalesforceDX source code format from traditional format
3) Winter 19 Salesforce Source Commands (Retrieve, Deploy and Delete)
4) Using Salesforce Extensions For VSCode against Non-scratch orgs
5) Auto Generating package.xml from changesets and unmanaged package
6) Setting Developer Workflows for Salesforce application development and debugging (ISV apps and changeset based development)
7) Deploying metadata from one org to another using Vscode extensions
Lambda Architecture in the Cloud with Azure Databricks with Andrei VaranovichDatabricks
The term “Lambda Architecture” stands for a generic, scalable and fault-tolerant data processing architecture. As the hyper-scale now offers a various PaaS services for data ingestion, storage and processing, the need for a revised, cloud-native implementation of the lambda architecture is arising.
In this talk we demonstrate the blueprint for such an implementation in Microsoft Azure, with Azure Databricks — a PaaS Spark offering – as a key component. We go back to some core principles of functional programming and link them to the capabilities of Apache Spark for various end-to-end big data analytics scenarios.
We also illustrate the “Lambda architecture in use” and the associated tread-offs using the real customer scenario – Rijksmuseum in Amsterdam – a terabyte-scale Azure-based data platform handles data from 2.500.000 visitors per year.
What Do Defects Really Cost? Much More Than You ThinkTechWell
As software increasingly becomes the face of the business, defects can lead to embarrassment, financial loss, and even business failure. Nevertheless, in response to today's demand for speed and “continuous everything,” the software delivery conveyer belt keeps moving faster and faster. It's foolhardy to expect that speeding up an already-troubled implementation process will achieve the desired results. Wayne Ariola shares why and how to evolve from automated to continuous testing and discusses the methods to help you do so. Explore how to establish quality gates that continuously measure software vs. business expectations, allowing you to confidently and automatically promote software from one phase of the SDLC to the next. Learn strategies—how to promote collaborative risk reduction, collapse remediation cycle time, and establish a feedback loop for defect prevention—to remove SDLC constraints without compromising quality.
In this talk from Codemotion 2018 In this talk, we will show how to design and build microservices in PHP. We will use Expressive (https://getexpressive.org/), an open source framework based on PSR-7 and PSR-15 standards, to build the services and Swoole (https://www.swoole.co.uk/), a PECL extension for async programming in PHP. We will demonstrate how to build web APIs in PHP using a middleware approach and how to execute as microservices using Swoole, without the usage of a web server like Apache or Nginx.
Inception of the SAP Platform's Brain: Attacks on SAP Solution ManagerOnapsis Inc.
Global Fortune 1000 companies, major governmental organizations and defense agencies, share something in common: they all rely on SAP platforms to handle their most critical business processes and iinformation. In this scenario, any criminal cyber attacks seeking to conduct espionage, sabotage, or financial fraud, knows that these systems contain the jewels in the crown.
In all SAP implementations there is a special system that acts as the "brain" of the platform: the SAP Solution Manager. Using proprietary interfaces and protocols, the Solution Manager connects and manages all SAP "satellites" of implementation (ERP, CRM, SCM, etc.) systems. Therefore, if an attacker compromises the SolMan, might be able to expand its control over all environments that are under control. Moreover, because of weaknesses in architecture, a malicious group would be possible to start by compromising one of the first satellite systems, and use it as a pivot to control the SolMan.
In this talk we present, through various live demonstrations, novel attack vectors that a hacker can use in intrusion attempt to SAP Solution Manager, and result in a total compromise to the SAP implementation. We will analyze the technical origins of vulnerabilities that allow such attacks, and give you mitigation information about these threats in your organization.
The Digital Imperative >> Keynote MasteringSAP Analytics Joburg, ZAWaldemar Adams
The Digital Imperative Keynote at MasteringSAP Analytics event Johannesburg, ZA March 14th 2016
http://www.masteringsap.co.za/ba/agenda
The Eventful Group
Scalable code Design with slimmer Django models .. and moreDawa Sherpa
Code scalability is the capability to allow your software and processes to allow increase in productivity efficiently when you add new engineers.
Scalable code design strategy:
* Design for human in mind
* Focus on productivity leak areas
* How fat models are bad for code scalability
La plateforme d'Intégration Oracle Cloud élimine les barrières entre les applications d'entreprise grâce à une combinaison d'apprentissage automatique, de recommandations intégrées des meilleures pratiques, d'intégration prédéfinie et d'automatisation des processus.
La plateforme d'Intégration Oracle Cloud est UNIQUE sur le marché en tirant parti de l'expertise en applications Oracle pour créer une bibliothèque complète d'adaptateurs pour les applications SaaS et On-Promise Oracle et tiers, afin de vous permettre de fournir de nouveaux services plus rapidement.
Sujet de mon dernier meetup que j'ai animé 18Juillet 2019 derneir , c'était l'occasion pour nos participants et nos clients de découvrir notre plateforme d'Intégration Oracle Cloud Unifiée , Simple et Complète avec la présentation en exclusivité de l'intégration "Social Integration" qui notifie des tweets sur votre profil à chaque changement des horaires du vol , réalisé en 10 minutes seulement .
Je vous partage mon support du meetup Découvrons Oracle Cloud Platform for Integration - OIC , du 18 Juillet 2019 :)
Trouvez également le planning de nos prochains meetups Oracle Cloud services >>> https://www.meetup.com/fr-FR/Oracle-Developer-Meetup-France
Secure HANA in the Cloud | Mitigating Internal & External Threats | Symmetry™ Symmetry™
Enterprises today use the cloud for applications all across their IT landscape for tools like email, Salesforce, ServiceNow and more. Cost savings, operational stability, and reduced management effort are all proven advantages. But when we consider moving mission-critical systems at the heart of business such as SAP HANA – there is significant angst and uncertainty among IT and security professionals. Tom Evgey – Director of Cloud, Onapsis and Scott Goolik – VP of Compliance & Security, Symmetry explore various security issues organizations are facing when it comes to SAP HANA cloud deployments. During this presentation, we outline foundational elements and best practices for organizations to follow as they build a comprehensive security program when migrating SAP implementations to the cloud.
Security testing is a huge topic. In this talk, Ken will discuss his experience working for small companies where security testing is a requirement, but often gets overlooked. Ken will explore some of the basic things a tester should know about web application security, such as the resources available from OWASP. As part of this talk, Ken will live demo the following tools:
OWASP Zed Attack Proxy
Microsoft Thread Modeling tool
Wireshark / tcpdump
sqlmap (SQL exploitation tool)
Attendees will take away:
A quick overview of some tools that you can use on a daily basis today
Resources to learn more about security testing
Ways of practicing it in a safe environment
Similar to DevOps Fest 2019. Philipp Krenn. Hands-On ModSecurity and Logging (20)
DevOps Fest 2020. Сергій Калінець. Building Data Streaming Platform with Apac...DevOps_Fest
Apache Kafka зараз на хайпі. Все більше компаній починають використовувати її, як message bus. Проте Kafka може набагато більше, аніж бути просто транспортом. Її реальна міць і краса розкриваються, коли Kafka стає центральною нервовою системою вашої архітектури. Вона швидка, надійна і доволі гнучка для різних сценаріїв використання.
На цій доповіді Сергій поділитися досвідом побудови data streaming платформи. Ми поговоримо про те, як Kafka працює, як її потрібно конфігурувати і в які халепи можна потрапити, якщо Kafka використовується неоптимально.
DevOps Fest 2020. Kohsuke Kawaguchi. GitOps, Jenkins X & the Future of CI/CDDevOps_Fest
CI/CD process has been something your DevOps engineer purpose-built for your team. But with Kubernetes & cloud-native, that’s becoming “legacy.” The rising level of platform abstraction allows all the good practices that the industry has developed over time to be integrated, hidden, and simplified behind just one practice called “GitOps.” That simplified world is what Jenkins X enables.
We will discuss GitOps, Jenkins X, and how that combination drastically simplifies cloud-native web app development. You’ll understand why traditional DevOps is not suitable in a Kubernetes and cloud-native world, explore GitOps principles and discover how they facilitate high-velocity app development.
And finally, Kohsuke will make a fool of himself by talking about the future — now that Jenkins X simplifies the CD process, where is the next frontier?
DevOps Fest 2020. Барух Садогурский и Леонид Игольник. Устраиваем DevOps без ...DevOps_Fest
Казалось бы, доклад про устроение DevOps должен быть про настройку Дженкинса, но нет! Этот доклад для тех, кто понимает, что DevOps — это история про культуру, коллаборацию и общение, но не очень представляет, как будучи скромным исполнителем или тимлидом, повлиять на целый энтерпрайз, и сдвинуть организацию в сторону DevOps. Барух расскажет какими методами можно воспользоваться для влияния на stake–holder-ов, что кому говорить, как мотивировать, и как работать с возражениями. Пожалуй, за исключением парапсихологических практик и гипноза (которые не стоит раскрывать неокрепшим умам), на этом докладе будут обозрены все способы влиять, не имея полномочий на благо наступления повсеместного DevOps в индустрии.
DevOps Fest 2020. James Spiteri. Advanced Security Operations with Elastic Se...DevOps_Fest
How does your organization detect and respond to cyber threats?
Learn how the latest security capabilities in the Elastic Stack enable interactive exploration and automated analysis, an endpoint protection product to fully combine prevention, detection, and response into a single autonomous agent and unsupervised machine learning to reduce false positives and spot anomalies — all at the speed and scale your security practitioners need to defend your organization.
It doesn’t stop there - this session will also cover how security teams use Canvas, Maps, and other Kibana elements to triage events and perform initial investigations.
DevOps Fest 2020. Pavlo Repalo. Edge Computing: Appliance and ChallangesDevOps_Fest
Over the last years booming of cloud technologies created a lot of opportunities for business and together with IoT expansion established new niche: Edge Computing. Since it's one of the first speech within the UA community we will go through main points about the origin, business use cases, main frameworks, and challenges. Why DevOps people should start learning embedded programming aspects and why we shouldn't allow to register a cloud node after reboot? That's the questions what we'll also review with professional part of the audience.
DevOps Fest 2020. Максим Безуглый. DevOps - как архитектура в процессе. Две к...DevOps_Fest
Сотни вопросов о структуре и процессах, которые ставят и решают архитекторы и практики DevOps на примере решений в своем проекте.
Взаимоопределяющие вопросы архитектуры, DevOps, бизнеса и разработки.
Взрыв сложности - представьте, что вместо простого gmail подобного почтового SPA вам нужно построить и развивать новый sendmail на сервере + thunderbird для клиентов (desktop, мобильную и веб версию) по SAAS multi tenant модели.
DevOps Fest 2020. Павел Жданов та Никора Никита. Построение процесса CI\CD дл...DevOps_Fest
Хотя на первый взгляд кажется, что нет никакой разницы, в действительности проприетарные и opensource проекты имеют большое отличие в реализации CI\CD process. Разные команды к которым добавляются неучтенные котрибьютеры работают в разных временных зонах, разработка ведется в условиях недостаточной коммуникации. За добавление новых изменений отвечает не один или несколько человек, а консорциум. В результате, процесс внесения изменений слишком затягивается, увеличивая потенциальные конфликты не только в файлах но и бизнес логике. Все эти особенности вносят свое влияние на устройство CI\CD для open source project. Как он устроен мы и расскажем в нашем докладе.
DevOps Fest 2020. Станислав Коленкин. How to connect non-connectible: tips, t...DevOps_Fest
Сегодня сложно не использовать облачные решение и их возможности в цифровом мире. Конкуренция между облачными провайдерами приводит к высокому качеству и большому выбору услуг, а GCP и AWS являются одними из лидеров на рынке облачных услуг. Они имеют огромные различия в услугах и возможностях, что очень затрудняет ответ на вопрос "Какой же клауд провайдер выбрать?"
Бизнес решения не редко сходится на том, чтобы не выбирать преимущества среди обоих провайдеров, а использовать преимущества обеих (или более) провайдеров с необходимыми сервисами. Так же не стоит забывать про необходимость в bare-metal решениях. Все эти потребности создают огромное количество новых проблем и сложностей для инженеров и архитекторов.
А сегодня мы поговорим с вами о том какие проблемы возникают при деплойменте приложений нашего стека в разные клауды.
DevOps Fest 2020. Андрій Шабалін. Distributed Tracing for microservices with ...DevOps_Fest
Зараз, в 2020 році, певно немає таких людей, які не використовують чи не чули про мікросервіси. Складність таких системам полягає не лише в правильному проектуванні на етапі створення і розробки, але і самій експлуатації. У роботі в таких розподілених системах команді неодмінно доведеться зіткнутися з челенджами пошуку “bottlenecks” і відсутністю повної картини комунікації сервісів.
У розподілених системах метрики та логи не завжди дають достатньо інформації для пошуку проблем, оскільки вони продукують дані що відносяться до конкретних компонент системи та не покриває їх взаємодії в цілому. Ця доповідь буде присвячена вирішенню проблем з “observability” та “application performance monitoring” за допомогою підходу “distributed tracing” з Jaeger.
DevOps Fest 2020. Дмитрий Кудрявцев. Реализация GitOps на Kubernetes. ArgoCDDevOps_Fest
Kubernetes став стандартом для обчислювальних платформ і багато хто вже адаптував цю платформу як основну. Особливістю цієї платформи є нетипова система управління конфігураціями.
На презентації ми розглянемо що являє собою декларативний конфігураційний менеджмент. Чому Kustomize для нас є найкращим інструментом. І як за допомогою ArgoCD розгорнути Kubeflow на Kubernetes кластері.
DevOps Fest 2020. Роман Орлов. Инфраструктура тестирования в KubernetesDevOps_Fest
Сегодня многие сервисы, которые два года назад жили в Docker контейнерах, переезжают в Kubernetes. И инфраструктура тестирования не исключение. В своем докладе я хочу рассказать чем Kubernetes может быть полезен для внутренней инфраструктуры, и как мы используем Kubernetes для организации Selenium-тестирования. Вы узнаете как мы прошли путь от «голого» железа до «кубера», что это дало и какую можно получить экономию. На реальных примерах вы увидите как мы работаем с Kubernetes API, как запускаем Windows в Kubernetes, а также наши «грабли» и best practices.
DevOps Fest 2020. Андрей Шишенко. CI/CD for AWS Lambdas with Serverless frame...DevOps_Fest
Доклад рассказывает, как оптимизировать и автоматизировать процесс активной разработки и деплоймента serverless приложений/микросервисов. Сравниваются разные подходы в разворачивании serverless стека на AWS (API GW + Lambda), В процессе презентации я поясню, почему мы выбрали Gitlab-Ci, а не Jenkins ,как CI/CD движок, почему мы выбрали Serverless Framework, а не AWS SAM, как способ разворачивания Serverless приложений. В презентации я покажу, как легко с помощью данного технического решения описывать комплексные задачи, их мониторинг, алертинг, обеспечивать безопасность. Расскажу о проблемах, с которыми мы столкнулись (у нас больше 130 API GWы и 600 Lamdas) за последние 2 года, и какие планы на модернизацию текущего решения.
DevOps Fest 2020. Александр Глущенко. Modern Enterprise Network Architecture ...DevOps_Fest
При разработке и сопровождении enterprise продуктов в AWS Cloud мы всегда сталкиваемся со сложностями в разработке архитектуры сети, которая будет объединять множество AWS аккаунтов и сервисов и отвечать требованиям высокой доступности, безопасности и regulatory compliance. В данном докладе я хочу поделиться со слушателями своим опытом и привести примеры готовых шаблонов масштабируемой, безопасной архитектуры между несколькими учетными записями
DevOps Fest 2020. Виталий Складчиков. Сквозь монолитный enterprise к микросер...DevOps_Fest
В своем выступлении я хочу пригласить участников взглянуть на банк как на современную компанию. Я хотел бы показать наш путь от монолитной архитектуры к микросервисам. Это не типичная статья истории трансформации с Интренета. Это наш маленький прорыв в устоявшейся архитектуре многих банков.
Прежде всего вы можете увидеть шаги от SOA (Enterprise Service Bus) к MSA (Docker, Kubernetes).
DevOps Fest 2020. Денис Медведенко. Управление сложными многокомпонентными ин...DevOps_Fest
В этом докладе мы поговорим о разворачивании инфраструктуры для Azure Service Fabric c помощью инструмента Terraform. Мы расскажем о составляющих инфраструктуры и сложностях, с которыми мы столкнулись при работе с ней. Также вы узнаете о том, как запускается процесс CI/CD для Azure Service Fabric.
DevOps Fest 2020. Павел Галушко. Что делать devops'у если у вас захотели mach...DevOps_Fest
Все у вас хорошо, ci крутится, cd мутится, веб бегает стабильно и жизнь наладилась. Но приходит светлая идея в голову руководителя что надо использовать ML или проект новый с этой новой чудо технологией (вообще она не новая, но это опустим). Что вам надо делать, куда бежать, что смотреть и как со всем этим жить.
DevOps Fest 2020. Сергей Абаничев. Modern CI\CD pipeline with Azure DevOpsDevOps_Fest
Создавайте и тестируйте приложения на любом языке программирования, разворачивайте их в любых облачных провайдерах или локальных средах. Запускайте параллельно на Linux, macOS и Windows, разворачивайте контейнеры на отдельных узлах или в Kubernetes. Все это возможно с помощью одного инструмента - Azure DevOps Services. Он обеспечивает полное покрытие DevOps с помощью одного приложения.
В этом докладе мы рассмотрим решение Microsoft, которое позволяет избежать использования десятков различных инструментов для доставки приложения конечным пользователям
DevOps Fest 2020. Philipp Krenn. Scale Your Auditing EventsDevOps_Fest
The Linux Audit daemon is responsible for writing audit records to the disk, which you can then access with ausearch and aureport. However, it turned out that parsing and centralizing these records is not as easy as you would hope. Elastic's new Auditbeat fixes this by keeping the original configuration, but ships them to a centralized location where you can easily visualize all events. You can also use Auditbeat to detect changes to critical files, like binaries and configuration files, and identify potential security policy violations.
This talk shows you what can you do to discover changes, events, and potential security breaches as soon as possible on interactive dashboards. Additionally, we are combining Auditd events with logs, which are security-relevant, and explore them in Elastic's free SIEM.
DevOps Fest 2020. Володимир Мельник. TuchaKube - перша українська DevOps/Host...DevOps_Fest
TuchaKube - платформа, яка забезпечує автоматизацію CI/CD-процесів та хостинг контейнерів у Kubernetes-кластері. Платформа дозволяє тримати код аплікацій в наданому платформою Git-репозиторії, керувати процесом розробки за допомогою наданого платформою GitLab, автоматично запускати компіляцію, тестування та деполймент в Kubernetes-кластер. Доповідь містить опис принципів роботи платформи та коротку демонстрацію основних функцій.
DevOps Fest 2020. Денис Васильев. Let's make it KUL! Kubernetes Ultra LightDevOps_Fest
Если 2019 год был громким призывом Let's KIK It!
и в индустрии жарко обсуждали стек Kubernetes, Istio и Knative, то 2020 обещает стать годом выхода на сцену больших Telco.
Тенденция быть Smart и 5G-Ready порождает целую нишу вызовов, специальных решений и подходов. Раскрывет новые возможности на базе Kubernetes, IOT, Multiaccess Edge Computing (MEC), Embedded Computing, Serverless.
На границе (Edge) Telco, Automotive и Smart Services для такой трансформаци в телеком индустрии уже требуются специалисты и соответствующий стек.
Предлагаю обсудить современные тенденции в телеком, рассмотреть в действии экосистему KUL: Kubernetes Ultra Light. На основе стека K3S, ультралегкой ServiceMesh Gloo и Serverless системы OpenFaaS, мы продемострируем реальный пример сервиса для SmartCity.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
The Indian economy is classified into different sectors to simplify the analysis and understanding of economic activities. For Class 10, it's essential to grasp the sectors of the Indian economy, understand their characteristics, and recognize their importance. This guide will provide detailed notes on the Sectors of the Indian Economy Class 10, using specific long-tail keywords to enhance comprehension.
For more information, visit-www.vavaclasses.com
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
Synthetic Fiber Construction in lab .pptxPavel ( NSTU)
Synthetic fiber production is a fascinating and complex field that blends chemistry, engineering, and environmental science. By understanding these aspects, students can gain a comprehensive view of synthetic fiber production, its impact on society and the environment, and the potential for future innovations. Synthetic fibers play a crucial role in modern society, impacting various aspects of daily life, industry, and the environment. ynthetic fibers are integral to modern life, offering a range of benefits from cost-effectiveness and versatility to innovative applications and performance characteristics. While they pose environmental challenges, ongoing research and development aim to create more sustainable and eco-friendly alternatives. Understanding the importance of synthetic fibers helps in appreciating their role in the economy, industry, and daily life, while also emphasizing the need for sustainable practices and innovation.
28. ModSecurity is an open source, cross-platform web application
firewall (WAF) module. Known as the "Swiss Army Knife" of WAFs,
it enables web application defenders to gain visibility into HTTP(S)
traffic and provides a power rules language and API to implement
advanced protections.
@xeraa
29. OWASP ModSecurity Core Rule Set (CRS) Version 3
• HTTP Protocol Protection
• Real-time Blacklist Lookups
• HTTP Denial of Service Protections
• Generic Web Attack Protection
• Error Detection and Hiding
@xeraa
30. Commercial Rules from Trustwave SpiderLabs
• Virtual Patching
• IP Reputation
• Web-based Malware Detection
• Webshell / Backdoor Detection
• Botnet Attack Detection
• HTTP Denial of Service (DoS) Attack Detection
@xeraa
31. Run sqlmap again
python sqlmap.py --url "https://xeraa.wtf/read.php:8080?
id=1" --purge
@xeraa