These are the slides that were be presented at a GlobalSign customer event in Leuven on September 16, 2014. In my talk, I explained why digital signatures are important. I introduced the audience to the basic concepts used when signing documents and showed how these concepts are used in the context of PDF. Furthermore, I discussed different architectures to implement a digital signature solution, as well as how digital signatures can be used in a workflow and how we can create digital signatures for the long term.
This Crypto 101 covers:
1. The basics – what is crypto and why was it created?
2. Story of webs and waves (From Web 1.0 to Web 3.0)
3. Taxonomy of crypto land
4. Crypto Business Models
5. Regulatory responses
6. Differences in investing in crypto vs regular startups
7. Glossary & Resources
This Crypto 101 covers:
1. The basics – what is crypto and why was it created?
2. Story of webs and waves (From Web 1.0 to Web 3.0)
3. Taxonomy of crypto land
4. Crypto Business Models
5. Regulatory responses
6. Differences in investing in crypto vs regular startups
7. Glossary & Resources
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...Simplilearn
This presentation on Ethereum will help you understand what is Ethereum, Ethereum features which includes cryptocurrency, smart contracts, Ethereum virtual machine, decentralized application, decentralized autonomous organization, applications of Ethereum and at the end you will see a demo on smart contract. Ethereum is a blockchain based distributed computing platform that enables developers to build and deploy their decentralized applications. Ether(ETH) is a cryptocurrency that runs on Ethereum network. It is used to pay for the computational resources and transaction fees on the Ethereum network. Ether can be utilized for building decentralized applications, smart contracts and making standard peer to peer payments. Now, lets deep dive into these slides and understand what is Ethereum and how does it work.
Below topics are explained in this Ethereum presentation:
1. What is Ethereum?
2. Ethereum features
- Cryptocurrency
- Smart contract
- Ethereum virtual machine
- Decentralized application
- Decentralized autonomous organization
3. Applications of Ethereum
4. Demo - Smart contract
Simplilearn’s Blockchain Certification Training has been designed for developers who want to decipher the global craze surrounding Blockchain, Bitcoin and cryptocurrencies. You’ll learn the core structure and technical mechanisms of Bitcoin, Ethereum, Hyperledger and Multichain Blockchain platforms, use the latest tools to build Blockchain applications, set up your own private Blockchain, deploy smart contracts on Ethereum and gain practical experience with real-world projects.
Why learn Blockchain?
Blockchain technology is the brainchild of Satoshi Nakamoto, which enables digital information to be distributed. A network of computing nodes makes up the Blockchain. Durability, robustness, success rate, transparency, incorruptibility are some of the enticing characteristics of Blockchain. By design, Blockchain is a decentralized technology which is used by a global network of the computer to manage Bitcoin transactions easily. Many new business applications will result in the usage of Blockchain such as Crowdfunding, smart contracts, supply chain auditing, Internet of Things(IoT), etc.
The Blockchain Certification Training Course is recommended for:
1. Developers
2. Technologists interested in learning Ethereum, Hyperledger and Blockchain
3. Technology architects wanting to expand their skills to Blockchain technology
4. Professionals curious to learn how Blockchain technology can change the way we do business
5. Entrepreneurs with technology background interested in realizing their business ideas on the Blockchain
Learn more at: https://www.simplilearn.com/
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
Although web application firewall (WAF) solutions are very useful to prevent common or automated attacks, most of them are based on blacklist approaches and are still far from perfect. This talk illustrates a number of creative techniques to smuggle and reshape HTTP requests using the strange behaviour of web servers and features such as request encoding or HTTP pipelining. These methods can come in handy when testing a website behind a WAF and can help penetration testers and bug bounty hunters to avoid drama and pain! Knowing these techniques is also beneficial for the defence team in order to design appropriate mitigation techniques. Additionally, it shows why developers should not solely rely on WAFs as the defence mechanism.
Finally, an open source Burp Suite extension will be introduced that can be used to assess or bypass a WAF solution using some of the techniques discussed in this talk. The plan is to keep improving this extension with the help of the http.ninja project.
Litecoin Genesis Date - October 7, 2011
Founder Charlie Lee, a former Google and Coinbase employee.
Litecoin reached a $1 billion marketcap in November 2013.[
In May 2017, Litecoin became the first of the top-5 (by market cap) cryptocurrencies to adopt Segregated Witness .
Later in May of the same year, the first Lightning Network transaction was completed through litecoin, transferring 0.00000001 LTC from Zurich to San Francisco in under one second.
Ethereum virtual machine for Developers Part 1ArcBlock
Learn all about Ethereum Virtual Machines and how they work including basic concepts, smart contracts, best practices for developers and next steps to support various uses cases.
https://www.arcblock.io
More info: https://blockchainhub.net/
Blockchain for Beginners: Blockchain history, state of development, outlook & current challenges #bitcoin #ethereum #smartcontracts
Learn how to gain intereset on your cryptocurrency by using certain services and wallets to help validate transactions. It's a pretty cool aspect of blockchain, crypto, and Proof of Stake algorithms.
Triple Entry Accounting: A BlockChain Use Case for Banks With R3 CordaDebajani Mohanty
Nine years on, yet BlockChain is still into infancy. People even now are shy regarding implementing BlockChain into existing projects and being benefited by the tremendous opportunities it could bring. This video explains an use case "Triple Entry Accounting" implemented on a distributed ledger tech product that would bring down cost, time of execution and complexities for transactions between different parties.
A Blockchain is nothing more than a database. Blockchain offers many advantages as compared to other databases. It has a decentralized structure with no single point of failure and the data stored on the Blockchain is completely tamper proof.
Introduction to Ethereum Blockchain & Smart ContractThanh Nguyen
The Harvard Business Review (HBR) thinks that Blockchain Technology has to power to keep data safe for consumers and businesses alike; because Blockchain provides a secure and immutable ledger, HBR says it represents the key to taking back privacy of data.
“You can keep certified copies of identity documents, biometric test results, health data, or academic and training certificates online, available at all times, yet safe unless you give away your key. At a whole system level, the database is very secure.”
PAdES signatures in iText and the road aheadiText Group nv
iText Summit 2012, talk by Paulo Soares. Note that the plans that are discussed in these slides were already implemented. See also http://itextpdf.com/book/digitalsignatures
Ethereum Tutorial - Ethereum Explained | What is Ethereum? | Ethereum Explain...Simplilearn
This presentation on Ethereum will help you understand what is Ethereum, Ethereum features which includes cryptocurrency, smart contracts, Ethereum virtual machine, decentralized application, decentralized autonomous organization, applications of Ethereum and at the end you will see a demo on smart contract. Ethereum is a blockchain based distributed computing platform that enables developers to build and deploy their decentralized applications. Ether(ETH) is a cryptocurrency that runs on Ethereum network. It is used to pay for the computational resources and transaction fees on the Ethereum network. Ether can be utilized for building decentralized applications, smart contracts and making standard peer to peer payments. Now, lets deep dive into these slides and understand what is Ethereum and how does it work.
Below topics are explained in this Ethereum presentation:
1. What is Ethereum?
2. Ethereum features
- Cryptocurrency
- Smart contract
- Ethereum virtual machine
- Decentralized application
- Decentralized autonomous organization
3. Applications of Ethereum
4. Demo - Smart contract
Simplilearn’s Blockchain Certification Training has been designed for developers who want to decipher the global craze surrounding Blockchain, Bitcoin and cryptocurrencies. You’ll learn the core structure and technical mechanisms of Bitcoin, Ethereum, Hyperledger and Multichain Blockchain platforms, use the latest tools to build Blockchain applications, set up your own private Blockchain, deploy smart contracts on Ethereum and gain practical experience with real-world projects.
Why learn Blockchain?
Blockchain technology is the brainchild of Satoshi Nakamoto, which enables digital information to be distributed. A network of computing nodes makes up the Blockchain. Durability, robustness, success rate, transparency, incorruptibility are some of the enticing characteristics of Blockchain. By design, Blockchain is a decentralized technology which is used by a global network of the computer to manage Bitcoin transactions easily. Many new business applications will result in the usage of Blockchain such as Crowdfunding, smart contracts, supply chain auditing, Internet of Things(IoT), etc.
The Blockchain Certification Training Course is recommended for:
1. Developers
2. Technologists interested in learning Ethereum, Hyperledger and Blockchain
3. Technology architects wanting to expand their skills to Blockchain technology
4. Professionals curious to learn how Blockchain technology can change the way we do business
5. Entrepreneurs with technology background interested in realizing their business ideas on the Blockchain
Learn more at: https://www.simplilearn.com/
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
Although web application firewall (WAF) solutions are very useful to prevent common or automated attacks, most of them are based on blacklist approaches and are still far from perfect. This talk illustrates a number of creative techniques to smuggle and reshape HTTP requests using the strange behaviour of web servers and features such as request encoding or HTTP pipelining. These methods can come in handy when testing a website behind a WAF and can help penetration testers and bug bounty hunters to avoid drama and pain! Knowing these techniques is also beneficial for the defence team in order to design appropriate mitigation techniques. Additionally, it shows why developers should not solely rely on WAFs as the defence mechanism.
Finally, an open source Burp Suite extension will be introduced that can be used to assess or bypass a WAF solution using some of the techniques discussed in this talk. The plan is to keep improving this extension with the help of the http.ninja project.
Litecoin Genesis Date - October 7, 2011
Founder Charlie Lee, a former Google and Coinbase employee.
Litecoin reached a $1 billion marketcap in November 2013.[
In May 2017, Litecoin became the first of the top-5 (by market cap) cryptocurrencies to adopt Segregated Witness .
Later in May of the same year, the first Lightning Network transaction was completed through litecoin, transferring 0.00000001 LTC from Zurich to San Francisco in under one second.
Ethereum virtual machine for Developers Part 1ArcBlock
Learn all about Ethereum Virtual Machines and how they work including basic concepts, smart contracts, best practices for developers and next steps to support various uses cases.
https://www.arcblock.io
More info: https://blockchainhub.net/
Blockchain for Beginners: Blockchain history, state of development, outlook & current challenges #bitcoin #ethereum #smartcontracts
Learn how to gain intereset on your cryptocurrency by using certain services and wallets to help validate transactions. It's a pretty cool aspect of blockchain, crypto, and Proof of Stake algorithms.
Triple Entry Accounting: A BlockChain Use Case for Banks With R3 CordaDebajani Mohanty
Nine years on, yet BlockChain is still into infancy. People even now are shy regarding implementing BlockChain into existing projects and being benefited by the tremendous opportunities it could bring. This video explains an use case "Triple Entry Accounting" implemented on a distributed ledger tech product that would bring down cost, time of execution and complexities for transactions between different parties.
A Blockchain is nothing more than a database. Blockchain offers many advantages as compared to other databases. It has a decentralized structure with no single point of failure and the data stored on the Blockchain is completely tamper proof.
Introduction to Ethereum Blockchain & Smart ContractThanh Nguyen
The Harvard Business Review (HBR) thinks that Blockchain Technology has to power to keep data safe for consumers and businesses alike; because Blockchain provides a secure and immutable ledger, HBR says it represents the key to taking back privacy of data.
“You can keep certified copies of identity documents, biometric test results, health data, or academic and training certificates online, available at all times, yet safe unless you give away your key. At a whole system level, the database is very secure.”
PAdES signatures in iText and the road aheadiText Group nv
iText Summit 2012, talk by Paulo Soares. Note that the plans that are discussed in these slides were already implemented. See also http://itextpdf.com/book/digitalsignatures
In this presentation, you get an overview of what ZUGFeRD, a standard for e-invoices developed by the Forum elektronische Rechnung Deutschland is about. We look at XML standards for business, at PDF standards for archiving and we learn how ZUGFeRD combines both. We also look beyond ZUGFeRD at standards for digital signing.
Digital Signatures in the Cloud: A B2C Case StudyiText Group nv
If you are a solution architect, or a business strategist new to digital signatures, this webinar will give you an overview of the components needed to build an end-to-end digital signature solution in-house, including PDF document workflows and document signing certificates.
Digital Signatures solution by ComsignTrustZeev Shetach
ComsignTrust digital signature solutions allow your organization to use the digital signature technology for securing, automating and controlling your entire document signing to make it more efficient and far more cost effective. *Highly secure *Advanced *To serve many signing needs
Lessons Learned from Building Enterprise APIs (Gustaf Nyman)Nordic APIs
This is a session given by Gustaf Nyman at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
In enterprises the majority of APIs are internal and may count in hundreds. APIs are often implemented in and used from a variety of languages and platforms, and legacy system and protocols are ever-present. As APIs are increasingly part of business strategies, API management becomes an important concern of the whole organisation.
Gustaf has spent more than 15 years building API infrastructure for enterprises. In this talk, he shares his thoughts on designing and implementing a long-lasting API management strategy.
An overview of how electronic signature objects are generated and used within PDF documents including the overview of Aodbe LiveCycle ES's ability to programmatically work with them server side.
Thawte Code Signing Certificate Feature and BenefitsCodeSigningStore
slide by slide explanation of features and benefits of the Thawte Code Signing Certificate. Know why Thawte is the perfect option to sign the software/application codes and scripts.
Implementing Digital Signatures in an FDA-Regulated EnvironmentPerficient, Inc.
Perficient’s life sciences practice once had a manual, time-consuming and expensive process for signing and collecting validation documents. From handwritten signatures to scanning and shipping documents all over the globe, it was only a matter of time before we made the move to 21 CFR Part 11-compliant digital signatures.
Michelle Engler, an expert in the development of clinical applications, discussed our experience implementing a digital signature solution and how your organization can benefit from one too.
During the presentation, we will covered:
-Cost-benefit analysis
-Solution selection and implementation
-21 CFR Part 11 system validation
-Lessons learned
We need to protect our Internet communication - from basic web surfing to IP telephony, E-mail and Internet of things. This presentation gives some background and introduces one of the core security protocols - TLS, Transport Layer Security. This presentation is licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.
Update: See http://www.slideshare.net/oej/morecrypto-with-tis-version-20
This presentation is a tutorial intro to DANE (DNS Authentication of Named Entities). It describes the root problem, a possible solution using DANE, and briefly shows how you can starting using DANE and TLSA records yourself.
Heartbleed Bug Vulnerability: Discovery, Impact and SolutionCASCouncil
Join the CASC Wednesday April 30 for a Google+ hangout on the Heartbleed Bug. We’ll cover everything from what the bug does to how to tell if your site is at risk and how certificate authorities are responding.
Panel of CASC members:
• Robin Alden- Comodo
• Jeremy Rowley- DigiCert
• Bruce Morton- Entrust
• Rick Andrews- Symantec
• Wayne Thayer- Go Daddy
Watch the recording: http://bit.ly/1jAQCtk
VoIP Wars: Destroying Jar Jar Lync (Unfiltered version)Fatih Ozavci
Enterprise companies are increasingly using Microsoft Lync 2010/2013 (a.k.a Skype for Business 2015) services as call centre, internal communication, cloud communication and video conference platform. These services are based on the VoIP and instant messaging protocols, and support multiple client types such as Microsoft Office 365, Microsoft Lync, Skype for Business, IP phones and teleconference devices. Also the official clients are available for mobile devices (e.g. Windows phone, Android and iOS), desktops (Mac, Linux and Windows) and web applications developed with .NET framework. Although the Microsoft Lync platform has been developed along with the new technologies, it still suffers from old VoIP, teleconference and platform issues.
Modern VoIP attacks can be used to attack Microsoft Lync environments to obtain unauthorised access to the infrastructure. Open MS Lync frontend and edge servers, insecure federation security design, lack of encryption, insufficient defence for VoIP attacks and insecure compatibility options may allow attackers to hijack enterprise communications. The enterprise users and employees are also the next generation targets for these attackers. They can attack client soft phones and handsets using the broken communication, invalid protocol options and malicious messaging content to compromise sensitive business assets. These attacks may lead to privacy violations, legal issues, call/toll fraud and intelligence collection.
Attack vectors and practical threats against the Microsoft Lync ecosystem will be presented with newly published vulnerabilities and Microsoft Lync testing modules of the Viproy VoIP kit developed by the speaker. This will be accompanied by live demonstrations against a test environment.
• A brief introduction to Microsoft Lync ecosystem
• Security requirements, design vulnerabilities and priorities
• Modern threats against commercial Microsoft Lync services
• Demonstration of new attack vectors against target test platform
apidays LIVE Australia 2021 - Levelling up database security by thinking in A...apidays
apidays LIVE Australia 2021 - Accelerating Digital
September 15 & 16, 2021
Levelling up database security by thinking in APIs
Lindsay Holmwood, Chief Product Officer at Cipherstash
Similar to Digital Signatures: how it's done in PDF (20)
IANAL: what developers should know about IP and LegaliText Group nv
These are the slides of the Java One talk by Bruno Lowagie on Wednesday October 28 at 10 AM in Imperial Ballroom A at the Hilton in San Francisco.
Bruno will discuss topics such as open source licenses, intellectual property, trademarks and software patents. Bruno isn't a lawyer, but he'll share his experience with legal issues as a developer.
iText Summit 2014: Talk: iText throughout the document life cycleiText Group nv
iText throughout the document life cycle
By Klaas Bals, Inventive Group
iText can be used in virtually any step in the document life cycle. During this talk we will show you how we use a WYSIWYG editor to design, create, transform, sign and store PDF-files with iText and how it brings value to customers like the Belgian Federal Department of Finance, The city of Antwerp, Johnson&Johnson, and the National Pensions Office.
iText Summit 2014: Talk: eGriffie and JustX, introducing digital documents at...iText Group nv
Templates for PDF
iText strategies for the mass production of documents based on templates: two user stories presented by iText customers.
There are different ways to create high volumes of PDF:
- You can create the PDFs from scratch (the program is the template)
- You can fill out PDF forms based on AcroForm technology (the template is static)
- You can use an XML-based format as a template (XSL:FO, XHTML and CSS, custom XML)
- You can use a dynamic XFA form (the XML Forms Architecture)
In this session, we will give the floor to two of our customers, one that uses the core iText to create documents, one that uses XFA Worker, a tool built on top of iText.
Project for Governement: creating PDF using the XML Forms Architecture
By Pieter Robberechts, CSC
CSC has developed applications to automate Belgian Governmental tasks, more specifically Juridical tasks that are time consuming and error sensitive because of human input.
The fully automated 'E-griffie’ application renders juridical and legal forms, injecting XML into dynamic XFA templates that are then flattened into PDF/A documents using iText. Another application, JustX is an authentic Source Judgement Database to streamline information.
Damn, the new generation kids are getting iPads in Highschool!iText Group nv
A Google App Engine platform connected to a native iPad solution distributing books and content, presented at the iText Summit 2012 by Kars Veling, Owner Q42 Internet BV.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
State of ICS and IoT Cyber Threat Landscape Report 2024 previewPrayukth K V
The IoT and OT threat landscape report has been prepared by the Threat Research Team at Sectrio using data from Sectrio, cyber threat intelligence farming facilities spread across over 85 cities around the world. In addition, Sectrio also runs AI-based advanced threat and payload engagement facilities that serve as sinks to attract and engage sophisticated threat actors, and newer malware including new variants and latent threats that are at an earlier stage of development.
The latest edition of the OT/ICS and IoT security Threat Landscape Report 2024 also covers:
State of global ICS asset and network exposure
Sectoral targets and attacks as well as the cost of ransom
Global APT activity, AI usage, actor and tactic profiles, and implications
Rise in volumes of AI-powered cyberattacks
Major cyber events in 2024
Malware and malicious payload trends
Cyberattack types and targets
Vulnerability exploit attempts on CVEs
Attacks on counties – USA
Expansion of bot farms – how, where, and why
In-depth analysis of the cyber threat landscape across North America, South America, Europe, APAC, and the Middle East
Why are attacks on smart factories rising?
Cyber risk predictions
Axis of attacks – Europe
Systemic attacks in the Middle East
Download the full report from here:
https://sectrio.com/resources/ot-threat-landscape-reports/sectrio-releases-ot-ics-and-iot-security-threat-landscape-report-2024/
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
Here is something new! In our next Connector Corner webinar, we will demonstrate how you can use a single workflow to:
Create a campaign using Mailchimp with merge tags/fields
Send an interactive Slack channel message (using buttons)
Have the message received by managers and peers along with a test email for review
But there’s more:
In a second workflow supporting the same use case, you’ll see:
Your campaign sent to target colleagues for approval
If the “Approve” button is clicked, a Jira/Zendesk ticket is created for the marketing design team
But—if the “Reject” button is pushed, colleagues will be alerted via Slack message
Join us to learn more about this new, human-in-the-loop capability, brought to you by Integration Service connectors.
And...
Speakers:
Akshay Agnihotri, Product Manager
Charlie Greenberg, Host
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Tobias Schneck
As AI technology is pushing into IT I was wondering myself, as an “infrastructure container kubernetes guy”, how get this fancy AI technology get managed from an infrastructure operational view? Is it possible to apply our lovely cloud native principals as well? What benefit’s both technologies could bring to each other?
Let me take this questions and provide you a short journey through existing deployment models and use cases for AI software. On practical examples, we discuss what cloud/on-premise strategy we may need for applying it to our own infrastructure to get it to work from an enterprise perspective. I want to give an overview about infrastructure requirements and technologies, what could be beneficial or limiting your AI use cases in an enterprise environment. An interactive Demo will give you some insides, what approaches I got already working for real.
3. Shareholders:
-Ingeborg Willaert (50%)
-Bruno Lowagie (50%)
iText Group NV
°2008 Belgium
IP, TM, Development
Marketing
iText Software BVBA
°2011 Belgium
Sales EMEA/Asia
iText Software Corp.
°2009 USA (CA/MA)
Sales Americas/Oceania
Board of Directors:
-Peter Camps (chairman)
-Ingeborg Willaert
-Bruno Lowagie
Advisory Board:
-Andrew Binstock
-Mark de Visser
-Bernard Slede
iTextGroup
Benelux: 10th place
Belgium: 3rd place
4. Agenda
•Why do we need digital signatures?
•Basic concepts…
•… applied to PDF
•Architectures: server-side vs. client-side
•Digital signatures and document workflow
•Long term validation
9. Three goals
•Integrity —we want assurance that the document hasn’t been changed somewhere in the workflow
•Authenticity —we want assurance that the author of the document is who we think it is (and not somebody else)
•Non-repudiation —we want assurance that the author can’t deny his authorship.
11. Concept 1: Hashing
•Hashing algorithm:
•a cryptographic hash function to turn an arbitrary block of data into a fixed-size bit string.
•Available algorithms:
•MD5: Ron Rivest
•SHA:
•SHA-1: NSA (Being phased out!)
•SHA-2: NSA / NIST
•NEW: SHA-3 contest winner “Keccak”
•RIPEMD: KULeuven
12. Concept 1: Integrity check using hash
Document
Generate Hash
AF1B4C...D34E
Secure Server / Website
Retrieve Hash
AF1B4C...D34E
Compare!
14. Some name dropping
•Public Key Cryptography Standards
•PKCS#1: RSA Cryptography Standard (Rivest, Shamir, Adleman)
•PKCS#7: Cryptographic Message Standard (CMS)
•PKCS#11: Cryptographic Token Interface
•PKCS#12: PersonalInformation Exchange SyntaxStandard
•PKCS#13: Elliptic Curve Cryptography Standard (ECDSA)
•Federal Information Processing Standards (FIPS)
•DSA: Digital Signature Algorithm (DSA)
•European Telecommunications Standards Institute (ETSI)
•CMS Advanced Electronic Signatures (CAdES)
15. Concept 1 + Concept 2
•Producer
•Provides data as-is
•Provides hash encrypted using private key
•Provides public key
•Consumer
•Creates hash from data: hash1
•Decrypts hash using public key: hash2
•If (hash1== hash2) document OK!
16. Goals met?
•Integrity:
•hashes are identical
•Authenticity:
•identity found along with public key
•Non-repudiation:
•if hash can be decrypted with public key, the document was signed with the corresponding private key
17. Differences between EU and US
•In the US, we make a distinction:
•Electronic signatures don’t necessarily involve PKI
•Digital signatures when a PKI infrastructure is involved
•In Europe, we speak of electronic signatures
•As a synonymfor digital signatures
•All laws and regulations take this wording
•There’s no sharp distinction between electronic and digital signatures (which leads to confusion)
•I always speak of digital signatures
19. Standards
•ISO
•ISO-32000-1 (2008) based on PDF 1.7 (2006)
•ISO-32000-2 will define PDF 2.0 (2016)
•ETSI: TS 102 778 (2009 -2010)
•PAdES1: Overview
•PAdES2: Basic –CMS based (ISO-32000-1)
•PAdES3: Enhanced –CAdESbased (ISO-32000-2)
•PAdES4: LTV –Long Term Validation
•PAdES5: XAdESbased (XML content)
•PAdES6: Visual representation guidelines
•ETSI: TS 103 172 (2011 -2013)
•PAdESBaseline Profile
20. Signatures in PDF
•There are no bytes in the PDF that aren’t covered, other than the PDF signature itself. (*)
•The digital signature isn’t part of the ByteRange.
•The concept “to initial a document” doesn’t exist; you sign the complete document at once, not on a page per page basis. (*)
21. Some PDF terminology
•Signature field:
•Visualisation (onewidget annotation)
•Extra info about signature (Lock, SV)
•/V refers to the signature dictionary
•Signing:
•Creating an /APfor the widget annotation
•Creating a signature dictionary for /V
22. What’s inside the signature?
%PDF-1.x
...
/ByteRange ...
/Contents<
>...
%%EOF
DIGITAL SIGNATURE
•Signed Message Digest
•Certificatechain
•Revocation information
•Timestamp
ISO-32000-2:
At minimum the PKCS#7 object shall include the signer’s X.509 signing certificate. This certificate shall be used to verify the signature value in /Contents.
Best practices (“should” also have):
•Full certificate chain
•Revocation information (CRL / OCSP)
•Timestamp
27. Use cases client-side signing
•Desktop applications
•Adobe Acrobat Pro
•Adobe Reader (only for Reader-enabled documents)
•Home made, e.g. using iText
•In a web context
•The PDF software runs on the client, e.g. using Java Web Start
•Access to the token or smart card through
•MSCAPI
•PKCS#11
•Custom smart card library
•Security
•User has smart card and PIN or USB token and passphrase
28. Deferred signing
Signed Message Digest
App
Device
CLIENT
<</Type/Sig/
/Contents <
%PDF-1.x
...
...
%%EOF
>>>
Application
SERVER
29. Use cases deferred signing
•Signing on an iPad / Tablet
•App on the device has low footprint
•Easy to link to integrate into a document management system
•Disadvantage
•You need to trust the server that the hash you receive is actually the hash of the document you want to sign
•Common Criteria
•a framework in which computer system users can specifytheir security functionaland assurancerequirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs), vendors can then implementand/or make claims about the security attributes of their products, and testing laboratories can evaluatethe products to determine if they actually meet the claims.
31. Digital signatures: types
•Certification (aka author) signature
•only possible for the first revision (*)
•involves modification detection permissions:
•No changes allowed
•Form filling and signing allowed
•Form filling, signing and commenting allowed
•Approval (aka recipient) signature
•workflow with subsequent signers
•New in PDF 2.0: modification detection permissions
•Usage Rights signature
•involving Adobe’s private key to Reader enable a PDF
32. Other possible icons
•Signer’s identity is unknown
•Document has been altered or corrupted
33. Serial signatures
%PDF-1.x
%Originaldocument
% Additional content 1
...
...
%%EOF
DIGITAL SIGNATURE 1
...
%%EOF
DIGITAL SIGNATURE 2
% Additional content 2
...
...
%%EOF
DIGITAL SIGNATURE 3
Rev1
Rev2
Rev3
A PDF document can be signed more than once, but parallel signatures aren’t supported, only serial signatures: additional signatures sign all previous signatures.
46. What to do when:
•There’s no CRL/OCSP/TS in the document?
•The certificate is about to expire in one of your documents?
•The hashing / encryption algorithm is about to be deprecated?
47. Document Security Store
%PDF-1.x
...
/ByteRange ...
/Contents<
>...
%%EOF
DIGITAL SIGNATURE
•Signed Message Digest
•Certificate
%PDF-1.x
...
/ByteRange ...
/Contents<
>...
%%EOF
DSS for DIGITAL SIGNATURE
•VRI, Certs, OCSPs, CRLs
DIGITAL SIGNATURE
•Signed Message Digest
•Certificate
48. Document-level timestamp
%PDF-1.x
...
/ByteRange ...
/Contents<
>...
%%EOF
DSS for DIGITAL SIGNATURE
•VRI, Certs, OCSPs, CRLs
%PDF-1.x
...
/ByteRange ...
/Contents<
>...
%%EOF
DSS for DIGITAL SIGNATURE
•VRI, Certs, OCSPs, CRLs
DOCUMENT TIMESTAMP TS1
ETSI.RFC3161
DIGITAL SIGNATURE
•Signed Message Digest
•Certificate
DIGITAL SIGNATURE
•Signed Message Digest
•Certificate
49. Repeat as soon as needed
%PDF-1.x
...
/ByteRange ...
/Contents<
>...
%%EOF
DSS for DIGITAL SIGNATURE
•VRI, Certs, OCSPs, CRLs
DOCUMENT TIMESTAMP TS1
%PDF-1.x
...
/ByteRange ...
/Contents<
>...
%%EOF
DSS for DIGITAL SIGNATURE
•VRI, Certs, OCSPs, CRLs
DOCUMENT TIMESTAMP TS1
DSS for TS1
DOCUMENT TIMESTAMP TS2
DIGITAL SIGNATURE
•Signed Message Digest
•Certificate
DIGITAL SIGNATURE
•Signed Message Digest
•Certificate